/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
237.2.24 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
237.7.174 by Teddy Hogeborn
* Makefile (CFLAGS, LDFLAGS): Keep default flags from environment.
12
 * Copyright © 2008-2013 Teddy Hogeborn
13
 * Copyright © 2008-2013 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
237.11.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
29
 * Contact the authors at <mandos@recompile.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
237.7.136 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Eliminate
44
#include <stdint.h> 		/* uint16_t, uint32_t, intptr_t */
24.1.26 by Björn Påhlsson
tally count of used symbols
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, srand(),
47
				   strtof(), abort() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
56
#include <sys/stat.h>		/* open(), S_ISREG */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
58
				   inet_pton(), connect(),
59
				   getnameinfo() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
60
#include <fcntl.h>		/* open() */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
61
#include <dirent.h>		/* opendir(), struct dirent, readdir()
62
				 */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
63
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
64
				   strtoimax() */
237.7.33 by Teddy Hogeborn
Merge from Björn.
65
#include <errno.h>		/* perror(), errno,
66
				   program_invocation_short_name */
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
67
#include <time.h>		/* nanosleep(), time(), sleep() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
68
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
69
				   SIOCSIFFLAGS, if_indextoname(),
70
				   if_nametoindex(), IF_NAMESIZE */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
71
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
72
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
74
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
75
				   getuid(), getgid(), seteuid(),
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
76
				   setgid(), pause(), _exit() */
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
77
#include <arpa/inet.h>		/* inet_pton(), htons() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
78
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
79
#include <argp.h>		/* struct argp_option, error_t, struct
80
				   argp_state, struct argp,
81
				   argp_parse(), ARGP_KEY_ARG,
82
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
237.2.70 by Teddy Hogeborn
Merge from Björn:
83
#include <signal.h>		/* sigemptyset(), sigaddset(),
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
84
				   sigaction(), SIGTERM, sig_atomic_t,
85
				   raise() */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
86
#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
87
				   EX_NOHOST, EX_IOERR, EX_PROTOCOL */
237.16.3 by teddy at bsnet
* plugins.d/mandos-client.c: Prefix all printouts with "Mandos plugin
88
#include <sys/wait.h>		/* waitpid(), WIFEXITED(),
89
				   WEXITSTATUS(), WTERMSIG() */
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
90
#include <grp.h>		/* setgroups() */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
91
#include <argz.h>		/* argz_add_sep(), argz_next(),
92
				   argz_delete(), argz_append(),
93
				   argz_stringify(), argz_add(),
94
				   argz_count() */
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
95
#include <netdb.h>		/* getnameinfo(), NI_NUMERICHOST,
96
				   EAI_SYSTEM, gai_strerror() */
237.2.70 by Teddy Hogeborn
Merge from Björn:
97
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
98
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
99
#include <sys/klog.h> 		/* klogctl() */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
100
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
101
102
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
103
/* All Avahi types, constants and functions
104
 Avahi*, avahi_*,
105
 AVAHI_* */
106
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
107
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
108
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
109
#include <avahi-common/simple-watch.h>
110
#include <avahi-common/malloc.h>
111
#include <avahi-common/error.h>
112
113
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
114
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
115
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
116
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
117
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
118
				   GNUTLS_* */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
119
#include <gnutls/openpgp.h>
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
120
			 /* gnutls_certificate_set_openpgp_key_file(),
121
			    GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
122
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
123
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
124
#include <gpgme.h> 		/* All GPGME types, constants and
125
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
126
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
127
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
128
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
129
130
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
131
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
132
#define PATHDIR "/conf/conf.d/mandos"
133
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
134
#define PUBKEY "pubkey.txt"
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
135
#define HOOKDIR "/lib/mandos/network-hooks.d"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
136
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
137
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
138
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
139
const char *argp_program_version = "mandos-client " VERSION;
237.11.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
140
const char *argp_program_bug_address = "<mandos@recompile.se>";
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
141
static const char sys_class_net[] = "/sys/class/net";
142
char *connect_to = NULL;
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
143
const char *hookdir = HOOKDIR;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
144
uid_t uid = 65534;
145
gid_t gid = 65534;
24.1.10 by Björn Påhlsson
merge commit
146
237.7.33 by Teddy Hogeborn
Merge from Björn.
147
/* Doubly linked list that need to be circularly linked when used */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
148
typedef struct server{
149
  const char *ip;
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
150
  in_port_t port;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
151
  AvahiIfIndex if_index;
152
  int af;
153
  struct timespec last_seen;
154
  struct server *next;
155
  struct server *prev;
156
} server;
157
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
158
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
159
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
160
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
161
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
162
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
163
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
164
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
165
  gpgme_ctx_t ctx;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
166
  server *current_server;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
167
  char *interfaces;
168
  size_t interfaces_size;
24.1.9 by Björn Påhlsson
not working midwork...
169
} mandos_context;
13 by Björn Påhlsson
Added following support:
170
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
171
/* global so signal handler can reach it*/
172
AvahiSimplePoll *simple_poll;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
173
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
174
sig_atomic_t quit_now = 0;
175
int signal_received = 0;
176
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
177
/* Function to use when printing errors */
178
void perror_plus(const char *print_text){
237.7.82 by teddy at bsnet
* plugin-runner.c (add_to_char_array): Added "nonnull" attribute.
179
  int e = errno;
237.7.33 by Teddy Hogeborn
Merge from Björn.
180
  fprintf(stderr, "Mandos plugin %s: ",
181
	  program_invocation_short_name);
237.7.82 by teddy at bsnet
* plugin-runner.c (add_to_char_array): Added "nonnull" attribute.
182
  errno = e;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
183
  perror(print_text);
184
}
185
237.7.80 by teddy at bsnet
* plugins.d/mandos-client.c (fprintf_plus): Check format string.
186
__attribute__((format (gnu_printf, 2, 3)))
237.15.4 by Björn Påhlsson
New convinence error printer: fprintf_plus
187
int fprintf_plus(FILE *stream, const char *format, ...){
188
  va_list ap;
189
  va_start (ap, format);
190
  
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
191
  TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
192
			     program_invocation_short_name));
237.7.170 by Teddy Hogeborn
* debian/control (Build-Depends): Depend on debhelper 8.9.7 for using
193
  return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
237.15.4 by Björn Påhlsson
New convinence error printer: fprintf_plus
194
}
195
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
196
/*
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
197
 * Make additional room in "buffer" for at least BUFFER_SIZE more
198
 * bytes. "buffer_capacity" is how much is currently allocated,
199
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
200
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
201
size_t incbuffer(char **buffer, size_t buffer_length,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
202
		 size_t buffer_capacity){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
203
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
204
    char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
205
    if(new_buf == NULL){
206
      int old_errno = errno;
207
      free(*buffer);
208
      errno = old_errno;
209
      *buffer = NULL;
24.1.10 by Björn Påhlsson
merge commit
210
      return 0;
211
    }
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
212
    *buffer = new_buf;
24.1.10 by Björn Påhlsson
merge commit
213
    buffer_capacity += BUFFER_SIZE;
214
  }
215
  return buffer_capacity;
216
}
217
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
218
/* Add server to set of servers to retry periodically */
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
219
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
220
		int af, server **current_server){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
221
  int ret;
222
  server *new_server = malloc(sizeof(server));
223
  if(new_server == NULL){
224
    perror_plus("malloc");
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
225
    return false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
226
  }
227
  *new_server = (server){ .ip = strdup(ip),
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
228
			  .port = port,
229
			  .if_index = if_index,
230
			  .af = af };
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
231
  if(new_server->ip == NULL){
232
    perror_plus("strdup");
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
233
    return false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
234
  }
237.7.216 by Teddy Hogeborn
Do not add a new server to server list if clock_gettime() fails
235
  ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
236
  if(ret == -1){
237
    perror_plus("clock_gettime");
238
    return false;
239
  }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
240
  /* Special case of first server */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
241
  if(*current_server == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
242
    new_server->next = new_server;
243
    new_server->prev = new_server;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
244
    *current_server = new_server;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
245
  /* Place the new server last in the list */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
246
  } else {
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
247
    new_server->next = *current_server;
248
    new_server->prev = (*current_server)->prev;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
249
    new_server->prev->next = new_server;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
250
    (*current_server)->prev = new_server;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
251
  }
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
252
  return true;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
253
}
254
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
255
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
256
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
257
 */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
258
static bool init_gpgme(const char *seckey, const char *pubkey,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
259
		       const char *tempdir, mandos_context *mc){
13 by Björn Påhlsson
Added following support:
260
  gpgme_error_t rc;
261
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
262
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
263
  /*
237.2.51 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
264
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
265
   */
266
  bool import_key(const char *filename){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
267
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
268
    int fd;
269
    gpgme_data_t pgp_data;
270
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
271
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
272
    if(fd == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
273
      perror_plus("open");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
274
      return false;
275
    }
276
    
277
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
278
    if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
279
      fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
280
		   gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
281
      return false;
282
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
283
    
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
284
    rc = gpgme_op_import(mc->ctx, pgp_data);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
285
    if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
286
      fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
287
		   gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
288
      return false;
289
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
290
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
291
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
292
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
293
      perror_plus("close");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
294
    }
295
    gpgme_data_release(pgp_data);
296
    return true;
297
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
298
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
299
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
300
    fprintf_plus(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
301
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
302
  
13 by Björn Påhlsson
Added following support:
303
  /* Init GPGME */
304
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
305
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
306
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
307
    fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
308
		 gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
309
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
310
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
311
  
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
312
  /* Set GPGME home directory for the OpenPGP engine only */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
313
  rc = gpgme_get_engine_info(&engine_info);
314
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
315
    fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
316
		 gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
317
    return false;
13 by Björn Påhlsson
Added following support:
318
  }
319
  while(engine_info != NULL){
320
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
321
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
322
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
323
      break;
324
    }
325
    engine_info = engine_info->next;
326
  }
327
  if(engine_info == NULL){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
328
    fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
329
		 tempdir);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
330
    return false;
331
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
332
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
333
  /* Create new GPGME "context" */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
334
  rc = gpgme_new(&(mc->ctx));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
335
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
336
    fprintf_plus(stderr, "Mandos plugin mandos-client: "
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
337
		 "bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
338
		 gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
339
    return false;
340
  }
341
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
342
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
343
    return false;
344
  }
345
  
