/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
237.2.24 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
237.7.14 by Teddy Hogeborn
Update copyright year to "2011" wherever appropriate.
12
 * Copyright © 2008-2011 Teddy Hogeborn
13
 * Copyright © 2008-2011 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
29
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
24.1.26 by Björn Påhlsson
tally count of used symbols
44
#include <stdint.h> 		/* uint16_t, uint32_t */
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, srand(),
47
				   strtof(), abort() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
56
#include <sys/stat.h>		/* open() */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
58
				   inet_pton(), connect() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
59
#include <fcntl.h>		/* open() */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
60
#include <dirent.h>		/* opendir(), struct dirent, readdir()
61
				 */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
62
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
63
				   strtoimax() */
24.1.29 by Björn Påhlsson
Added more header file comments
64
#include <assert.h>		/* assert() */
237.7.33 by Teddy Hogeborn
Merge from Björn.
65
#include <errno.h>		/* perror(), errno,
66
				   program_invocation_short_name */
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
67
#include <time.h>		/* nanosleep(), time(), sleep() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
68
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
69
				   SIOCSIFFLAGS, if_indextoname(),
70
				   if_nametoindex(), IF_NAMESIZE */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
71
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
72
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
74
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
75
				   getuid(), getgid(), seteuid(),
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
76
				   setgid(), pause() */
237.7.32 by Teddy Hogeborn
* Makefile (plugins.d/mandos-client): Bug fix: Put $^ before all
77
#include <arpa/inet.h>		/* inet_pton(), htons, inet_ntop() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
78
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
79
#include <argp.h>		/* struct argp_option, error_t, struct
80
				   argp_state, struct argp,
81
				   argp_parse(), ARGP_KEY_ARG,
82
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
237.2.70 by Teddy Hogeborn
Merge from Björn:
83
#include <signal.h>		/* sigemptyset(), sigaddset(),
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
84
				   sigaction(), SIGTERM, sig_atomic_t,
85
				   raise() */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
86
#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
87
				   EX_NOHOST, EX_IOERR, EX_PROTOCOL */
237.2.70 by Teddy Hogeborn
Merge from Björn:
88
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
89
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
90
#include <sys/klog.h> 		/* klogctl() */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
91
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
92
93
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
94
/* All Avahi types, constants and functions
95
 Avahi*, avahi_*,
96
 AVAHI_* */
97
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
98
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
99
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
100
#include <avahi-common/simple-watch.h>
101
#include <avahi-common/malloc.h>
102
#include <avahi-common/error.h>
103
104
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
105
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
106
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
107
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
108
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
109
				   GNUTLS_* */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
110
#include <gnutls/openpgp.h>
111
			  /* gnutls_certificate_set_openpgp_key_file(),
24.1.29 by Björn Påhlsson
Added more header file comments
112
				   GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
113
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
114
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
115
#include <gpgme.h> 		/* All GPGME types, constants and
116
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
117
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
118
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
119
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
120
121
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
122
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
123
#define PATHDIR "/conf/conf.d/mandos"
124
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
125
#define PUBKEY "pubkey.txt"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
126
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
127
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
128
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
129
const char *argp_program_version = "mandos-client " VERSION;
24.1.14 by Björn Påhlsson
mandosclient
130
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
131
static const char sys_class_net[] = "/sys/class/net";
132
char *connect_to = NULL;
24.1.10 by Björn Påhlsson
merge commit
133
237.7.33 by Teddy Hogeborn
Merge from Björn.
134
/* Doubly linked list that need to be circularly linked when used */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
135
typedef struct server{
136
  const char *ip;
137
  uint16_t port;
138
  AvahiIfIndex if_index;
139
  int af;
140
  struct timespec last_seen;
141
  struct server *next;
142
  struct server *prev;
143
} server;
144
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
145
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
146
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
147
  AvahiSimplePoll *simple_poll;
148
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
149
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
150
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
151
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
152
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
153
  gpgme_ctx_t ctx;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
154
  server *current_server;
24.1.9 by Björn Påhlsson
not working midwork...
155
} mandos_context;
13 by Björn Påhlsson
Added following support:
156
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
157
/* global context so signal handler can reach it*/
24.1.135 by Björn Påhlsson
Earlier signal handling
158
mandos_context mc = { .simple_poll = NULL, .server = NULL,
159
		      .dh_bits = 1024, .priority = "SECURE256"
237.7.33 by Teddy Hogeborn
Merge from Björn.
160
		      ":!CTYPE-X.509:+CTYPE-OPENPGP",
161
		      .current_server = NULL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
162
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
163
sig_atomic_t quit_now = 0;
164
int signal_received = 0;
165
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
166
/* Function to use when printing errors */
167
void perror_plus(const char *print_text){
237.7.33 by Teddy Hogeborn
Merge from Björn.
168
  fprintf(stderr, "Mandos plugin %s: ",
169
	  program_invocation_short_name);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
170
  perror(print_text);
171
}
172
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
173
/*
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
174
 * Make additional room in "buffer" for at least BUFFER_SIZE more
175
 * bytes. "buffer_capacity" is how much is currently allocated,
176
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
177
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
178
size_t incbuffer(char **buffer, size_t buffer_length,
24.1.10 by Björn Påhlsson
merge commit
179
		  size_t buffer_capacity){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
180
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
181
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
182
    if(buffer == NULL){
24.1.10 by Björn Påhlsson
merge commit
183
      return 0;
184
    }
185
    buffer_capacity += BUFFER_SIZE;
186
  }
187
  return buffer_capacity;
188
}
189
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
190
/* Add server to set of servers to retry periodically */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
191
int add_server(const char *ip, uint16_t port,
192
		 AvahiIfIndex if_index,
193
		 int af){
194
  int ret;
195
  server *new_server = malloc(sizeof(server));
196
  if(new_server == NULL){
197
    perror_plus("malloc");
198
    return -1;
199
  }
200
  *new_server = (server){ .ip = strdup(ip),
201
			 .port = port,
202
			 .if_index = if_index,
203
			 .af = af };
204
  if(new_server->ip == NULL){
205
    perror_plus("strdup");
237.7.33 by Teddy Hogeborn
Merge from Björn.
206
    return -1;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
207
  }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
208
  /* Special case of first server */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
209
  if (mc.current_server == NULL){
210
    new_server->next = new_server;
211
    new_server->prev = new_server;
212
    mc.current_server = new_server;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
213
  /* Place the new server last in the list */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
214
  } else {
215
    new_server->next = mc.current_server;
216
    new_server->prev = mc.current_server->prev;
217
    new_server->prev->next = new_server;
218
    mc.current_server->prev = new_server;
219
  }
220
  ret = clock_gettime(CLOCK_MONOTONIC, &mc.current_server->last_seen);
221
  if(ret == -1){
222
    perror_plus("clock_gettime");
223
    return -1;
224
  }
225
  return 0;
226
}
227
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
228
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
229
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
230
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
231
static bool init_gpgme(const char *seckey,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
232
		       const char *pubkey, const char *tempdir){
13 by Björn Påhlsson
Added following support:
233
  gpgme_error_t rc;
234
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
235
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
236
  
237
  /*
237.2.51 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
238
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
239
   */
240
  bool import_key(const char *filename){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
241
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
242
    int fd;
243
    gpgme_data_t pgp_data;
244
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
245
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
246
    if(fd == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
247
      perror_plus("open");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
248
      return false;
249
    }
250
    
251
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
252
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
253
      fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
254
	      gpgme_strsource(rc), gpgme_strerror(rc));
255
      return false;
256
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
257
    
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
258
    rc = gpgme_op_import(mc.ctx, pgp_data);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
259
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
260
      fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
261
	      gpgme_strsource(rc), gpgme_strerror(rc));
262
      return false;
263
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
264
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
265
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
266
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
267
      perror_plus("close");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
268
    }
269
    gpgme_data_release(pgp_data);
270
    return true;
271
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
272
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
273
  if(debug){
237.2.70 by Teddy Hogeborn
Merge from Björn:
274
    fprintf(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
275
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
276
  
