/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
237.2.24 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
237.7.14 by Teddy Hogeborn
Update copyright year to "2011" wherever appropriate.
12
 * Copyright © 2008-2011 Teddy Hogeborn
13
 * Copyright © 2008-2011 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
29
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
24.1.26 by Björn Påhlsson
tally count of used symbols
44
#include <stdint.h> 		/* uint16_t, uint32_t */
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, srand(),
47
				   strtof(), abort() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
56
#include <sys/stat.h>		/* open() */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
58
				   inet_pton(), connect() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
59
#include <fcntl.h>		/* open() */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
60
#include <dirent.h>		/* opendir(), struct dirent, readdir()
61
				 */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
62
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
63
				   strtoimax() */
24.1.29 by Björn Påhlsson
Added more header file comments
64
#include <assert.h>		/* assert() */
65
#include <errno.h>		/* perror(), errno */
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
66
#include <time.h>		/* nanosleep(), time(), sleep() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
67
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
68
				   SIOCSIFFLAGS, if_indextoname(),
69
				   if_nametoindex(), IF_NAMESIZE */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
70
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
71
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
73
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
74
				   getuid(), getgid(), seteuid(),
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
75
				   setgid(), pause() */
24.1.26 by Björn Påhlsson
tally count of used symbols
76
#include <arpa/inet.h>		/* inet_pton(), htons */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
77
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
78
#include <argp.h>		/* struct argp_option, error_t, struct
79
				   argp_state, struct argp,
80
				   argp_parse(), ARGP_KEY_ARG,
81
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
237.2.70 by Teddy Hogeborn
Merge from Björn:
82
#include <signal.h>		/* sigemptyset(), sigaddset(),
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
83
				   sigaction(), SIGTERM, sig_atomic_t,
84
				   raise() */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
85
#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
86
				   EX_NOHOST, EX_IOERR, EX_PROTOCOL */
237.2.70 by Teddy Hogeborn
Merge from Björn:
87
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
88
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
89
#include <sys/klog.h> 		/* klogctl() */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
90
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
91
92
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
93
/* All Avahi types, constants and functions
94
 Avahi*, avahi_*,
95
 AVAHI_* */
96
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
97
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
98
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
99
#include <avahi-common/simple-watch.h>
100
#include <avahi-common/malloc.h>
101
#include <avahi-common/error.h>
102
103
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
104
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
105
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
106
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
107
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
108
				   GNUTLS_* */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
109
#include <gnutls/openpgp.h>
110
			  /* gnutls_certificate_set_openpgp_key_file(),
24.1.29 by Björn Påhlsson
Added more header file comments
111
				   GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
112
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
113
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
114
#include <gpgme.h> 		/* All GPGME types, constants and
115
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
116
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
117
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
118
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
119
120
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
121
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
122
#define PATHDIR "/conf/conf.d/mandos"
123
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
124
#define PUBKEY "pubkey.txt"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
125
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
126
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
127
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
128
const char *argp_program_version = "mandos-client " VERSION;
24.1.14 by Björn Påhlsson
mandosclient
129
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
130
static const char sys_class_net[] = "/sys/class/net";
131
char *connect_to = NULL;
24.1.10 by Björn Påhlsson
merge commit
132
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
133
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
134
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
135
  AvahiSimplePoll *simple_poll;
136
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
137
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
138
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
139
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
140
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
141
  gpgme_ctx_t ctx;
24.1.9 by Björn Påhlsson
not working midwork...
142
} mandos_context;
13 by Björn Påhlsson
Added following support:
143
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
144
/* global context so signal handler can reach it*/
24.1.135 by Björn Påhlsson
Earlier signal handling
145
mandos_context mc = { .simple_poll = NULL, .server = NULL,
146
		      .dh_bits = 1024, .priority = "SECURE256"
147
		      ":!CTYPE-X.509:+CTYPE-OPENPGP" };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
148
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
149
sig_atomic_t quit_now = 0;
150
int signal_received = 0;
151
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
152
/*
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
153
 * Make additional room in "buffer" for at least BUFFER_SIZE more
154
 * bytes. "buffer_capacity" is how much is currently allocated,
155
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
156
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
157
size_t incbuffer(char **buffer, size_t buffer_length,
24.1.10 by Björn Påhlsson
merge commit
158
		  size_t buffer_capacity){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
159
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
160
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
161
    if(buffer == NULL){
24.1.10 by Björn Påhlsson
merge commit
162
      return 0;
163
    }
164
    buffer_capacity += BUFFER_SIZE;
165
  }
166
  return buffer_capacity;
167
}
168
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
169
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
170
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
171
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
172
static bool init_gpgme(const char *seckey,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
173
		       const char *pubkey, const char *tempdir){
13 by Björn Påhlsson
Added following support:
174
  gpgme_error_t rc;
175
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
176
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
177
  