237.2.118 by Teddy Hogeborn
* mandos: White-space fixes only.
346
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
347
}
348
349
/* 
350
 * Decrypt OpenPGP data.
351
 * Returns -1 on error
352
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
353
static ssize_t pgp_packet_decrypt(const char *cryptotext,
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
354
				  size_t crypto_size,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
355
				  char **plaintext,
356
				  mandos_context *mc){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
357
  gpgme_data_t dh_crypto, dh_plain;
358
  gpgme_error_t rc;
359
  ssize_t ret;
360
  size_t plaintext_capacity = 0;
361
  ssize_t plaintext_length = 0;
362
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
363
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
364
    fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
365
  }
366
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
367
  /* Create new GPGME data buffer from memory cryptotext */
368
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
369
			       0);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
370
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
371
    fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
372
		 gpgme_strsource(rc), gpgme_strerror(rc));
13 by Björn Påhlsson
Added following support:
373
    return -1;
374
  }
375
  
376
  /* Create new empty GPGME data buffer for the plaintext */
377
  rc = gpgme_data_new(&dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
378
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
379
    fprintf_plus(stderr, "Mandos plugin mandos-client: "
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
380
		 "bad gpgme_data_new: %s: %s\n",
381
		 gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
382
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
383
    return -1;
384
  }
385
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
386
  /* Decrypt data from the cryptotext data buffer to the plaintext
387
     data buffer */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
388
  rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
389
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
390
    fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
391
		 gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
392
    plaintext_length = -1;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
393
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
394
      gpgme_decrypt_result_t result;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
395
      result = gpgme_op_decrypt_result(mc->ctx);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
396
      if(result == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
397
	fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
398
      } else {
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
399
	fprintf_plus(stderr, "Unsupported algorithm: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
400
		     result->unsupported_algorithm);
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
401
	fprintf_plus(stderr, "Wrong key usage: %u\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
402
		     result->wrong_key_usage);
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
403
	if(result->file_name != NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
404
	  fprintf_plus(stderr, "File name: %s\n", result->file_name);
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
405
	}
406
	gpgme_recipient_t recipient;
407
	recipient = result->recipients;
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
408
	while(recipient != NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
409
	  fprintf_plus(stderr, "Public key algorithm: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
410
		       gpgme_pubkey_algo_name
411
		       (recipient->pubkey_algo));
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
412
	  fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
413
	  fprintf_plus(stderr, "Secret key available: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
414
		       recipient->status == GPG_ERR_NO_SECKEY
415
		       ? "No" : "Yes");
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
416
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
417
	}
418
      }
419
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
420
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
421
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
422
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
423
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
424
    fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
425
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
426
  
13 by Björn Påhlsson
Added following support:
427
  /* Seek back to the beginning of the GPGME plaintext data buffer */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
428
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
429
    perror_plus("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
430
    plaintext_length = -1;
431
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
432
  }
433
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
434
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
435
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
436
    plaintext_capacity = incbuffer(plaintext,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
437
				   (size_t)plaintext_length,
438
				   plaintext_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
439
    if(plaintext_capacity == 0){
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
440
      perror_plus("incbuffer");
441
      plaintext_length = -1;
442
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
443
    }
444
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
445
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
446
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
447
    /* Print the data, if any */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
448
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
449
      /* EOF */
13 by Björn Påhlsson
Added following support:
450
      break;
451
    }
452
    if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
453
      perror_plus("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
454
      plaintext_length = -1;
455
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
456
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
457
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
458
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
459
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
460
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
461
    fprintf_plus(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
462
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
463
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
464
    }
465
    fprintf(stderr, "\n");
466
  }
467
  
468
 decrypt_end:
469
  
470
  /* Delete the GPGME cryptotext data buffer */
471
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
472
  
473
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
474
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
475
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
476
}
477
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
478
static const char * safer_gnutls_strerror(int value){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
479
  const char *ret = gnutls_strerror(value);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
480
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
481
    ret = "(unknown)";
482
  return ret;
483
}
484
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
485
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
486
static void debuggnutls(__attribute__((unused)) int level,
487
			const char* string){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
488
  fprintf_plus(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
489
}
490
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
491
static int init_gnutls_global(const char *pubkeyfilename,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
492
			      const char *seckeyfilename,
493
			      mandos_context *mc){
13 by Björn Påhlsson
Added following support:
494
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
495
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
496
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
497
    fprintf_plus(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
498
  }
24.1.29 by Björn Påhlsson
Added more header file comments
499
  
500
  ret = gnutls_global_init();
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
501
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
502
    fprintf_plus(stderr, "GnuTLS global_init: %s\n",
503
		 safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
504
    return -1;
505
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
506
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
507
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
508
    /* "Use a log level over 10 to enable all debugging options."
509
     * - GnuTLS manual
510
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
511
    gnutls_global_set_log_level(11);
512
    gnutls_global_set_log_function(debuggnutls);
513
  }
514
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
515
  /* OpenPGP credentials */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
516
  ret = gnutls_certificate_allocate_credentials(&mc->cred);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
517
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
518
    fprintf_plus(stderr, "GnuTLS memory error: %s\n",
519
		 safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
520
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
521
    return -1;
522
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
523
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
524
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
525
    fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
526
		 " secret key %s as GnuTLS credentials\n",
527
		 pubkeyfilename,
528
		 seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
529
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
530
  
13 by Björn Påhlsson
Added following support:
531
  ret = gnutls_certificate_set_openpgp_key_file
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
532
    (mc->cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
533
     GNUTLS_OPENPGP_FMT_BASE64);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
534
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
535
    fprintf_plus(stderr,
536
		 "Error[%d] while reading the OpenPGP key pair ('%s',"
537
		 " '%s')\n", ret, pubkeyfilename, seckeyfilename);
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
538
    fprintf_plus(stderr, "The GnuTLS error is: %s\n",
539
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
540
    goto globalfail;
13 by Björn Påhlsson
Added following support:
541
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
542
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
543
  /* GnuTLS server initialization */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
544
  ret = gnutls_dh_params_init(&mc->dh_params);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
545
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
546
    fprintf_plus(stderr, "Error in GnuTLS DH parameter"
547
		 " initialization: %s\n",
548
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
549
    goto globalfail;
13 by Björn Påhlsson
Added following support:
550
  }
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
551
  ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
552
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
553
    fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
554
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
555
    goto globalfail;
13 by Björn Påhlsson
Added following support:
556
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
557
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
558
  gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
559
  
24.1.13 by Björn Påhlsson
mandosclient
560
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
561
  
24.1.20 by Björn Påhlsson
mandosclient
562
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
563
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
564
  gnutls_certificate_free_credentials(mc->cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
565
  gnutls_global_deinit();
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
566
  gnutls_dh_params_deinit(mc->dh_params);
24.1.20 by Björn Påhlsson
mandosclient
567
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
568
}
569
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
570
static int init_gnutls_session(gnutls_session_t *session,
571
			       mandos_context *mc){
24.1.13 by Björn Påhlsson
mandosclient
572
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
573
  /* GnuTLS session creation */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
574
  do {
575
    ret = gnutls_init(session, GNUTLS_SERVER);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
576
    if(quit_now){
577
      return -1;
578
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
579
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
580
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
581
    fprintf_plus(stderr,
582
		 "Error in GnuTLS session initialization: %s\n",
583
		 safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
584
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
585
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
586
  {
587
    const char *err;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
588
    do {
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
589
      ret = gnutls_priority_set_direct(*session, mc->priority, &err);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
590
      if(quit_now){
591
	gnutls_deinit(*session);
592
	return -1;
593
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
594
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
595
    if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
596
      fprintf_plus(stderr, "Syntax error at: %s\n", err);
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
597
      fprintf_plus(stderr, "GnuTLS error: %s\n",
598
		   safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
599
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
600
      return -1;
601
    }
13 by Björn Påhlsson
Added following support:
602
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
603
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
604
  do {
605
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
606
				 mc->cred);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
607
    if(quit_now){
608
      gnutls_deinit(*session);
609
      return -1;
610
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
611
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
612
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
613
    fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
614
		 safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
615
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
616
    return -1;
617
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
618
  
13 by Björn Påhlsson
Added following support:
619
  /* ignore client certificate if any. */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
620
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
621
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
622
  gnutls_dh_set_prime_bits(*session, mc->dh_bits);
13 by Björn Påhlsson
Added following support:
623
  
624
  return 0;
625
}
626
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
627
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
628
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
629
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
630
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
631
/* Called when a Mandos server is found */
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
632
static int start_mandos_communication(const char *ip, in_port_t port,
24.1.9 by Björn Påhlsson
not working midwork...
633
				      AvahiIfIndex if_index,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
634
				      int af, mandos_context *mc){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
635
  int ret, tcp_sd = -1;
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
636
  ssize_t sret;
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
637
  struct sockaddr_storage to;
13 by Björn Påhlsson
Added following support:
638
  char *buffer = NULL;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
639
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
640
  size_t buffer_length = 0;
641
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
642
  size_t written;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
643
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
644
  gnutls_session_t session;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
645
  int pf;			/* Protocol family */
646
  
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
647
  errno = 0;
648
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
649
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
650
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
651
    return -1;
652
  }
653
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
654
  switch(af){
655
  case AF_INET6:
656
    pf = PF_INET6;
657
    break;
658
  case AF_INET:
659
    pf = PF_INET;
660
    break;
661
  default:
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
662
    fprintf_plus(stderr, "Bad address family: %d\n", af);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
663
    errno = EINVAL;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
664
    return -1;
665
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
666
  