13 by Björn Påhlsson
Added following support:
277
  /* Init GPGME */
278
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
279
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
280
  if(rc != GPG_ERR_NO_ERROR){
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
281
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
282
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
283
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
284
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
285
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
286
    /* Set GPGME home directory for the OpenPGP engine only */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
287
  rc = gpgme_get_engine_info(&engine_info);
288
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
289
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
290
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
291
    return false;
13 by Björn Påhlsson
Added following support:
292
  }
293
  while(engine_info != NULL){
294
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
295
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
296
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
297
      break;
298
    }
299
    engine_info = engine_info->next;
300
  }
301
  if(engine_info == NULL){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
302
    fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
303
    return false;
304
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
305
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
306
  /* Create new GPGME "context" */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
307
  rc = gpgme_new(&(mc.ctx));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
308
  if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
309
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
310
	    gpgme_strsource(rc), gpgme_strerror(rc));
311
    return false;
312
  }
313
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
314
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
315
    return false;
316
  }
317
  
237.2.118 by Teddy Hogeborn
* mandos: White-space fixes only.
318
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
319
}
320
321
/* 
322
 * Decrypt OpenPGP data.
323
 * Returns -1 on error
324
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
325
static ssize_t pgp_packet_decrypt(const char *cryptotext,
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
326
				  size_t crypto_size,
327
				  char **plaintext){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
328
  gpgme_data_t dh_crypto, dh_plain;
329
  gpgme_error_t rc;
330
  ssize_t ret;
331
  size_t plaintext_capacity = 0;
332
  ssize_t plaintext_length = 0;
333
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
334
  if(debug){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
335
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
336
  }
337
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
338
  /* Create new GPGME data buffer from memory cryptotext */
339
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
340
			       0);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
341
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
342
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
343
	    gpgme_strsource(rc), gpgme_strerror(rc));
344
    return -1;
345
  }
346
  
347
  /* Create new empty GPGME data buffer for the plaintext */
348
  rc = gpgme_data_new(&dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
349
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
350
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
351
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
352
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
353
    return -1;
354
  }
355
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
356
  /* Decrypt data from the cryptotext data buffer to the plaintext
357
     data buffer */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
358
  rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
359
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
360
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
361
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
362
    plaintext_length = -1;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
363
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
364
      gpgme_decrypt_result_t result;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
365
      result = gpgme_op_decrypt_result(mc.ctx);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
366
      if(result == NULL){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
367
	fprintf(stderr, "gpgme_op_decrypt_result failed\n");
368
      } else {
369
	fprintf(stderr, "Unsupported algorithm: %s\n",
370
		result->unsupported_algorithm);
371
	fprintf(stderr, "Wrong key usage: %u\n",
372
		result->wrong_key_usage);
373
	if(result->file_name != NULL){
374
	  fprintf(stderr, "File name: %s\n", result->file_name);
375
	}
376
	gpgme_recipient_t recipient;
377
	recipient = result->recipients;
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
378
	while(recipient != NULL){
379
	  fprintf(stderr, "Public key algorithm: %s\n",
380
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
381
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
382
	  fprintf(stderr, "Secret key available: %s\n",
383
		  recipient->status == GPG_ERR_NO_SECKEY
384
		  ? "No" : "Yes");
385
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
386
	}
387
      }
388
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
389
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
390
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
391
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
392
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
393
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
394
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
395
  
13 by Björn Påhlsson
Added following support:
396
  /* Seek back to the beginning of the GPGME plaintext data buffer */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
397
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
398
    perror_plus("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
399
    plaintext_length = -1;
400
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
401
  }
402
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
403
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
404
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
405
    plaintext_capacity = incbuffer(plaintext,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
406
				      (size_t)plaintext_length,
24.1.12 by Björn Påhlsson
merge +
407
				      plaintext_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
408
    if(plaintext_capacity == 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
409
	perror_plus("incbuffer");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
410
	plaintext_length = -1;
411
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
412
    }
413
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
414
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
415
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
416
    /* Print the data, if any */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
417
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
418
      /* EOF */
13 by Björn Påhlsson
Added following support:
419
      break;
420
    }
421
    if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
422
      perror_plus("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
423
      plaintext_length = -1;
424
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
425
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
426
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
427
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
428
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
429
  if(debug){
430
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
431
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
432
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
433
    }
434
    fprintf(stderr, "\n");
435
  }
436
  
437
 decrypt_end:
438
  
439
  /* Delete the GPGME cryptotext data buffer */
440
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
441
  
442
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
443
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
444
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
445
}
446
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
447
static const char * safer_gnutls_strerror(int value){
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
448
  const char *ret = gnutls_strerror(value); /* Spurious warning from
449
					       -Wunreachable-code */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
450
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
451
    ret = "(unknown)";
452
  return ret;
453
}
454
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
455
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
456
static void debuggnutls(__attribute__((unused)) int level,
457
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
458
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
459
}
460
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
461
static int init_gnutls_global(const char *pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
462
			      const char *seckeyfilename){
13 by Björn Påhlsson
Added following support:
463
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
464
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
465
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
466
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
467
  }
24.1.29 by Björn Påhlsson
Added more header file comments
468
  
469
  ret = gnutls_global_init();
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
470
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
471
    fprintf(stderr, "GnuTLS global_init: %s\n",
472
	    safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
473
    return -1;
474
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
475
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
476
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
477
    /* "Use a log level over 10 to enable all debugging options."
478
     * - GnuTLS manual
479
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
480
    gnutls_global_set_log_level(11);
481
    gnutls_global_set_log_function(debuggnutls);
482
  }
483
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
484
  /* OpenPGP credentials */
237.7.32 by Teddy Hogeborn
* Makefile (plugins.d/mandos-client): Bug fix: Put $^ before all
485
  ret = gnutls_certificate_allocate_credentials(&mc.cred);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
486
  if(ret != GNUTLS_E_SUCCESS){
237.7.32 by Teddy Hogeborn
* Makefile (plugins.d/mandos-client): Bug fix: Put $^ before all
487
    fprintf(stderr, "GnuTLS memory error: %s\n",
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
488
	    safer_gnutls_strerror(ret));
489
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
490
    return -1;
491
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
492
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
493
  if(debug){
147 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Improved wording
494
    fprintf(stderr, "Attempting to use OpenPGP public key %s and"
495
	    " secret key %s as GnuTLS credentials\n", pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
496
	    seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
497
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
498
  
13 by Björn Påhlsson
Added following support:
499
  ret = gnutls_certificate_set_openpgp_key_file
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
500
    (mc.cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
501
     GNUTLS_OPENPGP_FMT_BASE64);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
502
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
503
    fprintf(stderr,
504
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
505
	    " '%s')\n", ret, pubkeyfilename, seckeyfilename);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
506
    fprintf(stderr, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
507
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
508
    goto globalfail;
13 by Björn Påhlsson
Added following support:
509
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
510
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
511
  /* GnuTLS server initialization */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
512
  ret = gnutls_dh_params_init(&mc.dh_params);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
513
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
514
    fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
515
	    " %s\n", safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
516
    goto globalfail;
13 by Björn Påhlsson
Added following support:
517
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
518
  ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
519
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
520
    fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
521
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
522
    goto globalfail;
13 by Björn Påhlsson
Added following support:
523
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
524
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
525
  gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
526
  
24.1.13 by Björn Påhlsson
mandosclient
527
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
528
  