178
  /*
237.2.51 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
179
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
180
   */
181
  bool import_key(const char *filename){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
182
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
183
    int fd;
184
    gpgme_data_t pgp_data;
185
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
186
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
187
    if(fd == -1){
188
      perror("open");
189
      return false;
190
    }
191
    
192
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
193
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
194
      fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
195
	      gpgme_strsource(rc), gpgme_strerror(rc));
196
      return false;
197
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
198
    
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
199
    rc = gpgme_op_import(mc.ctx, pgp_data);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
200
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
201
      fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
202
	      gpgme_strsource(rc), gpgme_strerror(rc));
203
      return false;
204
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
205
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
206
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
207
    if(ret == -1){
208
      perror("close");
209
    }
210
    gpgme_data_release(pgp_data);
211
    return true;
212
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
213
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
214
  if(debug){
237.2.70 by Teddy Hogeborn
Merge from Björn:
215
    fprintf(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
216
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
217
  
13 by Björn Påhlsson
Added following support:
218
  /* Init GPGME */
219
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
220
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
221
  if(rc != GPG_ERR_NO_ERROR){
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
222
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
223
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
224
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
225
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
226
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
227
    /* Set GPGME home directory for the OpenPGP engine only */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
228
  rc = gpgme_get_engine_info(&engine_info);
229
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
230
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
231
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
232
    return false;
13 by Björn Påhlsson
Added following support:
233
  }
234
  while(engine_info != NULL){
235
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
236
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
237
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
238
      break;
239
    }
240
    engine_info = engine_info->next;
241
  }
242
  if(engine_info == NULL){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
243
    fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
244
    return false;
245
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
246
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
247
  /* Create new GPGME "context" */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
248
  rc = gpgme_new(&(mc.ctx));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
249
  if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
250
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
251
	    gpgme_strsource(rc), gpgme_strerror(rc));
252
    return false;
253
  }
254
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
255
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
256
    return false;
257
  }
258
  
237.2.118 by Teddy Hogeborn
* mandos: White-space fixes only.
259
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
260
}
261
262
/* 
263
 * Decrypt OpenPGP data.
264
 * Returns -1 on error
265
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
266
static ssize_t pgp_packet_decrypt(const char *cryptotext,
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
267
				  size_t crypto_size,
268
				  char **plaintext){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
269
  gpgme_data_t dh_crypto, dh_plain;
270
  gpgme_error_t rc;
271
  ssize_t ret;
272
  size_t plaintext_capacity = 0;
273
  ssize_t plaintext_length = 0;
274
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
275
  if(debug){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
276
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
277
  }
278
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
279
  /* Create new GPGME data buffer from memory cryptotext */
280
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
281
			       0);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
282
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
283
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
284
	    gpgme_strsource(rc), gpgme_strerror(rc));
285
    return -1;
286
  }
287
  
288
  /* Create new empty GPGME data buffer for the plaintext */
289
  rc = gpgme_data_new(&dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
290
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
291
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
292
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
293
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
294
    return -1;
295
  }
296
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
297
  /* Decrypt data from the cryptotext data buffer to the plaintext
298
     data buffer */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
299
  rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
300
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
301
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
302
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
303
    plaintext_length = -1;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
304
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
305
      gpgme_decrypt_result_t result;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
306
      result = gpgme_op_decrypt_result(mc.ctx);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
307
      if(result == NULL){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
308
	fprintf(stderr, "gpgme_op_decrypt_result failed\n");
309
      } else {
310
	fprintf(stderr, "Unsupported algorithm: %s\n",
311
		result->unsupported_algorithm);
312
	fprintf(stderr, "Wrong key usage: %u\n",
313
		result->wrong_key_usage);
314
	if(result->file_name != NULL){
315
	  fprintf(stderr, "File name: %s\n", result->file_name);
316
	}
317
	gpgme_recipient_t recipient;
318
	recipient = result->recipients;
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
319
	while(recipient != NULL){
320
	  fprintf(stderr, "Public key algorithm: %s\n",
321
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
322
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
323
	  fprintf(stderr, "Secret key available: %s\n",
324
		  recipient->status == GPG_ERR_NO_SECKEY
325
		  ? "No" : "Yes");
326
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
327
	}
328
      }
329
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
330
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
331
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
332
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
333
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
334
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
335
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
336
  