237.7.153 by Teddy Hogeborn
* plugins.d/mandos-client.c: Comment changes
667
  /* If the interface is specified and we have a list of interfaces */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
668
  if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
669
    /* Check if the interface is one of the interfaces we are using */
670
    bool match = false;
671
    {
672
      char *interface = NULL;
673
      while((interface=argz_next(mc->interfaces, mc->interfaces_size,
674
				 interface))){
675
	if(if_nametoindex(interface) == (unsigned int)if_index){
676
	  match = true;
677
	  break;
678
	}
679
      }
680
    }
681
    if(not match){
237.7.153 by Teddy Hogeborn
* plugins.d/mandos-client.c: Comment changes
682
      /* This interface does not match any in the list, so we don't
683
	 connect to the server */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
684
      if(debug){
685
	char interface[IF_NAMESIZE];
686
	if(if_indextoname((unsigned int)if_index, interface) == NULL){
687
	  perror_plus("if_indextoname");
688
	} else {
689
	  fprintf_plus(stderr, "Skipping server on non-used interface"
690
		       " \"%s\"\n",
691
		       if_indextoname((unsigned int)if_index,
692
				      interface));
693
	}
694
      }
695
      return -1;
696
    }
697
  }
698
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
699
  ret = init_gnutls_session(&session, mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
700
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
701
    return -1;
702
  }
703
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
704
  if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
705
    fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
706
		 PRIuMAX "\n", ip, (uintmax_t)port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
707
  }
13 by Björn Påhlsson
Added following support:
708
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
709
  tcp_sd = socket(pf, SOCK_STREAM, 0);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
710
  if(tcp_sd < 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
711
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
712
    perror_plus("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
713
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
714
    goto mandos_end;
715
  }
716
  
717
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
718
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
719
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
720
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
721
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
722
  memset(&to, 0, sizeof(to));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
723
  if(af == AF_INET6){
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
724
    ((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
725
    ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
726
  } else {			/* IPv4 */
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
727
    ((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
728
    ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
729
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
730
  if(ret < 0 ){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
731
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
732
    perror_plus("inet_pton");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
733
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
734
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
735
  }
13 by Björn Påhlsson
Added following support:
736
  if(ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
737
    int e = errno;
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
738
    fprintf_plus(stderr, "Bad address: %s\n", ip);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
739
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
740
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
741
  }
237.2.67 by Teddy Hogeborn
Four new interrelated features:
742
  if(af == AF_INET6){
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
743
    ((struct sockaddr_in6 *)&to)->sin6_port = htons(port);    
744
    if(IN6_IS_ADDR_LINKLOCAL
745
       (&((struct sockaddr_in6 *)&to)->sin6_addr)){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
746
      if(if_index == AVAHI_IF_UNSPEC){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
747
	fprintf_plus(stderr, "An IPv6 link-local address is"
748
		     " incomplete without a network interface\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
749
	errno = EINVAL;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
750
	goto mandos_end;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
751
      }
752
      /* Set the network interface number as scope */
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
753
      ((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
754
    }
755
  } else {
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
756
    ((struct sockaddr_in *)&to)->sin_port = htons(port);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
757
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
758
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
759
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
760
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
761
    goto mandos_end;
762
  }
763
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
764
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
765
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
766
      char interface[IF_NAMESIZE];
767
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
768
	perror_plus("if_indextoname");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
769
      } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
770
	fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
771
		     "\n", ip, interface, (uintmax_t)port);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
772
      }
773
    } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
774
      fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
775
		   ip, (uintmax_t)port);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
776
    }
777
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
778
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
779
    if(af == AF_INET6){
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
780
      ret = getnameinfo((struct sockaddr *)&to,
781
			sizeof(struct sockaddr_in6),
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
782
			addrstr, sizeof(addrstr), NULL, 0,
783
			NI_NUMERICHOST);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
784
    } else {
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
785
      ret = getnameinfo((struct sockaddr *)&to,
786
			sizeof(struct sockaddr_in),
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
787
			addrstr, sizeof(addrstr), NULL, 0,
788
			NI_NUMERICHOST);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
789
    }
237.7.215 by Teddy Hogeborn
Use getnameinfo() instead of inet_ntop() in mandos-client.
790
    if(ret == EAI_SYSTEM){
791
      perror_plus("getnameinfo");
792
    } else if(ret != 0) {
793
      fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
794
    } else if(strcmp(addrstr, ip) != 0){
795
      fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
796
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
797
  }
13 by Björn Påhlsson
Added following support:
798
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
799
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
800
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
801
    goto mandos_end;
802
  }
803
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
804
  if(af == AF_INET6){
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
805
    ret = connect(tcp_sd, (struct sockaddr *)&to,
806
		  sizeof(struct sockaddr_in6));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
807
  } else {
237.7.217 by Teddy Hogeborn
Use "struct sockaddr_storage" instead of a union in mandos-client.
808
    ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
809
		  sizeof(struct sockaddr_in));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
810
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
811
  if(ret < 0){
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
812
    if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
813
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
814
      perror_plus("connect");
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
815
      errno = e;
816
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
817
    goto mandos_end;
818
  }
819
  
820
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
821
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
822
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
823
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
824
  
24.1.12 by Björn Påhlsson
merge +
825
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
826
  written = 0;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
827
  while(true){
24.1.10 by Björn Påhlsson
merge commit
828
    size_t out_size = strlen(out);
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
829
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
830
					out_size - written));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
831
    if(ret == -1){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
832
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
833
      perror_plus("write");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
834
      errno = e;
24.1.12 by Björn Påhlsson
merge +
835
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
836
    }
24.1.12 by Björn Påhlsson
merge +
837
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
838
    if(written < out_size){
839
      continue;
840
    } else {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
841
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
842
	written = 0;
843
	out = "\r\n";
844
      } else {
845
	break;
846
      }
847
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
848
  
849
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
850
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
851
      goto mandos_end;
852
    }
24.1.10 by Björn Påhlsson
merge commit
853
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
854
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
855
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
856
    fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
857
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
858
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
859
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
860
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
861
    goto mandos_end;
862
  }
863
  
237.7.136 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Eliminate
864
  /* This casting via intptr_t is to eliminate warning about casting
865
     an int to a pointer type.  This is exactly how the GnuTLS Guile
866
     function "set-session-transport-fd!" does it. */
867
  gnutls_transport_set_ptr(session,
868
			   (gnutls_transport_ptr_t)(intptr_t)tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
869
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
870
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
871
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
872
    goto mandos_end;
873
  }
874
  
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
875
  do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
876
    ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
877
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
878
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
879
      goto mandos_end;
880
    }
24.1.29 by Björn Påhlsson
Added more header file comments
881
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
882
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
883
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
884
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
885
      fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
886
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
887
    }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
888
    errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
889
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
890
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
891
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
892
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
893
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
894
  if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
895
    fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
896
		 " %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
897
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
898
  
13 by Björn Påhlsson
Added following support:
899
  while(true){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
900
    
901
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
902
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
903
      goto mandos_end;
904
    }
905
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
906
    buffer_capacity = incbuffer(&buffer, buffer_length,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
907
				buffer_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
908
    if(buffer_capacity == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
909
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
910
      perror_plus("incbuffer");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
911
      errno = e;
24.1.12 by Björn Påhlsson
merge +
912
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
913
    }
914
    
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
915
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
916
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
917
      goto mandos_end;
918
    }
919
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
920
    sret = gnutls_record_recv(session, buffer+buffer_length,
921
			      BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
922
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
923
      break;
924
    }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
925
    if(sret < 0){
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
926
      switch(sret){
13 by Björn Påhlsson
Added following support:
927
      case GNUTLS_E_INTERRUPTED:
928
      case GNUTLS_E_AGAIN:
929
	break;
930
      case GNUTLS_E_REHANDSHAKE:
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
931
	do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
932
	  ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
933
	  
934
	  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
935
	    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
936
	    goto mandos_end;
937
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
938
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
939
	if(ret < 0){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
940
	  fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
941
		       "***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
942
	  gnutls_perror(ret);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
943
	  errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
944
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
945
	}
946
	break;
947
      default:
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
948
	fprintf_plus(stderr, "Unknown error while reading data from"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
949
		     " encrypted session with Mandos server\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
950
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
951
	errno = EIO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
952
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
953
      }
954
    } else {
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
955
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
956
    }
957
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
958
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
959
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
960
    fprintf_plus(stderr, "Closing TLS session\n");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
961
  }
962
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
963
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
964
    errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
965
    goto mandos_end;
966
  }
967
  
968
  do {
969
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
970
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
971
      errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
972
      goto mandos_end;
973
    }
974
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
975
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
976
  if(buffer_length > 0){
237.2.125 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
977
    ssize_t decrypted_buffer_size;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
978
    decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
979
					       &decrypted_buffer, mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
980
    if(decrypted_buffer_size >= 0){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
981
      
24.1.10 by Björn Påhlsson
merge commit
982
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
983
      while(written < (size_t) decrypted_buffer_size){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
984
	if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
985
	  errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
986
	  goto mandos_end;
987
	}
988
	
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
989
	ret = (int)fwrite(decrypted_buffer + written, 1,
990
			  (size_t)decrypted_buffer_size - written,
991
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
992
	if(ret == 0 and ferror(stdout)){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
993
	  int e = errno;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
994
	  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
995
	    fprintf_plus(stderr, "Error writing encrypted data: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
996
			 strerror(errno));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
997
	  }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
998
	  errno = e;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
999
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1000
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1001
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1002
      }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
1003
      retval = 0;
13 by Björn Påhlsson
Added following support:
1004
    }
1005
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1006
  