24.1.20 by Björn Påhlsson
mandosclient
529
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
530
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
531
  gnutls_certificate_free_credentials(mc.cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
532
  gnutls_global_deinit();
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
533
  gnutls_dh_params_deinit(mc.dh_params);
24.1.20 by Björn Påhlsson
mandosclient
534
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
535
}
536
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
537
static int init_gnutls_session(gnutls_session_t *session){
24.1.13 by Björn Påhlsson
mandosclient
538
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
539
  /* GnuTLS session creation */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
540
  do {
541
    ret = gnutls_init(session, GNUTLS_SERVER);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
542
    if(quit_now){
543
      return -1;
544
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
545
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
546
  if(ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
547
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
548
	    safer_gnutls_strerror(ret));
549
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
550
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
551
  {
552
    const char *err;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
553
    do {
554
      ret = gnutls_priority_set_direct(*session, mc.priority, &err);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
555
      if(quit_now){
556
	gnutls_deinit(*session);
557
	return -1;
558
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
559
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
560
    if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
561
      fprintf(stderr, "Syntax error at: %s\n", err);
562
      fprintf(stderr, "GnuTLS error: %s\n",
563
	      safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
564
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
565
      return -1;
566
    }
13 by Björn Påhlsson
Added following support:
567
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
568
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
569
  do {
570
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
571
				 mc.cred);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
572
    if(quit_now){
573
      gnutls_deinit(*session);
574
      return -1;
575
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
576
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
577
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
578
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
579
	    safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
580
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
581
    return -1;
582
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
583
  
13 by Björn Påhlsson
Added following support:
584
  /* ignore client certificate if any. */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
585
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
586
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
587
  gnutls_dh_set_prime_bits(*session, mc.dh_bits);
13 by Björn Påhlsson
Added following support:
588
  
589
  return 0;
590
}
591
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
592
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
593
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
594
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
595
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
596
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
597
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
598
				      AvahiIfIndex if_index,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
599
				      int af){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
600
  int ret, tcp_sd = -1;
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
601
  ssize_t sret;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
602
  union {
603
    struct sockaddr_in in;
604
    struct sockaddr_in6 in6;
605
  } to;
13 by Björn Påhlsson
Added following support:
606
  char *buffer = NULL;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
607
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
608
  size_t buffer_length = 0;
609
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
610
  size_t written;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
611
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
612
  gnutls_session_t session;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
613
  int pf;			/* Protocol family */
614
  
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
615
  errno = 0;
616
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
617
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
618
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
619
    return -1;
620
  }
621
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
622
  switch(af){
623
  case AF_INET6:
624
    pf = PF_INET6;
625
    break;
626
  case AF_INET:
627
    pf = PF_INET;
628
    break;
629
  default:
630
    fprintf(stderr, "Bad address family: %d\n", af);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
631
    errno = EINVAL;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
632
    return -1;
633
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
634
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
635
  ret = init_gnutls_session(&session);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
636
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
637
    return -1;
638
  }
639
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
640
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
641
    fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
642
	    "\n", ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
643
  }
13 by Björn Påhlsson
Added following support:
644
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
645
  tcp_sd = socket(pf, SOCK_STREAM, 0);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
646
  if(tcp_sd < 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
647
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
648
    perror_plus("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
649
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
650
    goto mandos_end;
651
  }
652
  
653
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
654
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
655
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
656
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
657
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
658
  memset(&to, 0, sizeof(to));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
659
  if(af == AF_INET6){
237.2.88 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): "sin6_family"
660
    to.in6.sin6_family = (sa_family_t)af;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
661
    ret = inet_pton(af, ip, &to.in6.sin6_addr);
662
  } else {			/* IPv4 */
663
    to.in.sin_family = (sa_family_t)af;
664
    ret = inet_pton(af, ip, &to.in.sin_addr);
665
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
666
  if(ret < 0 ){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
667
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
668
    perror_plus("inet_pton");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
669
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
670
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
671
  }
13 by Björn Påhlsson
Added following support:
672
  if(ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
673
    int e = errno;
13 by Björn Påhlsson
Added following support:
674
    fprintf(stderr, "Bad address: %s\n", ip);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
675
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
676
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
677
  }
237.2.67 by Teddy Hogeborn
Four new interrelated features:
678
  if(af == AF_INET6){
679
    to.in6.sin6_port = htons(port); /* Spurious warnings from
680
				       -Wconversion and
681
				       -Wunreachable-code */
682
    
683
    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
684
       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
685
			      -Wunreachable-code*/
686
      if(if_index == AVAHI_IF_UNSPEC){
687
	fprintf(stderr, "An IPv6 link-local address is incomplete"
688
		" without a network interface\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
689
	errno = EINVAL;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
690
	goto mandos_end;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
691
      }
692
      /* Set the network interface number as scope */
693
      to.in6.sin6_scope_id = (uint32_t)if_index;
694
    }
695
  } else {
696
    to.in.sin_port = htons(port); /* Spurious warnings from
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
697
				     -Wconversion and
698
				     -Wunreachable-code */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
699
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
700
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
701
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
702
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
703
    goto mandos_end;
704
  }
705
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
706
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
707
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
708
      char interface[IF_NAMESIZE];
709
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
710
	perror_plus("if_indextoname");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
711
      } else {
712
	fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
713
		ip, interface, port);
714
      }
715
    } else {
716
      fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
717
	      port);
718
    }
719
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
720
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
721
    const char *pcret;
722
    if(af == AF_INET6){
723
      pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
724
			sizeof(addrstr));
725
    } else {
726
      pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
727
			sizeof(addrstr));
728
    }
729
    if(pcret == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
730
      perror_plus("inet_ntop");
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
731
    } else {
732
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
733
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
734
      }
735
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
736
  }
13 by Björn Påhlsson
Added following support:
737
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
738
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
739
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
740
    goto mandos_end;
741
  }
742
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
743
  if(af == AF_INET6){
744
    ret = connect(tcp_sd, &to.in6, sizeof(to));
745
  } else {
746
    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
747
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
748
  if(ret < 0){
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
749
    if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
750
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
751
      perror_plus("connect");
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
752
      errno = e;
753
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
754
    goto mandos_end;
755
  }
756
  
757
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
758
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
759
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
760
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
761
  
24.1.12 by Björn Påhlsson
merge +
762
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
763
  written = 0;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
764
  while(true){
24.1.10 by Björn Påhlsson
merge commit
765
    size_t out_size = strlen(out);
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
766
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
24.1.10 by Björn Påhlsson
merge commit
767
				   out_size - written));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
768
    if(ret == -1){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
769
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
770
      perror_plus("write");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
771
      errno = e;
24.1.12 by Björn Påhlsson
merge +
772
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
773
    }
24.1.12 by Björn Påhlsson
merge +
774
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
775
    if(written < out_size){
776
      continue;
777
    } else {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
778
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
779
	written = 0;
780
	out = "\r\n";
781
      } else {
782
	break;
783
      }
784
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
785
  
786
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
787
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
788
      goto mandos_end;
789
    }
24.1.10 by Björn Påhlsson
merge commit
790
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
791
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
792
  if(debug){
793
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
794
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
795
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
796
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
797
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
798
    goto mandos_end;
799
  }
800
  
237.7.33 by Teddy Hogeborn
Merge from Björn.
801
  /* Spurious warning from -Wint-to-pointer-cast */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
802
  gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
803
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
804
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
805
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
806
    goto mandos_end;
807
  }
808
  
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
809
  do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
810
    ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
811
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
812
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
813
      goto mandos_end;
814
    }
24.1.29 by Björn Påhlsson
Added more header file comments
815
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
816
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
817
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
818
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
819
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
820
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
821
    }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
822
    errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
823
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
824
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
825
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
826
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
827
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
828
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
829
    fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
830
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
831
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
832
  
13 by Björn Påhlsson
Added following support:
833
  while(true){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
834
    
835
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
836
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
837
      goto mandos_end;
838
    }
839
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
840
    buffer_capacity = incbuffer(&buffer, buffer_length,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
841
				   buffer_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
842
    if(buffer_capacity == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
843
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
844
      perror_plus("incbuffer");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
845
      errno = e;
24.1.12 by Björn Påhlsson
merge +
846
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
847
    }
848
    