1007
  /* Shutdown procedure */
1008
  
1009
 mandos_end:
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1010
  {
1011
    int e = errno;
1012
    free(decrypted_buffer);
1013
    free(buffer);
1014
    if(tcp_sd >= 0){
1015
      ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1016
    }
1017
    if(ret == -1){
1018
      if(e == 0){
1019
	e = errno;
1020
      }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1021
      perror_plus("close");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1022
    }
1023
    gnutls_deinit(session);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1024
    errno = e;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1025
    if(quit_now){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1026
      errno = EINTR;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1027
      retval = -1;
1028
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
1029
  }
13 by Björn Påhlsson
Added following support:
1030
  return retval;
1031
}
1032
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
1033
static void resolve_callback(AvahiSServiceResolver *r,
1034
			     AvahiIfIndex interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1035
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
1036
			     AvahiResolverEvent event,
1037
			     const char *name,
1038
			     const char *type,
1039
			     const char *domain,
1040
			     const char *host_name,
1041
			     const AvahiAddress *address,
1042
			     uint16_t port,
1043
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
1044
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
1045
			     flags,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1046
			     void* mc){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1047
  if(r == NULL){
1048
    return;
1049
  }
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1050
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1051
  /* Called whenever a service has been resolved successfully or
1052
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1053
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1054
  if(quit_now){
1055
    return;
1056
  }
1057
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1058
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1059
  default:
1060
  case AVAHI_RESOLVER_FAILURE:
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1061
    fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1062
		 "'%s' of type '%s' in domain '%s': %s\n", name, type,
1063
		 domain,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1064
		 avahi_strerror(avahi_server_errno
1065
				(((mandos_context*)mc)->server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1066
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1067
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1068
  case AVAHI_RESOLVER_FOUND:
1069
    {
1070
      char ip[AVAHI_ADDRESS_STR_MAX];
1071
      avahi_address_snprint(ip, sizeof(ip), address);
1072
      if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1073
	fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1074
		     PRIdMAX ") on port %" PRIu16 "\n", name,
1075
		     host_name, ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1076
      }
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1077
      int ret = start_mandos_communication(ip, (in_port_t)port,
1078
					   interface,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1079
					   avahi_proto_to_af(proto),
1080
					   mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
1081
      if(ret == 0){
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1082
	avahi_simple_poll_quit(simple_poll);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1083
      } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1084
	if(not add_server(ip, (in_port_t)port, interface,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1085
			  avahi_proto_to_af(proto),
1086
			  &((mandos_context*)mc)->current_server)){
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
1087
	  fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1088
		       " list\n", name);
1089
	}
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1090
      }
13 by Björn Påhlsson
Added following support:
1091
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1092
  }
1093
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
1094
}
1095
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1096
static void browse_callback(AvahiSServiceBrowser *b,
1097
			    AvahiIfIndex interface,
1098
			    AvahiProtocol protocol,
1099
			    AvahiBrowserEvent event,
1100
			    const char *name,
1101
			    const char *type,
1102
			    const char *domain,
1103
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
1104
			    flags,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1105
			    void* mc){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1106
  if(b == NULL){
1107
    return;
1108
  }
24.1.9 by Björn Påhlsson
not working midwork...
1109
  
1110
  /* Called whenever a new services becomes available on the LAN or
1111
     is removed from the LAN */
1112
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
1113
  if(quit_now){
1114
    return;
1115
  }
1116
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1117
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
1118
  default:
1119
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1120
    
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1121
    fprintf_plus(stderr, "(Avahi browser) %s\n",
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1122
		 avahi_strerror(avahi_server_errno
1123
				(((mandos_context*)mc)->server)));
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1124
    avahi_simple_poll_quit(simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
1125
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1126
    
24.1.9 by Björn Påhlsson
not working midwork...
1127
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1128
    /* We ignore the returned Avahi resolver object. In the callback
1129
       function we free it. If the Avahi server is terminated before
1130
       the callback function is called the Avahi server will free the
1131
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1132
    
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1133
    if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1134
				    interface, protocol, name, type,
1135
				    domain, protocol, 0,
1136
				    resolve_callback, mc) == NULL)
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1137
      fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1138
		   " %s\n", name,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1139
		   avahi_strerror(avahi_server_errno
1140
				  (((mandos_context*)mc)->server)));
24.1.9 by Björn Påhlsson
not working midwork...
1141
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1142
    
24.1.9 by Björn Påhlsson
not working midwork...
1143
  case AVAHI_BROWSER_REMOVE:
1144
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1145
    
24.1.9 by Björn Påhlsson
not working midwork...
1146
  case AVAHI_BROWSER_ALL_FOR_NOW:
1147
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1148
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1149
      fprintf_plus(stderr, "No Mandos server found, still"
1150
		   " searching...\n");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1151
    }
24.1.9 by Björn Påhlsson
not working midwork...
1152
    break;
1153
  }
13 by Björn Påhlsson
Added following support:
1154
}
1155
237.7.33 by Teddy Hogeborn
Merge from Björn.
1156
/* Signal handler that stops main loop after SIGTERM */
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1157
static void handle_sigterm(int sig){
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1158
  if(quit_now){
1159
    return;
1160
  }
1161
  quit_now = 1;
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1162
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1163
  int old_errno = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1164
  /* set main loop to exit */
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1165
  if(simple_poll != NULL){
1166
    avahi_simple_poll_quit(simple_poll);
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1167
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1168
  errno = old_errno;
1169
}
1170
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1171
bool get_flags(const char *ifname, struct ifreq *ifr){
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1172
  int ret;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1173
  error_t ret_errno;
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1174
  
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1175
  int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1176
  if(s < 0){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1177
    ret_errno = errno;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1178
    perror_plus("socket");
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1179
    errno = ret_errno;
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1180
    return false;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1181
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1182
  strcpy(ifr->ifr_name, ifname);
1183
  ret = ioctl(s, SIOCGIFFLAGS, ifr);
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1184
  if(ret == -1){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1185
    if(debug){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1186
      ret_errno = errno;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1187
      perror_plus("ioctl SIOCGIFFLAGS");
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1188
      errno = ret_errno;
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1189
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1190
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1191
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1192
  return true;
1193
}
1194
1195
bool good_flags(const char *ifname, const struct ifreq *ifr){
1196
  
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1197
  /* Reject the loopback device */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1198
  if(ifr->ifr_flags & IFF_LOOPBACK){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1199
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1200
      fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1201
		   ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1202
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1203
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1204
  }
1205
  /* Accept point-to-point devices only if connect_to is specified */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1206
  if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1207
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1208
      fprintf_plus(stderr, "Accepting point-to-point interface"
1209
		   " \"%s\"\n", ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1210
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1211
    return true;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1212
  }
1213
  /* Otherwise, reject non-broadcast-capable devices */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1214
  if(not (ifr->ifr_flags & IFF_BROADCAST)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1215
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1216
      fprintf_plus(stderr, "Rejecting non-broadcast interface"
1217
		   " \"%s\"\n", ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1218
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1219
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1220
  }
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1221
  /* Reject non-ARP interfaces (including dummy interfaces) */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1222
  if(ifr->ifr_flags & IFF_NOARP){
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1223
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1224
      fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1225
		   ifname);
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1226
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1227
    return false;
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1228
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1229
  
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1230
  /* Accept this device */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1231
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1232
    fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1233
  }
1234
  return true;
1235
}
1236
1237
/* 
1238
 * This function determines if a directory entry in /sys/class/net
1239
 * corresponds to an acceptable network device.
1240
 * (This function is passed to scandir(3) as a filter function.)
1241
 */
1242
int good_interface(const struct dirent *if_entry){
1243
  if(if_entry->d_name[0] == '.'){
1244
    return 0;
1245
  }
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1246
  
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1247
  struct ifreq ifr;
1248
  if(not get_flags(if_entry->d_name, &ifr)){
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1249
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1250
      fprintf_plus(stderr, "Failed to get flags for interface "
1251
		   "\"%s\"\n", if_entry->d_name);
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1252
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1253
    return 0;
1254
  }
1255
  
1256
  if(not good_flags(if_entry->d_name, &ifr)){
1257
    return 0;
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1258
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1259
  return 1;
1260
}
1261
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1262
/* 
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1263
 * This function determines if a network interface is up.
1264
 */
1265
bool interface_is_up(const char *interface){
1266
  struct ifreq ifr;
1267
  if(not get_flags(interface, &ifr)){
1268
    if(debug){
1269
      fprintf_plus(stderr, "Failed to get flags for interface "
1270
		   "\"%s\"\n", interface);
1271
    }
1272
    return false;
1273
  }
1274
  
1275
  return (bool)(ifr.ifr_flags & IFF_UP);
1276
}
1277
1278
/* 
1279
 * This function determines if a network interface is running
1280
 */
1281
bool interface_is_running(const char *interface){
1282
  struct ifreq ifr;
1283
  if(not get_flags(interface, &ifr)){
1284
    if(debug){
1285
      fprintf_plus(stderr, "Failed to get flags for interface "
1286
		   "\"%s\"\n", interface);
1287
    }
1288
    return false;
1289
  }
1290
  
1291
  return (bool)(ifr.ifr_flags & IFF_RUNNING);
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1292
}
1293
24.1.172 by Björn Påhlsson
using scandir instead of readdir
1294
int notdotentries(const struct dirent *direntry){
1295
  /* Skip "." and ".." */
1296
  if(direntry->d_name[0] == '.'
1297
     and (direntry->d_name[1] == '\0'
1298
	  or (direntry->d_name[1] == '.'
1299
	      and direntry->d_name[2] == '\0'))){
1300
    return 0;
1301
  }
1302
  return 1;
1303
}
1304
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1305
/* Is this directory entry a runnable program? */
1306
int runnable_hook(const struct dirent *direntry){
1307
  int ret;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1308
  size_t sret;
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1309
  struct stat st;
1310
  
1311
  if((direntry->d_name)[0] == '\0'){
1312
    /* Empty name? */
1313
    return 0;
1314
  }
1315
  
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1316
  sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1317
		"abcdefghijklmnopqrstuvwxyz"
1318
		"0123456789"
1319
		"_-");
1320
  if((direntry->d_name)[sret] != '\0'){
1321
    /* Contains non-allowed characters */
1322
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1323
      fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1324
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1325
    }
1326
    return 0;
1327
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1328
  
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1329
  char *fullname = NULL;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1330
  ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1331
  if(ret < 0){
1332
    perror_plus("asprintf");
1333
    return 0;
1334
  }
1335
  