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
849
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
850
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
851
      goto mandos_end;
852
    }
853
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
854
    sret = gnutls_record_recv(session, buffer+buffer_length,
855
			      BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
856
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
857
      break;
858
    }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
859
    if(sret < 0){
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
860
      switch(sret){
13 by Björn Påhlsson
Added following support:
861
      case GNUTLS_E_INTERRUPTED:
862
      case GNUTLS_E_AGAIN:
863
	break;
864
      case GNUTLS_E_REHANDSHAKE:
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
865
	do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
866
	  ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
867
	  
868
	  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
869
	    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
870
	    goto mandos_end;
871
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
872
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
873
	if(ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
874
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
875
	  gnutls_perror(ret);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
876
	  errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
877
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
878
	}
879
	break;
880
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
881
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
882
		" encrypted session with Mandos server\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
883
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
884
	errno = EIO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
885
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
886
      }
887
    } else {
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
888
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
889
    }
890
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
891
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
892
  if(debug){
893
    fprintf(stderr, "Closing TLS session\n");
894
  }
895
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
896
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
897
    errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
898
    goto mandos_end;
899
  }
900
  
901
  do {
902
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
903
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
904
      errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
905
      goto mandos_end;
906
    }
907
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
908
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
909
  if(buffer_length > 0){
237.2.125 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
910
    ssize_t decrypted_buffer_size;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
911
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
912
					       buffer_length,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
913
					       &decrypted_buffer);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
914
    if(decrypted_buffer_size >= 0){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
915
      
24.1.10 by Björn Påhlsson
merge commit
916
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
917
      while(written < (size_t) decrypted_buffer_size){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
918
	if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
919
	  errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
920
	  goto mandos_end;
921
	}
922
	
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
923
	ret = (int)fwrite(decrypted_buffer + written, 1,
924
			  (size_t)decrypted_buffer_size - written,
925
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
926
	if(ret == 0 and ferror(stdout)){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
927
	  int e = errno;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
928
	  if(debug){
929
	    fprintf(stderr, "Error writing encrypted data: %s\n",
930
		    strerror(errno));
931
	  }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
932
	  errno = e;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
933
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
934
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
935
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
936
      }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
937
      retval = 0;
13 by Björn Påhlsson
Added following support:
938
    }
939
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
940
  
941
  /* Shutdown procedure */
942
  
943
 mandos_end:
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
944
  {
945
    int e = errno;
946
    free(decrypted_buffer);
947
    free(buffer);
948
    if(tcp_sd >= 0){
949
      ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
950
    }
951
    if(ret == -1){
952
      if(e == 0){
953
	e = errno;
954
      }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
955
      perror_plus("close");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
956
    }
957
    gnutls_deinit(session);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
958
    errno = e;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
959
    if(quit_now){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
960
      errno = EINTR;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
961
      retval = -1;
962
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
963
  }
13 by Björn Påhlsson
Added following support:
964
  return retval;
965
}
966
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
967
static void resolve_callback(AvahiSServiceResolver *r,
968
			     AvahiIfIndex interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
969
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
970
			     AvahiResolverEvent event,
971
			     const char *name,
972
			     const char *type,
973
			     const char *domain,
974
			     const char *host_name,
975
			     const AvahiAddress *address,
976
			     uint16_t port,
977
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
978
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
979
			     flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
980
			     AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
981
  assert(r);
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
982
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
983
  /* Called whenever a service has been resolved successfully or
984
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
985
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
986
  if(quit_now){
987
    return;
988
  }
989
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
990
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
991
  default:
992
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
993
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
994
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
995
	    avahi_strerror(avahi_server_errno(mc.server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
996
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
997
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
998
  case AVAHI_RESOLVER_FOUND:
999
    {
1000
      char ip[AVAHI_ADDRESS_STR_MAX];
1001
      avahi_address_snprint(ip, sizeof(ip), address);
1002
      if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
1003
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
237.2.31 by Teddy Hogeborn
Fixes for sscanf usage:
1004
		PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
1005
		ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1006
      }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1007
      int ret = start_mandos_communication(ip, port, interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1008
					   avahi_proto_to_af(proto));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
1009
      if(ret == 0){
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1010
	avahi_simple_poll_quit(mc.simple_poll);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1011
      } else {
1012
	ret = add_server(ip, port, interface,
1013
			 avahi_proto_to_af(proto));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1014
      }
13 by Björn Påhlsson
Added following support:
1015
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1016
  }
1017
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
1018
}
1019
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1020
static void browse_callback(AvahiSServiceBrowser *b,
1021
			    AvahiIfIndex interface,
1022
			    AvahiProtocol protocol,
1023
			    AvahiBrowserEvent event,
1024
			    const char *name,
1025
			    const char *type,
1026
			    const char *domain,
1027
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
1028
			    flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
1029
			    AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
1030
  assert(b);
24.1.9 by Björn Påhlsson
not working midwork...
1031
  
1032
  /* Called whenever a new services becomes available on the LAN or
1033
     is removed from the LAN */
1034
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
1035
  if(quit_now){
1036
    return;
1037
  }
1038
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1039
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
1040
  default:
1041
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1042
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1043
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1044
	    avahi_strerror(avahi_server_errno(mc.server)));
1045
    avahi_simple_poll_quit(mc.simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
1046
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1047
    
24.1.9 by Björn Påhlsson
not working midwork...
1048
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1049
    /* We ignore the returned Avahi resolver object. In the callback
1050
       function we free it. If the Avahi server is terminated before
1051
       the callback function is called the Avahi server will free the
1052
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1053
    
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
1054
    if(avahi_s_service_resolver_new(mc.server, interface, protocol,
1055
				    name, type, domain, protocol, 0,
1056
				    resolve_callback, NULL) == NULL)
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1057
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1058
	      name, avahi_strerror(avahi_server_errno(mc.server)));
24.1.9 by Björn Påhlsson
not working midwork...
1059
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1060
    
24.1.9 by Björn Påhlsson
not working midwork...
1061
  case AVAHI_BROWSER_REMOVE:
1062
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1063
    