1336
  ret = stat(fullname, &st);
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1337
  if(ret == -1){
1338
    if(debug){
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1339
      perror_plus("Could not stat hook");
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1340
    }
1341
    return 0;
1342
  }
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1343
  if(not (S_ISREG(st.st_mode))){
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1344
    /* Not a regular file */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1345
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1346
      fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1347
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1348
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1349
    return 0;
1350
  }
1351
  if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1352
    /* Not executable */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1353
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1354
      fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1355
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1356
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1357
    return 0;
1358
  }
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
1359
  if(debug){
1360
    fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1361
		 direntry->d_name);
1362
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1363
  return 1;
1364
}
1365
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1366
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1367
			    mandos_context *mc){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1368
  int ret;
1369
  struct timespec now;
1370
  struct timespec waited_time;
1371
  intmax_t block_time;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1372
  
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1373
  while(true){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1374
    if(mc->current_server == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1375
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1376
	fprintf_plus(stderr, "Wait until first server is found."
1377
		     " No timeout!\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1378
      }
1379
      ret = avahi_simple_poll_iterate(s, -1);
1380
    } else {
1381
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1382
	fprintf_plus(stderr, "Check current_server if we should run"
1383
		     " it, or wait\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1384
      }
1385
      /* the current time */
1386
      ret = clock_gettime(CLOCK_MONOTONIC, &now);
1387
      if(ret == -1){
1388
	perror_plus("clock_gettime");
1389
	return -1;
1390
      }
1391
      /* Calculating in ms how long time between now and server
1392
	 who we visted longest time ago. Now - last seen.  */
237.7.33 by Teddy Hogeborn
Merge from Björn.
1393
      waited_time.tv_sec = (now.tv_sec
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1394
			    - mc->current_server->last_seen.tv_sec);
237.7.33 by Teddy Hogeborn
Merge from Björn.
1395
      waited_time.tv_nsec = (now.tv_nsec
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1396
			     - mc->current_server->last_seen.tv_nsec);
237.7.33 by Teddy Hogeborn
Merge from Björn.
1397
      /* total time is 10s/10,000ms.
1398
	 Converting to s from ms by dividing by 1,000,
1399
	 and ns to ms by dividing by 1,000,000. */
1400
      block_time = ((retry_interval
1401
		     - ((intmax_t)waited_time.tv_sec * 1000))
1402
		    - ((intmax_t)waited_time.tv_nsec / 1000000));
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1403
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1404
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1405
	fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1406
		     block_time);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1407
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1408
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1409
      if(block_time <= 0){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1410
	ret = start_mandos_communication(mc->current_server->ip,
1411
					 mc->current_server->port,
1412
					 mc->current_server->if_index,
1413
					 mc->current_server->af, mc);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1414
	if(ret == 0){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1415
	  avahi_simple_poll_quit(s);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1416
	  return 0;
1417
	}
237.7.33 by Teddy Hogeborn
Merge from Björn.
1418
	ret = clock_gettime(CLOCK_MONOTONIC,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1419
			    &mc->current_server->last_seen);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1420
	if(ret == -1){
1421
	  perror_plus("clock_gettime");
1422
	  return -1;
1423
	}
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1424
	mc->current_server = mc->current_server->next;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1425
	block_time = 0; 	/* Call avahi to find new Mandos
1426
				   servers, but don't block */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1427
      }
1428
      
1429
      ret = avahi_simple_poll_iterate(s, (int)block_time);
1430
    }
1431
    if(ret != 0){
237.16.3 by teddy at bsnet
* plugins.d/mandos-client.c: Prefix all printouts with "Mandos plugin
1432
      if (ret > 0 or errno != EINTR){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1433
	return (ret != 1) ? ret : 0;
1434
      }
1435
    }
1436
  }
1437
}
1438
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1439
/* Set effective uid to 0, return errno */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1440
error_t raise_privileges(void){
1441
  error_t old_errno = errno;
1442
  error_t ret_errno = 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1443
  if(seteuid(0) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1444
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1445
    perror_plus("seteuid");
1446
  }
1447
  errno = old_errno;
1448
  return ret_errno;
1449
}
1450
1451
/* Set effective and real user ID to 0.  Return errno. */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1452
error_t raise_privileges_permanently(void){
1453
  error_t old_errno = errno;
1454
  error_t ret_errno = raise_privileges();
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1455
  if(ret_errno != 0){
1456
    errno = old_errno;
1457
    return ret_errno;
1458
  }
1459
  if(setuid(0) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1460
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1461
    perror_plus("seteuid");
1462
  }
1463
  errno = old_errno;
1464
  return ret_errno;
1465
}
1466
1467
/* Set effective user ID to unprivileged saved user ID */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1468
error_t lower_privileges(void){
1469
  error_t old_errno = errno;
1470
  error_t ret_errno = 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1471
  if(seteuid(uid) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1472
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1473
    perror_plus("seteuid");
1474
  }
1475
  errno = old_errno;
1476
  return ret_errno;
1477
}
1478
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1479
/* Lower privileges permanently */
1480
error_t lower_privileges_permanently(void){
1481
  error_t old_errno = errno;
1482
  error_t ret_errno = 0;
1483
  if(setuid(uid) == -1){
1484
    ret_errno = errno;
1485
    perror_plus("setuid");
1486
  }
1487
  errno = old_errno;
1488
  return ret_errno;
1489
}
1490
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1491
bool run_network_hooks(const char *mode, const char *interface,
1492
		       const float delay){
1493
  struct dirent **direntries;
1494
  int numhooks = scandir(hookdir, &direntries, runnable_hook,
1495
			 alphasort);
1496
  if(numhooks == -1){
237.7.146 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only print message about nonexisting
1497
    if(errno == ENOENT){
1498
      if(debug){
1499
	fprintf_plus(stderr, "Network hook directory \"%s\" not"
1500
		     " found\n", hookdir);
1501
      }
1502
    } else {
1503
      perror_plus("scandir");
1504
    }
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1505
  } else {
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
1506
    struct dirent *direntry;
1507
    int ret;
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1508
    int devnull = open("/dev/null", O_RDONLY);
1509
    for(int i = 0; i < numhooks; i++){
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
1510
      direntry = direntries[i];
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1511
      char *fullname = NULL;
1512
      ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1513
      if(ret < 0){
1514
	perror_plus("asprintf");
1515
	continue;
1516
      }
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
1517
      if(debug){
1518
	fprintf_plus(stderr, "Running network hook \"%s\"\n",
1519
		     direntry->d_name);
1520
      }
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1521
      pid_t hook_pid = fork();
1522
      if(hook_pid == 0){
1523
	/* Child */
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1524
	/* Raise privileges */
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1525
	raise_privileges_permanently();
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1526
	/* Set group */
1527
	errno = 0;
1528
	ret = setgid(0);
1529
	if(ret == -1){
1530
	  perror_plus("setgid");
1531
	}
1532
	/* Reset supplementary groups */
1533
	errno = 0;
1534
	ret = setgroups(0, NULL);
1535
	if(ret == -1){
1536
	  perror_plus("setgroups");
1537
	}
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1538
	dup2(devnull, STDIN_FILENO);
1539
	close(devnull);
1540
	dup2(STDERR_FILENO, STDOUT_FILENO);
1541
	ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1542
	if(ret == -1){
1543
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1544
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1545
	}
1546
	ret = setenv("DEVICE", interface, 1);
1547
	if(ret == -1){
1548
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1549
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1550
	}
237.17.2 by Teddy Hogeborn
* network-hooks.d/wireless: Bug fix: Make executable.
1551
	ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1552
	if(ret == -1){
1553
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1554
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1555
	}
1556
	ret = setenv("MODE", mode, 1);
1557
	if(ret == -1){
1558
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1559
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1560
	}
1561
	char *delaystring;
1562
	ret = asprintf(&delaystring, "%f", delay);
1563
	if(ret == -1){
1564
	  perror_plus("asprintf");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1565
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1566
	}
1567
	ret = setenv("DELAY", delaystring, 1);
1568
	if(ret == -1){
1569
	  free(delaystring);
1570
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1571
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1572
	}
1573
	free(delaystring);
237.17.1 by teddy at recompile
Add wireless network hook
1574
	if(connect_to != NULL){
237.17.6 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): Bug fix: setenv()
1575
	  ret = setenv("CONNECT", connect_to, 1);
237.17.1 by teddy at recompile
Add wireless network hook
1576
	  if(ret == -1){
1577
	    perror_plus("setenv");
1578
	    _exit(EX_OSERR);
1579
	  }
1580
	}
237.7.80 by teddy at bsnet
* plugins.d/mandos-client.c (fprintf_plus): Check format string.
1581
	if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1582
	  perror_plus("execl");
1583
	  _exit(EXIT_FAILURE);
1584
	}
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1585
      } else {
1586
	int status;
1587
	if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1588
	  perror_plus("waitpid");
1589
	  free(fullname);
1590
	  continue;
1591
	}
1592
	if(WIFEXITED(status)){
1593
	  if(WEXITSTATUS(status) != 0){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1594
	    fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1595
			 " with status %d\n", direntry->d_name,
1596
			 WEXITSTATUS(status));
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1597
	    free(fullname);
1598
	    continue;
1599
	  }
1600
	} else if(WIFSIGNALED(status)){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1601
	  fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1602
		       " signal %d\n", direntry->d_name,
1603
		       WTERMSIG(status));
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1604
	  free(fullname);
1605
	  continue;
1606
	} else {
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1607
	  fprintf_plus(stderr, "Warning: network hook \"%s\""
1608
		       " crashed\n", direntry->d_name);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1609
	  free(fullname);
1610
	  continue;
1611
	}
1612
      }
1613
      free(fullname);
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
1614
      if(debug){
1615
	fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1616
		     direntry->d_name);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1617
      }
1618
    }
1619
    close(devnull);
1620
  }
1621
  return true;
1622
}
1623
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1624
error_t bring_up_interface(const char *const interface,
1625
			   const float delay){
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1626
  int sd = -1;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1627
  error_t old_errno = errno;
1628
  error_t ret_errno = 0;
1629
  int ret, ret_setflags;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1630
  struct ifreq network;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1631
  unsigned int if_index = if_nametoindex(interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1632
  if(if_index == 0){
1633
    fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1634
    errno = old_errno;
1635
    return ENXIO;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1636
  }
1637
  