24.1.9 by Björn Påhlsson
not working midwork...
1064
  case AVAHI_BROWSER_ALL_FOR_NOW:
1065
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1066
    if(debug){
1067
      fprintf(stderr, "No Mandos server found, still searching...\n");
1068
    }
24.1.9 by Björn Påhlsson
not working midwork...
1069
    break;
1070
  }
13 by Björn Påhlsson
Added following support:
1071
}
1072
237.7.33 by Teddy Hogeborn
Merge from Björn.
1073
/* Signal handler that stops main loop after SIGTERM */
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1074
static void handle_sigterm(int sig){
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1075
  if(quit_now){
1076
    return;
1077
  }
1078
  quit_now = 1;
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1079
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1080
  int old_errno = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1081
  /* set main loop to exit */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1082
  if(mc.simple_poll != NULL){
1083
    avahi_simple_poll_quit(mc.simple_poll);
1084
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1085
  errno = old_errno;
1086
}
1087
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1088
/* 
1089
 * This function determines if a directory entry in /sys/class/net
1090
 * corresponds to an acceptable network device.
1091
 * (This function is passed to scandir(3) as a filter function.)
1092
 */
1093
int good_interface(const struct dirent *if_entry){
1094
  ssize_t ssret;
1095
  char *flagname = NULL;
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1096
  if(if_entry->d_name[0] == '.'){
1097
    return 0;
1098
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1099
  int ret = asprintf(&flagname, "%s/%s/flags", sys_class_net,
1100
		     if_entry->d_name);
1101
  if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1102
    perror_plus("asprintf");
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1103
    return 0;
1104
  }
1105
  int flags_fd = (int)TEMP_FAILURE_RETRY(open(flagname, O_RDONLY));
1106
  if(flags_fd == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1107
    perror_plus("open");
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1108
    free(flagname);
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1109
    return 0;
1110
  }
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1111
  free(flagname);
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1112
  typedef short ifreq_flags;	/* ifreq.ifr_flags in netdevice(7) */
1113
  /* read line from flags_fd */
237.7.32 by Teddy Hogeborn
* Makefile (plugins.d/mandos-client): Bug fix: Put $^ before all
1114
  ssize_t to_read = 2+(sizeof(ifreq_flags)*2)+1; /* "0x1003\n" */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1115
  char *flagstring = malloc((size_t)to_read+1); /* +1 for final \0 */
1116
  flagstring[(size_t)to_read] = '\0';
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1117
  if(flagstring == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1118
    perror_plus("malloc");
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1119
    close(flags_fd);
1120
    return 0;
1121
  }
1122
  while(to_read > 0){
1123
    ssret = (ssize_t)TEMP_FAILURE_RETRY(read(flags_fd, flagstring,
1124
					     (size_t)to_read));
1125
    if(ssret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1126
      perror_plus("read");
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1127
      free(flagstring);
1128
      close(flags_fd);
1129
      return 0;
1130
    }
1131
    to_read -= ssret;
1132
    if(ssret == 0){
1133
      break;
1134
    }
1135
  }
1136
  close(flags_fd);
1137
  intmax_t tmpmax;
1138
  char *tmp;
1139
  errno = 0;
1140
  tmpmax = strtoimax(flagstring, &tmp, 0);
1141
  if(errno != 0 or tmp == flagstring or (*tmp != '\0'
1142
					 and not (isspace(*tmp)))
1143
     or tmpmax != (ifreq_flags)tmpmax){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1144
    if(debug){
1145
      fprintf(stderr, "Invalid flags \"%s\" for interface \"%s\"\n",
1146
	      flagstring, if_entry->d_name);
1147
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1148
    free(flagstring);
1149
    return 0;
1150
  }
1151
  free(flagstring);
1152
  ifreq_flags flags = (ifreq_flags)tmpmax;
1153
  /* Reject the loopback device */
1154
  if(flags & IFF_LOOPBACK){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1155
    if(debug){
1156
      fprintf(stderr, "Rejecting loopback interface \"%s\"\n",
1157
	      if_entry->d_name);
1158
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1159
    return 0;
1160
  }
1161
  /* Accept point-to-point devices only if connect_to is specified */
1162
  if(connect_to != NULL and (flags & IFF_POINTOPOINT)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1163
    if(debug){
1164
      fprintf(stderr, "Accepting point-to-point interface \"%s\"\n",
1165
	      if_entry->d_name);
1166
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1167
    return 1;
1168
  }
1169
  /* Otherwise, reject non-broadcast-capable devices */
1170
  if(not (flags & IFF_BROADCAST)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1171
    if(debug){
1172
      fprintf(stderr, "Rejecting non-broadcast interface \"%s\"\n",
1173
	      if_entry->d_name);
1174
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1175
    return 0;
1176
  }
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1177
  /* Reject non-ARP interfaces (including dummy interfaces) */
1178
  if(flags & IFF_NOARP){
1179
    if(debug){
1180
      fprintf(stderr, "Rejecting non-ARP interface \"%s\"\n",
1181
	      if_entry->d_name);
1182
    }
1183
    return 0;
1184
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1185
  /* Accept this device */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1186
  if(debug){
1187
    fprintf(stderr, "Interface \"%s\" is acceptable\n",
1188
	    if_entry->d_name);
1189
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1190
  return 1;
1191
}
1192
24.1.172 by Björn Påhlsson
using scandir instead of readdir
1193
int notdotentries(const struct dirent *direntry){
1194
  /* Skip "." and ".." */
1195
  if(direntry->d_name[0] == '.'
1196
     and (direntry->d_name[1] == '\0'
1197
	  or (direntry->d_name[1] == '.'
1198
	      and direntry->d_name[2] == '\0'))){
1199
    return 0;
1200
  }
1201
  return 1;
1202
}
1203
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1204
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval){
1205
  int ret;
1206
  struct timespec now;
1207
  struct timespec waited_time;
1208
  intmax_t block_time;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1209
  
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1210
  while(true){
1211
    if(mc.current_server == NULL){
1212
      if (debug){
237.7.33 by Teddy Hogeborn
Merge from Björn.
1213
	fprintf(stderr,
1214
		"Wait until first server is found. No timeout!\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1215
      }
1216
      ret = avahi_simple_poll_iterate(s, -1);
1217
    } else {
1218
      if (debug){
237.7.33 by Teddy Hogeborn
Merge from Björn.
1219
	fprintf(stderr, "Check current_server if we should run it,"
1220
		" or wait\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1221
      }
1222
      /* the current time */
1223
      ret = clock_gettime(CLOCK_MONOTONIC, &now);
1224
      if(ret == -1){
1225
	perror_plus("clock_gettime");
1226
	return -1;
1227
      }
1228
      /* Calculating in ms how long time between now and server
1229
	 who we visted longest time ago. Now - last seen.  */
237.7.33 by Teddy Hogeborn
Merge from Björn.
1230
      waited_time.tv_sec = (now.tv_sec
1231
			    - mc.current_server->last_seen.tv_sec);
1232
      waited_time.tv_nsec = (now.tv_nsec
1233
			     - mc.current_server->last_seen.tv_nsec);
1234
      /* total time is 10s/10,000ms.
1235
	 Converting to s from ms by dividing by 1,000,
1236
	 and ns to ms by dividing by 1,000,000. */
1237
      block_time = ((retry_interval
1238
		     - ((intmax_t)waited_time.tv_sec * 1000))
1239
		    - ((intmax_t)waited_time.tv_nsec / 1000000));
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1240
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1241
      if (debug){
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1242
	fprintf(stderr, "Blocking for %" PRIdMAX " ms\n", block_time);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1243
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1244
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1245
      if(block_time <= 0){
1246
	ret = start_mandos_communication(mc.current_server->ip,
237.7.33 by Teddy Hogeborn
Merge from Björn.
1247
					 mc.current_server->port,
1248
					 mc.current_server->if_index,
1249
					 mc.current_server->af);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1250
	if(ret == 0){
1251
	  avahi_simple_poll_quit(mc.simple_poll);
1252
	  return 0;
1253
	}
237.7.33 by Teddy Hogeborn
Merge from Björn.
1254
	ret = clock_gettime(CLOCK_MONOTONIC,
1255
			    &mc.current_server->last_seen);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1256
	if(ret == -1){
1257
	  perror_plus("clock_gettime");
1258
	  return -1;
1259
	}
1260
	mc.current_server = mc.current_server->next;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1261
	block_time = 0; 	/* Call avahi to find new Mandos
1262
				   servers, but don't block */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1263
      }
1264
      
1265
      ret = avahi_simple_poll_iterate(s, (int)block_time);
1266
    }
1267
    if(ret != 0){
1268
      if (ret > 0 or errno != EINTR) {
1269
	return (ret != 1) ? ret : 0;
1270
      }
1271
    }
1272
  }
1273
}
1274
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1275
int main(int argc, char *argv[]){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1276
  AvahiSServiceBrowser *sb = NULL;
1277
  int error;
1278
  int ret;
1279
  intmax_t tmpmax;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1280
  char *tmp;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1281
  int exitcode = EXIT_SUCCESS;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1282
  const char *interface = "";
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1283
  struct ifreq network;
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1284
  int sd = -1;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1285
  bool take_down_interface = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1286
  uid_t uid;
1287
  gid_t gid;
1288
  char tempdir[] = "/tmp/mandosXXXXXX";
1289
  bool tempdir_created = false;
1290
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1291
  const char *seckey = PATHDIR "/" SECKEY;
1292
  const char *pubkey = PATHDIR "/" PUBKEY;
1293
  
1294
  bool gnutls_initialized = false;
1295
  bool gpgme_initialized = false;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1296
  float delay = 2.5f;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1297
  double retry_interval = 10; /* 10s between trying a server and
1298
				 retrying the same server again */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1299
  
237.2.132 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1300
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1301
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1302
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1303
  uid = getuid();
1304
  gid = getgid();
1305
  
1306
  /* Lower any group privileges we might have, just to be safe */
1307
  errno = 0;
1308
  ret = setgid(gid);
1309
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1310
    perror_plus("setgid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1311
  }
1312
  
1313
  /* Lower user privileges (temporarily) */
1314
  errno = 0;
1315
  ret = seteuid(uid);
1316
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1317
    perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1318
  }
1319
  
1320
  if(quit_now){
1321
    goto end;
1322
  }
1323
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1324
  {
1325
    struct argp_option options[] = {
1326
      { .name = "debug", .key = 128,
1327
	.doc = "Debug mode", .group = 3 },
1328
      { .name = "connect", .key = 'c',
1329
	.arg = "ADDRESS:PORT",
1330
	.doc = "Connect directly to a specific Mandos server",
1331
	.group = 1 },
1332
      { .name = "interface", .key = 'i',
1333
	.arg = "NAME",
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1334
	.doc = "Network interface that will be used to search for"
1335
	" Mandos servers",
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1336
	.group = 1 },
1337
      { .name = "seckey", .key = 's',
1338
	.arg = "FILE",
1339
	.doc = "OpenPGP secret key file base name",
1340
	.group = 1 },
1341
      { .name = "pubkey", .key = 'p',
1342
	.arg = "FILE",
1343
	.doc = "OpenPGP public key file base name",
1344
	.group = 2 },
1345
      { .name = "dh-bits", .key = 129,
1346
	.arg = "BITS",
1347
	.doc = "Bit length of the prime number used in the"
1348
	" Diffie-Hellman key exchange",
1349
	.group = 2 },
1350
      { .name = "priority", .key = 130,
1351
	.arg = "STRING",
1352
	.doc = "GnuTLS priority string for the TLS handshake",
1353
	.group = 1 },
1354
      { .name = "delay", .key = 131,
1355
	.arg = "SECONDS",
1356
	.doc = "Maximum delay to wait for interface startup",
1357
	.group = 2 },
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1358
      { .name = "retry", .key = 132,
1359
	.arg = "SECONDS",
1360
	.doc = "Retry interval used when denied by the mandos server",
1361
	.group = 2 },
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1362
      /*
1363
       * These reproduce what we would get without ARGP_NO_HELP
1364
       */
1365
      { .name = "help", .key = '?',
1366
	.doc = "Give this help list", .group = -1 },
1367
      { .name = "usage", .key = -3,
1368
	.doc = "Give a short usage message", .group = -1 },
1369
      { .name = "version", .key = 'V',
1370
	.doc = "Print program version", .group = -1 },
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1371
      { .name = NULL }
1372
    };
1373
    
1374
    error_t parse_opt(int key, char *arg,
1375
		      struct argp_state *state){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1376
      errno = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1377
      switch(key){
1378
      case 128:			/* --debug */
1379
	debug = true;
1380
	break;
1381
      case 'c':			/* --connect */
1382
	connect_to = arg;
1383
	break;
1384
      case 'i':			/* --interface */
1385
	interface = arg;
1386
	break;
1387
      case 's':			/* --seckey */
1388
	seckey = arg;
1389
	break;
1390
      case 'p':			/* --pubkey */
1391
	pubkey = arg;
1392
	break;
1393
      case 129:			/* --dh-bits */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1394
	errno = 0;
1395
	tmpmax = strtoimax(arg, &tmp, 10);
1396
	if(errno != 0 or tmp == arg or *tmp != '\0'
1397
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1398
	  argp_error(state, "Bad number of DH bits");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1399
	}
1400
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1401
	break;
1402
      case 130:			/* --priority */
1403
	mc.priority = arg;
1404
	break;
1405
      case 131:			/* --delay */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1406
	errno = 0;
1407
	delay = strtof(arg, &tmp);
1408
	if(errno != 0 or tmp == arg or *tmp != '\0'){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1409
	  argp_error(state, "Bad delay");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1410
	}
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1411
      case 132:			/* --retry */
1412
	errno = 0;
1413
	retry_interval = strtod(arg, &tmp);
1414
	if(errno != 0 or tmp == arg or *tmp != '\0'
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1415
	   or (retry_interval * 1000) > INT_MAX
1416
	   or retry_interval < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1417
	  argp_error(state, "Bad retry interval");
1418
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1419
	break;
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1420
	/*
1421
	 * These reproduce what we would get without ARGP_NO_HELP
1422
	 */
1423
      case '?':			/* --help */
1424
	argp_state_help(state, state->out_stream,
1425
			(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1426
			& ~(unsigned int)ARGP_HELP_EXIT_OK);
1427
      case -3:			/* --usage */
1428
	argp_state_help(state, state->out_stream,
1429
			ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1430
      case 'V':			/* --version */
1431
	fprintf(state->out_stream, "%s\n", argp_program_version);
1432
	exit(argp_err_exit_status);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1433
	break;
1434
      default:
1435
	return ARGP_ERR_UNKNOWN;
1436
      }
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1437
      return errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1438
    }
1439
    
1440
    struct argp argp = { .options = options, .parser = parse_opt,
1441
			 .args_doc = "",
1442
			 .doc = "Mandos client -- Get and decrypt"
1443
			 " passwords from a Mandos server" };
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1444
    ret = argp_parse(&argp, argc, argv,
1445
		     ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1446
    switch(ret){
1447
    case 0:
1448
      break;
1449
    case ENOMEM:
1450
    default:
1451
      errno = ret;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1452
      perror_plus("argp_parse");
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1453
      exitcode = EX_OSERR;
1454
      goto end;
1455
    case EINVAL:
1456
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1457
      goto end;
1458
    }
1459
  }
237.7.35 by Teddy Hogeborn
* initramfs-tools-script: Abort if plugin-runner is missing. Removed
1460
    
1461
  {
1462
    /* Work around Debian bug #633582:
1463
       <http://bugs.debian.org/633582> */
1464
    struct stat st;
1465
    
1466
    /* Re-raise priviliges */
1467
    errno = 0;
1468
    ret = seteuid(0);
1469
    if(ret == -1){
1470
      perror_plus("seteuid");
1471
    }
1472
    
1473
    int seckey_fd = open(PATHDIR "/" SECKEY, O_RDONLY);
1474
    if(seckey_fd == -1){
1475
      perror_plus("open");
1476
    } else {
1477
      ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
1478
      if(ret == -1){
1479
	perror_plus("fstat");
1480
      } else {
1481
	if(S_ISREG(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
1482
	  ret = fchown(seckey_fd, uid, gid);
1483
	  if(ret == -1){
1484
	    perror_plus("fchown");
1485
	  }
1486
	}
1487
      }
1488
      TEMP_FAILURE_RETRY(close(seckey_fd));
1489
    }
1490
    
1491
    int pubkey_fd = open(PATHDIR "/" PUBKEY, O_RDONLY);
1492
    if(pubkey_fd == -1){
1493
      perror_plus("open");
1494
    } else {
1495
      ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
1496
      if(ret == -1){
1497
	perror_plus("fstat");
1498
      } else {
1499
	if(S_ISREG(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
1500
	  ret = fchown(pubkey_fd, uid, gid);
1501
	  if(ret == -1){
1502
	    perror_plus("fchown");
1503
	  }
1504
	}
1505
      }
1506
      TEMP_FAILURE_RETRY(close(pubkey_fd));
1507
    }
1508
    