1638
  if(quit_now){
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1639
    errno = old_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1640
    return EINTR;
1641
  }
1642
  
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1643
  if(not interface_is_up(interface)){
1644
    if(not get_flags(interface, &network) and debug){
1645
      ret_errno = errno;
1646
      fprintf_plus(stderr, "Failed to get flags for interface "
1647
		   "\"%s\"\n", interface);
1648
      return ret_errno;
1649
    }
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1650
    network.ifr_flags |= IFF_UP;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1651
    
1652
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1653
    if(sd < 0){
1654
      ret_errno = errno;
1655
      perror_plus("socket");
1656
      errno = old_errno;
1657
      return ret_errno;
1658
    }
1659
  
1660
    if(quit_now){
1661
      close(sd);
1662
      errno = old_errno;
1663
      return EINTR;
1664
    }
1665
    
1666
    if(debug){
1667
      fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
1668
		   interface);
1669
    }
1670
    
1671
    /* Raise priviliges */
1672
    raise_privileges();
1673
    
1674
#ifdef __linux__
1675
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1676
       messages about the network interface to mess up the prompt */
1677
    int ret_linux = klogctl(8, NULL, 5);
1678
    bool restore_loglevel = true;
1679
    if(ret_linux == -1){
1680
      restore_loglevel = false;
1681
      perror_plus("klogctl");
1682
    }
1683
#endif	/* __linux__ */
1684
    ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1685
    ret_errno = errno;
1686
#ifdef __linux__
1687
    if(restore_loglevel){
1688
      ret_linux = klogctl(7, NULL, 0);
1689
      if(ret_linux == -1){
1690
	perror_plus("klogctl");
1691
      }
1692
    }
1693
#endif	/* __linux__ */
1694
    
1695
    /* Lower privileges */
1696
    lower_privileges();
1697
    
1698
    /* Close the socket */
1699
    ret = (int)TEMP_FAILURE_RETRY(close(sd));
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1700
    if(ret == -1){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1701
      perror_plus("close");
1702
    }
1703
    
1704
    if(ret_setflags == -1){
1705
      errno = ret_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1706
      perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1707
      errno = old_errno;
1708
      return ret_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1709
    }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1710
  } else if(debug){
1711
    fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
1712
		 interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1713
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1714
  
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1715
  /* Sleep checking until interface is running.
1716
     Check every 0.25s, up to total time of delay */
1717
  for(int i=0; i < delay * 4; i++){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1718
    if(interface_is_running(interface)){
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1719
      break;
1720
    }
1721
    struct timespec sleeptime = { .tv_nsec = 250000000 };
1722
    ret = nanosleep(&sleeptime, NULL);
1723
    if(ret == -1 and errno != EINTR){
1724
      perror_plus("nanosleep");
1725
    }
1726
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1727
  
1728
  errno = old_errno;
1729
  return 0;
1730
}
1731
1732
error_t take_down_interface(const char *const interface){
1733
  error_t old_errno = errno;
1734
  struct ifreq network;
1735
  unsigned int if_index = if_nametoindex(interface);
1736
  if(if_index == 0){
1737
    fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1738
    errno = old_errno;
1739
    return ENXIO;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1740
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1741
  if(interface_is_up(interface)){
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
1742
    error_t ret_errno = 0;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1743
    if(not get_flags(interface, &network) and debug){
1744
      ret_errno = errno;
1745
      fprintf_plus(stderr, "Failed to get flags for interface "
1746
		   "\"%s\"\n", interface);
1747
      return ret_errno;
1748
    }
1749
    network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1750
    
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
1751
    int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1752
    if(sd < 0){
1753
      ret_errno = errno;
1754
      perror_plus("socket");
1755
      errno = old_errno;
1756
      return ret_errno;
1757
    }
1758
    
1759
    if(debug){
1760
      fprintf_plus(stderr, "Taking down interface \"%s\"\n",
1761
		   interface);
1762
    }
1763
    
1764
    /* Raise priviliges */
1765
    raise_privileges();
1766
    
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
1767
    int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1768
    ret_errno = errno;
1769
    
1770
    /* Lower privileges */
1771
    lower_privileges();
1772
    
1773
    /* Close the socket */
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
1774
    int ret = (int)TEMP_FAILURE_RETRY(close(sd));
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1775
    if(ret == -1){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1776
      perror_plus("close");
1777
    }
1778
    
1779
    if(ret_setflags == -1){
1780
      errno = ret_errno;
1781
      perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
1782
      errno = old_errno;
1783
      return ret_errno;
1784
    }
1785
  } else if(debug){
1786
    fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
1787
		 interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1788
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1789
  
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1790
  errno = old_errno;
1791
  return 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1792
}
1793
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1794
int main(int argc, char *argv[]){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1795
  mandos_context mc = { .server = NULL, .dh_bits = 1024,
1796
			.priority = "SECURE256:!CTYPE-X.509:"
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
1797
			"+CTYPE-OPENPGP", .current_server = NULL, 
1798
			.interfaces = NULL, .interfaces_size = 0 };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1799
  AvahiSServiceBrowser *sb = NULL;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1800
  error_t ret_errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1801
  int ret;
1802
  intmax_t tmpmax;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1803
  char *tmp;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1804
  int exitcode = EXIT_SUCCESS;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1805
  char *interfaces_to_take_down = NULL;
1806
  size_t interfaces_to_take_down_size = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1807
  char tempdir[] = "/tmp/mandosXXXXXX";
1808
  bool tempdir_created = false;
1809
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1810
  const char *seckey = PATHDIR "/" SECKEY;
1811
  const char *pubkey = PATHDIR "/" PUBKEY;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1812
  char *interfaces_hooks = NULL;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1813
  
1814
  bool gnutls_initialized = false;
1815
  bool gpgme_initialized = false;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1816
  float delay = 2.5f;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1817
  double retry_interval = 10; /* 10s between trying a server and
1818
				 retrying the same server again */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1819
  
237.2.132 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1820
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1821
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1822
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1823
  uid = getuid();
1824
  gid = getgid();
1825
  
1826
  /* Lower any group privileges we might have, just to be safe */
1827
  errno = 0;
1828
  ret = setgid(gid);
1829
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1830
    perror_plus("setgid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1831
  }
1832
  
1833
  /* Lower user privileges (temporarily) */
1834
  errno = 0;
1835
  ret = seteuid(uid);
1836
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1837
    perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1838
  }
1839
  
1840
  if(quit_now){
1841
    goto end;
1842
  }
1843
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1844
  {
1845
    struct argp_option options[] = {
1846
      { .name = "debug", .key = 128,
1847
	.doc = "Debug mode", .group = 3 },
1848
      { .name = "connect", .key = 'c',
1849
	.arg = "ADDRESS:PORT",
1850
	.doc = "Connect directly to a specific Mandos server",
1851
	.group = 1 },
1852
      { .name = "interface", .key = 'i',
1853
	.arg = "NAME",
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1854
	.doc = "Network interface that will be used to search for"
1855
	" Mandos servers",
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1856
	.group = 1 },
1857
      { .name = "seckey", .key = 's',
1858
	.arg = "FILE",
1859
	.doc = "OpenPGP secret key file base name",
1860
	.group = 1 },
1861
      { .name = "pubkey", .key = 'p',
1862
	.arg = "FILE",
1863
	.doc = "OpenPGP public key file base name",
1864
	.group = 2 },
1865
      { .name = "dh-bits", .key = 129,
1866
	.arg = "BITS",
1867
	.doc = "Bit length of the prime number used in the"
1868
	" Diffie-Hellman key exchange",
1869
	.group = 2 },
1870
      { .name = "priority", .key = 130,
1871
	.arg = "STRING",
1872
	.doc = "GnuTLS priority string for the TLS handshake",
1873
	.group = 1 },
1874
      { .name = "delay", .key = 131,
1875
	.arg = "SECONDS",
1876
	.doc = "Maximum delay to wait for interface startup",
1877
	.group = 2 },
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1878
      { .name = "retry", .key = 132,
1879
	.arg = "SECONDS",
237.17.1 by teddy at recompile
Add wireless network hook
1880
	.doc = "Retry interval used when denied by the Mandos server",
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1881
	.group = 2 },
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1882
      { .name = "network-hook-dir", .key = 133,
1883
	.arg = "DIR",
1884
	.doc = "Directory where network hooks are located",
1885
	.group = 2 },
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1886
      /*
1887
       * These reproduce what we would get without ARGP_NO_HELP
1888
       */
1889
      { .name = "help", .key = '?',
1890
	.doc = "Give this help list", .group = -1 },
1891
      { .name = "usage", .key = -3,
1892
	.doc = "Give a short usage message", .group = -1 },
1893
      { .name = "version", .key = 'V',
1894
	.doc = "Print program version", .group = -1 },
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1895
      { .name = NULL }
1896
    };
1897
    