1509
    /* Lower privileges */
1510
    errno = 0;
1511
    ret = seteuid(uid);
1512
    if(ret == -1){
1513
      perror_plus("seteuid");
1514
    }
1515
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1516
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1517
  if(not debug){
1518
    avahi_set_log_function(empty_log);
1519
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1520
1521
  if(interface[0] == '\0'){
1522
    struct dirent **direntries;
1523
    ret = scandir(sys_class_net, &direntries, good_interface,
1524
		  alphasort);
1525
    if(ret >= 1){
1526
      /* Pick the first good interface */
1527
      interface = strdup(direntries[0]->d_name);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1528
      if(debug){
1529
	fprintf(stderr, "Using interface \"%s\"\n", interface);
1530
      }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1531
      if(interface == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1532
	perror_plus("malloc");
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1533
	free(direntries);
1534
	exitcode = EXIT_FAILURE;
1535
	goto end;
1536
      }
1537
      free(direntries);
1538
    } else {
1539
      free(direntries);
1540
      fprintf(stderr, "Could not find a network interface\n");
1541
      exitcode = EXIT_FAILURE;
1542
      goto end;
1543
    }
1544
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1545
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1546
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
1547
     from the signal handler */
1548
  /* Initialize the pseudo-RNG for Avahi */
1549
  srand((unsigned int) time(NULL));
1550
  mc.simple_poll = avahi_simple_poll_new();
1551
  if(mc.simple_poll == NULL){
1552
    fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1553
    exitcode = EX_UNAVAILABLE;
24.1.135 by Björn Påhlsson
Earlier signal handling
1554
    goto end;
1555
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1556
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1557
  sigemptyset(&sigterm_action.sa_mask);
237.2.72 by Teddy Hogeborn
Merge from Björn:
1558
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1559
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1560
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1561
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
1562
    goto end;
1563
  }
1564
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1565
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1566
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1567
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
1568
    goto end;
1569
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
1570
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1571
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1572
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1573
    exitcode = EX_OSERR;
24.1.135 by Björn Påhlsson
Earlier signal handling
1574
    goto end;
1575
  }
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1576
  /* Need to check if the handler is SIG_IGN before handling:
1577
     | [[info:libc:Initial Signal Actions]] |
1578
     | [[info:libc:Basic Signal Handling]]  |
1579
  */
1580
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1581
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1582
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1583
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1584
  }
1585
  if(old_sigterm_action.sa_handler != SIG_IGN){
1586
    ret = sigaction(SIGINT, &sigterm_action, NULL);
1587
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1588
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1589
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1590
      goto end;
1591
    }
1592
  }
1593
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1594
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1595
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1596
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1597
  }
1598
  if(old_sigterm_action.sa_handler != SIG_IGN){
1599
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
1600
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1601
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1602
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1603
      goto end;
1604
    }
1605
  }
1606
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1607
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1608
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1609
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1610
  }
1611
  if(old_sigterm_action.sa_handler != SIG_IGN){
1612
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
1613
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1614
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1615
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1616
      goto end;
1617
    }
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1618
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1619
  
1620
  /* If the interface is down, bring it up */
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1621
  if(strcmp(interface, "none") != 0){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1622
    if_index = (AvahiIfIndex) if_nametoindex(interface);
1623
    if(if_index == 0){
1624
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1625
      exitcode = EX_UNAVAILABLE;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1626
      goto end;
1627
    }
1628
    
1629
    if(quit_now){
1630
      goto end;
1631
    }
1632
    
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1633
    /* Re-raise priviliges */
1634
    errno = 0;
1635
    ret = seteuid(0);
1636
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1637
      perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1638
    }
1639
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1640
#ifdef __linux__
1641
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1642
       messages about the network interface to mess up the prompt */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1643
    ret = klogctl(8, NULL, 5);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1644
    bool restore_loglevel = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1645
    if(ret == -1){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1646
      restore_loglevel = false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1647
      perror_plus("klogctl");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1648
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1649
#endif	/* __linux__ */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1650
    
1651
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1652
    if(sd < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1653
      perror_plus("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1654
      exitcode = EX_OSERR;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1655
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1656
      if(restore_loglevel){
1657
	ret = klogctl(7, NULL, 0);
1658
	if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1659
	  perror_plus("klogctl");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1660
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1661
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1662
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1663
      /* Lower privileges */
1664
      errno = 0;
1665
      ret = seteuid(uid);
1666
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1667
	perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1668
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1669
      goto end;
1670
    }
1671
    strcpy(network.ifr_name, interface);
1672
    ret = ioctl(sd, SIOCGIFFLAGS, &network);
1673
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1674
      perror_plus("ioctl SIOCGIFFLAGS");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1675
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1676
      if(restore_loglevel){
1677
	ret = klogctl(7, NULL, 0);
1678
	if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1679
	  perror_plus("klogctl");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1680
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1681
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1682
#endif	/* __linux__ */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1683
      exitcode = EX_OSERR;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1684
      /* Lower privileges */
1685
      errno = 0;
1686
      ret = seteuid(uid);
1687
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1688
	perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1689
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1690
      goto end;
1691
    }
1692
    if((network.ifr_flags & IFF_UP) == 0){
1693
      network.ifr_flags |= IFF_UP;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1694
      take_down_interface = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1695
      ret = ioctl(sd, SIOCSIFFLAGS, &network);
1696
      if(ret == -1){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1697
	take_down_interface = false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1698
	perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1699
	exitcode = EX_OSERR;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1700
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1701
	if(restore_loglevel){
1702
	  ret = klogctl(7, NULL, 0);
1703
	  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1704
	    perror_plus("klogctl");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1705
	  }
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
1706
	}
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1707
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1708
	/* Lower privileges */
1709
	errno = 0;
1710
	ret = seteuid(uid);
1711
	if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1712
	  perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1713
	}
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1714
	goto end;
1715
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1716
    }
237.7.33 by Teddy Hogeborn
Merge from Björn.
1717
    /* Sleep checking until interface is running.
1718
       Check every 0.25s, up to total time of delay */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1719
    for(int i=0; i < delay * 4; i++){
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1720
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1721
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1722
	perror_plus("ioctl SIOCGIFFLAGS");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1723
      } else if(network.ifr_flags & IFF_RUNNING){
1724
	break;
1725
      }
1726
      struct timespec sleeptime = { .tv_nsec = 250000000 };
1727
      ret = nanosleep(&sleeptime, NULL);
1728
      if(ret == -1 and errno != EINTR){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1729
	perror_plus("nanosleep");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1730
      }
1731
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1732
    if(not take_down_interface){
1733
      /* We won't need the socket anymore */
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1734
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1735
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1736
	perror_plus("close");
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1737
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1738
    }
1739
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1740
    if(restore_loglevel){
1741
      /* Restores kernel loglevel to default */
1742
      ret = klogctl(7, NULL, 0);
1743
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1744
	perror_plus("klogctl");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1745
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1746
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1747
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1748
    /* Lower privileges */
1749
    errno = 0;
1750
    if(take_down_interface){
1751
      /* Lower privileges */
1752
      ret = seteuid(uid);
1753
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1754
	perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1755
      }
1756
    } else {
1757
      /* Lower privileges permanently */
1758
      ret = setuid(uid);
1759
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1760
	perror_plus("setuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1761
      }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1762
    }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1763
  }
1764
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1765
  if(quit_now){
1766
    goto end;
1767
  }
1768
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1769
  ret = init_gnutls_global(pubkey, seckey);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1770
  if(ret == -1){
1771
    fprintf(stderr, "init_gnutls_global failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1772
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1773
    goto end;
1774
  } else {
1775
    gnutls_initialized = true;
1776
  }
1777
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1778
  if(quit_now){
1779
    goto end;
1780
  }
1781
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1782
  if(mkdtemp(tempdir) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1783
    perror_plus("mkdtemp");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1784
    goto end;
1785
  }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
1786
  tempdir_created = true;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1787
  
1788
  if(quit_now){
1789
    goto end;
1790
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1791
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1792
  if(not init_gpgme(pubkey, seckey, tempdir)){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1793
    fprintf(stderr, "init_gpgme failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1794
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1795
    goto end;
1796
  } else {
1797
    gpgme_initialized = true;
1798
  }
1799
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1800
  if(quit_now){
1801
    goto end;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1802
  }
1803
  
1804
  if(connect_to != NULL){
1805
    /* Connect directly, do not use Zeroconf */
1806
    /* (Mainly meant for debugging) */
1807
    char *address = strrchr(connect_to, ':');
1808
    if(address == NULL){
1809
      fprintf(stderr, "No colon in address\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1810
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1811
      goto end;
1812
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1813
    
1814
    if(quit_now){
1815
      goto end;
1816
    }
1817
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1818
    uint16_t port;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1819
    errno = 0;
1820
    tmpmax = strtoimax(address+1, &tmp, 10);
1821
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
1822
       or tmpmax != (uint16_t)tmpmax){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1823
      fprintf(stderr, "Bad port number\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1824
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1825
      goto end;
1826
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1827
  
1828
    if(quit_now){
1829
      goto end;
1830
    }
1831
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1832
    port = (uint16_t)tmpmax;
1833
    *address = '\0';
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1834
    /* Colon in address indicates IPv6 */
1835
    int af;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1836
    if(strchr(connect_to, ':') != NULL){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1837
      af = AF_INET6;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1838
      /* Accept [] around IPv6 address - see RFC 5952 */
1839
      if(connect_to[0] == '[' and address[-1] == ']')
1840
	{
1841
	  connect_to++;
1842
	  address[-1] = '\0';
1843
	}
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1844
    } else {
1845
      af = AF_INET;
1846
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1847
    address = connect_to;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1848
    
1849
    if(quit_now){
1850
      goto end;
1851
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1852
    
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1853
    while(not quit_now){
1854
      ret = start_mandos_communication(address, port, if_index, af);
1855
      if(quit_now or ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1856
	break;
1857
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1858
      if(debug){
1859
	fprintf(stderr, "Retrying in %d seconds\n",
1860
		(int)retry_interval);
1861
      }
1862
      sleep((int)retry_interval);
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1863
    };
1864
1865
    if (not quit_now){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1866
      exitcode = EXIT_SUCCESS;
1867
    }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1868
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1869
    goto end;
1870
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1871
  
1872
  if(quit_now){
1873
    goto end;
1874
  }
1875
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1876
  {
1877
    AvahiServerConfig config;
1878
    /* Do not publish any local Zeroconf records */
1879
    avahi_server_config_init(&config);
1880
    config.publish_hinfo = 0;
1881
    config.publish_addresses = 0;
1882
    config.publish_workstation = 0;
1883
    config.publish_domain = 0;
1884
    
1885
    /* Allocate a new server */
1886
    mc.server = avahi_server_new(avahi_simple_poll_get
1887
				 (mc.simple_poll), &config, NULL,
1888
				 NULL, &error);
1889
    
1890
    /* Free the Avahi configuration data */
1891
    avahi_server_config_free(&config);
1892
  }
1893
  
1894
  /* Check if creating the Avahi server object succeeded */
1895
  if(mc.server == NULL){
1896
    fprintf(stderr, "Failed to create Avahi server: %s\n",
1897
	    avahi_strerror(error));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1898
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1899
    goto end;
1900
  }
1901
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1902
  if(quit_now){
1903
    goto end;
1904
  }
1905
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1906
  /* Create the Avahi service browser */
1907
  sb = avahi_s_service_browser_new(mc.server, if_index,
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
1908
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1909
				   NULL, 0, browse_callback, NULL);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1910
  if(sb == NULL){
1911
    fprintf(stderr, "Failed to create service browser: %s\n",
1912
	    avahi_strerror(avahi_server_errno(mc.server)));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1913
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1914
    goto end;
1915
  }
237.2.70 by Teddy Hogeborn
Merge from Björn:
1916
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1917
  if(quit_now){
1918
    goto end;
1919
  }
1920
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1921
  /* Run the main loop */
1922
  
1923
  if(debug){
1924
    fprintf(stderr, "Starting Avahi loop search\n");
1925
  }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1926
237.7.33 by Teddy Hogeborn
Merge from Björn.
1927
  ret = avahi_loop_with_timeout(mc.simple_poll,
1928
				(int)(retry_interval * 1000));
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1929
  if(debug){
1930
    fprintf(stderr, "avahi_loop_with_timeout exited %s\n",
1931
	    (ret == 0) ? "successfully" : "with error");
1932
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1933
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1934
 end:
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1935
  
1936
  if(debug){
1937
    fprintf(stderr, "%s exiting\n", argv[0]);
1938
  }
1939
  
1940
  /* Cleanup things */
1941
  if(sb != NULL)
1942
    avahi_s_service_browser_free(sb);
1943
  
1944
  if(mc.server != NULL)
1945
    avahi_server_free(mc.server);
1946
  
1947
  if(mc.simple_poll != NULL)
1948
    avahi_simple_poll_free(mc.simple_poll);
1949
  
1950
  if(gnutls_initialized){
1951
    gnutls_certificate_free_credentials(mc.cred);
1952
    gnutls_global_deinit();
1953
    gnutls_dh_params_deinit(mc.dh_params);
1954
  }
1955
  
1956
  if(gpgme_initialized){
1957
    gpgme_release(mc.ctx);
1958
  }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1959
237.7.33 by Teddy Hogeborn
Merge from Björn.
1960
  /* Cleans up the circular linked list of Mandos servers the client
1961
     has seen */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1962
  if(mc.current_server != NULL){
1963
    mc.current_server->prev->next = NULL;
1964
    while(mc.current_server != NULL){
1965
      server *next = mc.current_server->next;
1966
      free(mc.current_server);
1967
      mc.current_server = next;
1968
    }
1969
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1970
  
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1971
  /* Take down the network interface */
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1972
  if(take_down_interface){
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1973
    /* Re-raise priviliges */
1974
    errno = 0;
1975
    ret = seteuid(0);
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1976
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1977
      perror_plus("seteuid");
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1978
    }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1979
    if(geteuid() == 0){
1980
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1981
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1982
	perror_plus("ioctl SIOCGIFFLAGS");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1983
      } else if(network.ifr_flags & IFF_UP) {
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1984
	network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1985
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
1986
	if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1987
	  perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1988
	}
1989
      }
1990
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1991
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1992
	perror_plus("close");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1993
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1994
      /* Lower privileges permanently */
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1995
      errno = 0;
1996
      ret = setuid(uid);
1997
      if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1998
	perror_plus("setuid");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1999
      }
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
2000
    }
2001
  }
2002
  
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2003
  /* Removes the GPGME temp directory and all files inside */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2004
  if(tempdir_created){
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2005
    struct dirent **direntries = NULL;
2006
    struct dirent *direntry = NULL;
2007
    ret = scandir(tempdir, &direntries, notdotentries, alphasort);
2008
    if (ret > 0){
2009
      for(int i = 0; i < ret; i++){
2010
	direntry = direntries[i];
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2011
	char *fullname = NULL;
2012
	ret = asprintf(&fullname, "%s/%s", tempdir,
2013
		       direntry->d_name);
2014
	if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2015
	  perror_plus("asprintf");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2016
	  continue;
2017
	}
2018
	ret = remove(fullname);
2019
	if(ret == -1){
2020
	  fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
2021
		  strerror(errno));
2022
	}
2023
	free(fullname);
2024
      }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2025
    }
2026
237.7.33 by Teddy Hogeborn
Merge from Björn.
2027
    /* need to be cleaned even if ret == 0 because man page doesn't
2028
       specify */
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2029
    free(direntries);
2030
    if (ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2031
      perror_plus("scandir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2032
    }
2033
    ret = rmdir(tempdir);
2034
    if(ret == -1 and errno != ENOENT){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2035
      perror_plus("rmdir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2036
    }
2037
  }
2038
  
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2039
  if(quit_now){
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2040
    sigemptyset(&old_sigterm_action.sa_mask);
2041
    old_sigterm_action.sa_handler = SIG_DFL;
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2042
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
2043
					    &old_sigterm_action,
2044
					    NULL));
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2045
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2046
      perror_plus("sigaction");
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2047
    }
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2048
    do {
2049
      ret = raise(signal_received);
2050
    } while(ret != 0 and errno == EINTR);
2051
    if(ret != 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2052
      perror_plus("raise");
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2053
      abort();
2054
    }
2055
    TEMP_FAILURE_RETRY(pause());
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2056
  }
2057
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2058
  return exitcode;
13 by Björn Påhlsson
Added following support:
2059
}