1898
    error_t parse_opt(int key, char *arg,
1899
		      struct argp_state *state){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1900
      errno = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1901
      switch(key){
1902
      case 128:			/* --debug */
1903
	debug = true;
1904
	break;
1905
      case 'c':			/* --connect */
1906
	connect_to = arg;
1907
	break;
1908
      case 'i':			/* --interface */
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
1909
	ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
1910
				 arg, (int)',');
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1911
	if(ret_errno != 0){
1912
	  argp_error(state, "%s", strerror(ret_errno));
1913
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1914
	break;
1915
      case 's':			/* --seckey */
1916
	seckey = arg;
1917
	break;
1918
      case 'p':			/* --pubkey */
1919
	pubkey = arg;
1920
	break;
1921
      case 129:			/* --dh-bits */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1922
	errno = 0;
1923
	tmpmax = strtoimax(arg, &tmp, 10);
1924
	if(errno != 0 or tmp == arg or *tmp != '\0'
1925
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1926
	  argp_error(state, "Bad number of DH bits");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1927
	}
1928
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1929
	break;
1930
      case 130:			/* --priority */
1931
	mc.priority = arg;
1932
	break;
1933
      case 131:			/* --delay */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1934
	errno = 0;
1935
	delay = strtof(arg, &tmp);
1936
	if(errno != 0 or tmp == arg or *tmp != '\0'){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1937
	  argp_error(state, "Bad delay");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1938
	}
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1939
      case 132:			/* --retry */
1940
	errno = 0;
1941
	retry_interval = strtod(arg, &tmp);
1942
	if(errno != 0 or tmp == arg or *tmp != '\0'
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1943
	   or (retry_interval * 1000) > INT_MAX
1944
	   or retry_interval < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1945
	  argp_error(state, "Bad retry interval");
1946
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1947
	break;
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1948
      case 133:			/* --network-hook-dir */
1949
	hookdir = arg;
1950
	break;
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1951
	/*
1952
	 * These reproduce what we would get without ARGP_NO_HELP
1953
	 */
1954
      case '?':			/* --help */
1955
	argp_state_help(state, state->out_stream,
1956
			(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1957
			& ~(unsigned int)ARGP_HELP_EXIT_OK);
1958
      case -3:			/* --usage */
1959
	argp_state_help(state, state->out_stream,
1960
			ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1961
      case 'V':			/* --version */
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1962
	fprintf_plus(state->out_stream, "%s\n", argp_program_version);
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1963
	exit(argp_err_exit_status);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1964
	break;
1965
      default:
1966
	return ARGP_ERR_UNKNOWN;
1967
      }
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1968
      return errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1969
    }
1970
    
1971
    struct argp argp = { .options = options, .parser = parse_opt,
1972
			 .args_doc = "",
1973
			 .doc = "Mandos client -- Get and decrypt"
1974
			 " passwords from a Mandos server" };
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1975
    ret = argp_parse(&argp, argc, argv,
1976
		     ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1977
    switch(ret){
1978
    case 0:
1979
      break;
1980
    case ENOMEM:
1981
    default:
1982
      errno = ret;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1983
      perror_plus("argp_parse");
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1984
      exitcode = EX_OSERR;
1985
      goto end;
1986
    case EINVAL:
1987
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1988
      goto end;
1989
    }
1990
  }
237.7.35 by Teddy Hogeborn
* initramfs-tools-script: Abort if plugin-runner is missing. Removed
1991
    
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1992
  {
237.7.35 by Teddy Hogeborn
* initramfs-tools-script: Abort if plugin-runner is missing. Removed
1993
    /* Work around Debian bug #633582:
1994
       <http://bugs.debian.org/633582> */
1995
    
1996
    /* Re-raise priviliges */
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1997
    if(raise_privileges() == 0){
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1998
      struct stat st;
1999
      
2000
      if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2001
	int seckey_fd = open(seckey, O_RDONLY);
2002
	if(seckey_fd == -1){
2003
	  perror_plus("open");
2004
	} else {
2005
	  ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2006
	  if(ret == -1){
2007
	    perror_plus("fstat");
2008
	  } else {
2009
	    if(S_ISREG(st.st_mode)
2010
	       and st.st_uid == 0 and st.st_gid == 0){
2011
	      ret = fchown(seckey_fd, uid, gid);
2012
	      if(ret == -1){
2013
		perror_plus("fchown");
2014
	      }
2015
	    }
2016
	  }
2017
	  TEMP_FAILURE_RETRY(close(seckey_fd));
2018
	}
2019
      }
2020
    
2021
      if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2022
	int pubkey_fd = open(pubkey, O_RDONLY);
2023
	if(pubkey_fd == -1){
2024
	  perror_plus("open");
2025
	} else {
2026
	  ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2027
	  if(ret == -1){
2028
	    perror_plus("fstat");
2029
	  } else {
2030
	    if(S_ISREG(st.st_mode)
2031
	       and st.st_uid == 0 and st.st_gid == 0){
2032
	      ret = fchown(pubkey_fd, uid, gid);
2033
	      if(ret == -1){
2034
		perror_plus("fchown");
2035
	      }
2036
	    }
2037
	  }
2038
	  TEMP_FAILURE_RETRY(close(pubkey_fd));
2039
	}
2040
      }
2041
    
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
2042
      /* Lower privileges */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2043
      lower_privileges();
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2044
    }
2045
  }
2046
  
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2047
  /* Remove invalid interface names (except "none") */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2048
  {
2049
    char *interface = NULL;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2050
    while((interface = argz_next(mc.interfaces, mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2051
				 interface))){
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2052
      if(strcmp(interface, "none") != 0
2053
	 and if_nametoindex(interface) == 0){
2054
	if(interface[0] != '\0'){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2055
	  fprintf_plus(stderr, "Not using nonexisting interface"
2056
		       " \"%s\"\n", interface);
2057
	}
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2058
	argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2059
	interface = NULL;
2060
      }
2061
    }
2062
  }
2063
  
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
2064
  /* Run network hooks */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2065
  {
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2066
    if(mc.interfaces != NULL){
2067
      interfaces_hooks = malloc(mc.interfaces_size);
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2068
      if(interfaces_hooks == NULL){
2069
	perror_plus("malloc");
2070
	goto end;
2071
      }
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2072
      memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
2073
      argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2074
    }
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2075
    if(not run_network_hooks("start", interfaces_hooks != NULL ?
2076
			     interfaces_hooks : "", delay)){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2077
      goto end;
2078
    }
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
2079
  }
2080
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2081
  if(not debug){
2082
    avahi_set_log_function(empty_log);
2083
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2084
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2085
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
2086
     from the signal handler */
2087
  /* Initialize the pseudo-RNG for Avahi */
2088
  srand((unsigned int) time(NULL));
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2089
  simple_poll = avahi_simple_poll_new();
2090
  if(simple_poll == NULL){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2091
    fprintf_plus(stderr,
2092
		 "Avahi: Failed to create simple poll object.\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2093
    exitcode = EX_UNAVAILABLE;
24.1.135 by Björn Påhlsson
Earlier signal handling
2094
    goto end;
2095
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
2096
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2097
  sigemptyset(&sigterm_action.sa_mask);
237.2.72 by Teddy Hogeborn
Merge from Björn:
2098
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2099
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2100
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2101
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
2102
    goto end;
2103
  }
2104
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2105
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2106
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2107
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
2108
    goto end;
2109
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
2110
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2111
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2112
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2113
    exitcode = EX_OSERR;
24.1.135 by Björn Påhlsson
Earlier signal handling
2114
    goto end;
2115
  }
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2116
  /* Need to check if the handler is SIG_IGN before handling:
2117
     | [[info:libc:Initial Signal Actions]] |
2118
     | [[info:libc:Basic Signal Handling]]  |
2119
  */
2120
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2121
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2122
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2123
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2124
  }
2125
  if(old_sigterm_action.sa_handler != SIG_IGN){
2126
    ret = sigaction(SIGINT, &sigterm_action, NULL);
2127
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2128
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2129
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2130
      goto end;
2131
    }
2132
  }
2133
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2134
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2135
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2136
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2137
  }
2138
  if(old_sigterm_action.sa_handler != SIG_IGN){
2139
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
2140
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2141
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2142
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2143
      goto end;
2144
    }
2145
  }
2146
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2147
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2148
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2149
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2150
  }
2151
  if(old_sigterm_action.sa_handler != SIG_IGN){
2152
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
2153
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2154
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2155
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2156
      goto end;
2157
    }
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2158
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2159
  
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2160
  /* If no interfaces were specified, make a list */
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2161
  if(mc.interfaces == NULL){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2162
    struct dirent **direntries;
2163
    /* Look for any good interfaces */
2164
    ret = scandir(sys_class_net, &direntries, good_interface,
2165
		  alphasort);
2166
    if(ret >= 1){
2167
      /* Add all found interfaces to interfaces list */
2168
      for(int i = 0; i < ret; ++i){
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2169
	ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2170
			     direntries[i]->d_name);
2171
	if(ret_errno != 0){
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
2172
	  errno = ret_errno;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2173
	  perror_plus("argz_add");
2174
	  continue;
2175
	}
2176
	if(debug){
2177
	  fprintf_plus(stderr, "Will use interface \"%s\"\n",
2178
		       direntries[i]->d_name);
2179
	}
2180
      }
2181
      free(direntries);
2182
    } else {
2183
      free(direntries);
2184
      fprintf_plus(stderr, "Could not find a network interface\n");
2185
      exitcode = EXIT_FAILURE;
2186
      goto end;
2187
    }
2188
  }
2189
  
237.7.153 by Teddy Hogeborn
* plugins.d/mandos-client.c: Comment changes
2190
  /* Bring up interfaces which are down, and remove any "none"s */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2191
  {
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2192
    char *interface = NULL;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2193
    while((interface = argz_next(mc.interfaces, mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2194
				 interface))){
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2195
      /* If interface name is "none", stop bringing up interfaces.
2196
	 Also remove all instances of "none" from the list */
2197
      if(strcmp(interface, "none") == 0){
2198
	argz_delete(&mc.interfaces, &mc.interfaces_size,
2199
		    interface);
2200
	interface = NULL;
2201
	while((interface = argz_next(mc.interfaces,
2202
				     mc.interfaces_size, interface))){
2203
	  if(strcmp(interface, "none") == 0){
2204
	    argz_delete(&mc.interfaces, &mc.interfaces_size,
2205
			interface);
2206
	    interface = NULL;
2207
	  }
2208
	}
2209
	break;
2210
      }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2211
      bool interface_was_up = interface_is_up(interface);
2212
      ret = bring_up_interface(interface, delay);
2213
      if(not interface_was_up){
2214
	if(ret != 0){
2215
	  errno = ret;
2216
	  perror_plus("Failed to bring up interface");
2217
	} else {
2218
	  ret_errno = argz_add(&interfaces_to_take_down,
2219
			       &interfaces_to_take_down_size,
2220
			       interface);
237.7.214 by Teddy Hogeborn
Bug fix: Free all memory and give better messages when memory is full.
2221
	  if(ret_errno != 0){
2222
	    errno = ret_errno;
2223
	    perror_plus("argz_add");
2224
	  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2225
	}
2226
      }
2227
    }
2228
    if(debug and (interfaces_to_take_down == NULL)){
2229
      fprintf_plus(stderr, "No interfaces were brought up\n");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2230
    }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2231
  }
2232
  
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2233
  /* If we only got one interface, explicitly use only that one */
2234
  if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2235
    if(debug){
2236
      fprintf_plus(stderr, "Using only interface \"%s\"\n",
2237
		   mc.interfaces);
2238
    }
2239
    if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2240
  }
2241
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2242
  if(quit_now){
2243
    goto end;
2244
  }
2245
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2246
  ret = init_gnutls_global(pubkey, seckey, &mc);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2247
  if(ret == -1){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2248
    fprintf_plus(stderr, "init_gnutls_global failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2249
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2250
    goto end;
2251
  } else {
2252
    gnutls_initialized = true;
2253
  }
2254
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2255
  if(quit_now){
2256
    goto end;
2257
  }
2258
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2259
  if(mkdtemp(tempdir) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2260
    perror_plus("mkdtemp");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2261
    goto end;
2262
  }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2263
  tempdir_created = true;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2264
  
2265
  if(quit_now){
2266
    goto end;
2267
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2268
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2269
  if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2270
    fprintf_plus(stderr, "init_gpgme failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2271
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2272
    goto end;
2273
  } else {
2274
    gpgme_initialized = true;
2275
  }
2276
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2277
  if(quit_now){
2278
    goto end;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2279
  }
2280
  
2281
  if(connect_to != NULL){
2282
    /* Connect directly, do not use Zeroconf */
2283
    /* (Mainly meant for debugging) */
2284
    char *address = strrchr(connect_to, ':');
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
2285
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2286
    if(address == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2287
      fprintf_plus(stderr, "No colon in address\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2288
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2289
      goto end;
2290
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2291
    
2292
    if(quit_now){
2293
      goto end;
2294
    }
2295
    
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2296
    in_port_t port;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
2297
    errno = 0;
2298
    tmpmax = strtoimax(address+1, &tmp, 10);
2299
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2300
       or tmpmax != (in_port_t)tmpmax){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2301
      fprintf_plus(stderr, "Bad port number\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2302
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2303
      goto end;
2304
    }
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2305
    
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2306
    if(quit_now){
2307
      goto end;
2308
    }
2309
    
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2310
    port = (in_port_t)tmpmax;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2311
    *address = '\0';
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2312
    /* Colon in address indicates IPv6 */
2313
    int af;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2314
    if(strchr(connect_to, ':') != NULL){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2315
      af = AF_INET6;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2316
      /* Accept [] around IPv6 address - see RFC 5952 */
2317
      if(connect_to[0] == '[' and address[-1] == ']')
2318
	{
2319
	  connect_to++;
2320
	  address[-1] = '\0';
2321
	}
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2322
    } else {
2323
      af = AF_INET;
2324
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2325
    address = connect_to;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2326
    
2327
    if(quit_now){
2328
      goto end;
2329
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2330
    
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2331
    while(not quit_now){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2332
      ret = start_mandos_communication(address, port, if_index, af,
2333
				       &mc);
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2334
      if(quit_now or ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2335
	break;
2336
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2337
      if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2338
	fprintf_plus(stderr, "Retrying in %d seconds\n",
2339
		     (int)retry_interval);
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2340
      }
237.7.168 by Teddy Hogeborn
* plugin-runner.c (main): Bug fix; do not ignore return value of
2341
      sleep((unsigned int)retry_interval);
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2342
    }
2343
    
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2344
    if (not quit_now){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2345
      exitcode = EXIT_SUCCESS;
2346
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2347
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2348
    goto end;
2349
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2350
  
2351
  if(quit_now){
2352
    goto end;
2353
  }
2354
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2355
  {
2356
    AvahiServerConfig config;
2357
    /* Do not publish any local Zeroconf records */
2358
    avahi_server_config_init(&config);
2359
    config.publish_hinfo = 0;
2360
    config.publish_addresses = 0;
2361
    config.publish_workstation = 0;
2362
    config.publish_domain = 0;
2363
    
2364
    /* Allocate a new server */
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2365
    mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2366
				 &config, NULL, NULL, &ret_errno);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2367
    
2368
    /* Free the Avahi configuration data */
2369
    avahi_server_config_free(&config);
2370
  }
2371
  
2372
  /* Check if creating the Avahi server object succeeded */
2373
  if(mc.server == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2374
    fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2375
		 avahi_strerror(ret_errno));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2376
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2377
    goto end;
2378
  }
2379
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2380
  if(quit_now){
2381
    goto end;
2382
  }
2383
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2384
  /* Create the Avahi service browser */
2385
  sb = avahi_s_service_browser_new(mc.server, if_index,
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
2386
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2387
				   NULL, 0, browse_callback,
2388
				   (void *)&mc);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2389
  if(sb == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2390
    fprintf_plus(stderr, "Failed to create service browser: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2391
		 avahi_strerror(avahi_server_errno(mc.server)));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2392
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2393
    goto end;
2394
  }
237.2.70 by Teddy Hogeborn
Merge from Björn:
2395
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2396
  if(quit_now){
2397
    goto end;
2398
  }
2399
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2400
  /* Run the main loop */
2401
  
2402
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2403
    fprintf_plus(stderr, "Starting Avahi loop search\n");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2404
  }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2405
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2406
  ret = avahi_loop_with_timeout(simple_poll,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2407
				(int)(retry_interval * 1000), &mc);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2408
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2409
    fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2410
		 (ret == 0) ? "successfully" : "with error");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2411
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2412
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
2413
 end:
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2414
  
2415
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2416
    fprintf_plus(stderr, "%s exiting\n", argv[0]);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2417
  }
2418
  
2419
  /* Cleanup things */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2420
  free(mc.interfaces);
2421
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2422
  if(sb != NULL)
2423
    avahi_s_service_browser_free(sb);
2424
  
2425
  if(mc.server != NULL)
2426
    avahi_server_free(mc.server);
2427
  
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2428
  if(simple_poll != NULL)
2429
    avahi_simple_poll_free(simple_poll);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2430
  
2431
  if(gnutls_initialized){
2432
    gnutls_certificate_free_credentials(mc.cred);
2433
    gnutls_global_deinit();
2434
    gnutls_dh_params_deinit(mc.dh_params);
2435
  }
2436
  
2437
  if(gpgme_initialized){
2438
    gpgme_release(mc.ctx);
2439
  }
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
2440
  
237.7.33 by Teddy Hogeborn
Merge from Björn.
2441
  /* Cleans up the circular linked list of Mandos servers the client
2442
     has seen */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2443
  if(mc.current_server != NULL){
2444
    mc.current_server->prev->next = NULL;
2445
    while(mc.current_server != NULL){
2446
      server *next = mc.current_server->next;
2447
      free(mc.current_server);
2448
      mc.current_server = next;
2449
    }
2450
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2451
  
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
2452
  /* Re-raise priviliges */
2453
  {
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
2454
    raise_privileges();
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
2455
    
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2456
    /* Run network hooks */
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2457
    run_network_hooks("stop", interfaces_hooks != NULL ?
2458
		      interfaces_hooks : "", delay);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2459
    
2460
    /* Take down the network interfaces which were brought up */
2461
    {
2462
      char *interface = NULL;
2463
      while((interface=argz_next(interfaces_to_take_down,
2464
				 interfaces_to_take_down_size,
2465
				 interface))){
2466
	ret_errno = take_down_interface(interface);
2467
	if(ret_errno != 0){
2468
	  errno = ret_errno;
2469
	  perror_plus("Failed to take down interface");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2470
	}
2471
      }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2472
      if(debug and (interfaces_to_take_down == NULL)){
2473
	fprintf_plus(stderr, "No interfaces needed to be taken"
2474
		     " down\n");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2475
      }
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
2476
    }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2477
    
2478
    lower_privileges_permanently();
2479
  }
2480
  
2481
  free(interfaces_to_take_down);
2482
  free(interfaces_hooks);
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
2483
  
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2484
  /* Removes the GPGME temp directory and all files inside */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2485
  if(tempdir_created){
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2486
    struct dirent **direntries = NULL;
2487
    struct dirent *direntry = NULL;
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2488
    int numentries = scandir(tempdir, &direntries, notdotentries,
2489
			     alphasort);
2490
    if (numentries > 0){
2491
      for(int i = 0; i < numentries; i++){
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2492
	direntry = direntries[i];
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2493
	char *fullname = NULL;
2494
	ret = asprintf(&fullname, "%s/%s", tempdir,
2495
		       direntry->d_name);
2496
	if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2497
	  perror_plus("asprintf");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2498
	  continue;
2499
	}
2500
	ret = remove(fullname);
2501
	if(ret == -1){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2502
	  fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2503
		       strerror(errno));
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2504
	}
2505
	free(fullname);
2506
      }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2507
    }
2508
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2509
    /* need to clean even if 0 because man page doesn't specify */
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2510
    free(direntries);
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2511
    if (numentries == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2512
      perror_plus("scandir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2513
    }
2514
    ret = rmdir(tempdir);
2515
    if(ret == -1 and errno != ENOENT){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2516
      perror_plus("rmdir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2517
    }
2518
  }
2519
  
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2520
  if(quit_now){
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2521
    sigemptyset(&old_sigterm_action.sa_mask);
2522
    old_sigterm_action.sa_handler = SIG_DFL;
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2523
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
2524
					    &old_sigterm_action,
2525
					    NULL));
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2526
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2527
      perror_plus("sigaction");
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2528
    }
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2529
    do {
2530
      ret = raise(signal_received);
2531
    } while(ret != 0 and errno == EINTR);
2532
    if(ret != 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2533
      perror_plus("raise");
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2534
      abort();
2535
    }
2536
    TEMP_FAILURE_RETRY(pause());
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2537
  }
2538
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2539
  return exitcode;
13 by Björn Påhlsson
Added following support:
2540
}