13 by Björn Påhlsson
Added following support:
337
  /* Seek back to the beginning of the GPGME plaintext data buffer */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
338
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.92 by Björn Påhlsson
Several memory leaks detected by valgrind fixed
339
    perror("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
340
    plaintext_length = -1;
341
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
342
  }
343
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
344
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
345
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
346
    plaintext_capacity = incbuffer(plaintext,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
347
				      (size_t)plaintext_length,
24.1.12 by Björn Påhlsson
merge +
348
				      plaintext_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
349
    if(plaintext_capacity == 0){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
350
	perror("incbuffer");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
351
	plaintext_length = -1;
352
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
353
    }
354
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
355
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
356
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
357
    /* Print the data, if any */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
358
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
359
      /* EOF */
13 by Björn Påhlsson
Added following support:
360
      break;
361
    }
362
    if(ret < 0){
363
      perror("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
364
      plaintext_length = -1;
365
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
366
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
367
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
368
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
369
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
370
  if(debug){
371
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
372
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
373
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
374
    }
375
    fprintf(stderr, "\n");
376
  }
377
  
378
 decrypt_end:
379
  
380
  /* Delete the GPGME cryptotext data buffer */
381
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
382
  
383
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
384
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
385
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
386
}
387
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
388
static const char * safer_gnutls_strerror(int value){
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
389
  const char *ret = gnutls_strerror(value); /* Spurious warning from
390
					       -Wunreachable-code */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
391
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
392
    ret = "(unknown)";
393
  return ret;
394
}
395
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
396
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
397
static void debuggnutls(__attribute__((unused)) int level,
398
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
399
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
400
}
401
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
402
static int init_gnutls_global(const char *pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
403
			      const char *seckeyfilename){
13 by Björn Påhlsson
Added following support:
404
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
405
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
406
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
407
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
408
  }
24.1.29 by Björn Påhlsson
Added more header file comments
409
  
410
  ret = gnutls_global_init();
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
411
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
412
    fprintf(stderr, "GnuTLS global_init: %s\n",
413
	    safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
414
    return -1;
415
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
416
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
417
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
418
    /* "Use a log level over 10 to enable all debugging options."
419
     * - GnuTLS manual
420
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
421
    gnutls_global_set_log_level(11);
422
    gnutls_global_set_log_function(debuggnutls);
423
  }
424
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
425
  /* OpenPGP credentials */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
426
  gnutls_certificate_allocate_credentials(&mc.cred);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
427
  if(ret != GNUTLS_E_SUCCESS){
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
428
    fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
237.2.67 by Teddy Hogeborn
Four new interrelated features:
429
						    from
430
						    -Wunreachable-code
431
						 */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
432
	    safer_gnutls_strerror(ret));
433
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
434
    return -1;
435
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
436
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
437
  if(debug){
147 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Improved wording
438
    fprintf(stderr, "Attempting to use OpenPGP public key %s and"
439
	    " secret key %s as GnuTLS credentials\n", pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
440
	    seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
441
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
442
  
13 by Björn Påhlsson
Added following support:
443
  ret = gnutls_certificate_set_openpgp_key_file
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
444
    (mc.cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
445
     GNUTLS_OPENPGP_FMT_BASE64);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
446
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
447
    fprintf(stderr,
448
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
449
	    " '%s')\n", ret, pubkeyfilename, seckeyfilename);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
450
    fprintf(stderr, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
451
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
452
    goto globalfail;
13 by Björn Påhlsson
Added following support:
453
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
454
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
455
  /* GnuTLS server initialization */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
456
  ret = gnutls_dh_params_init(&mc.dh_params);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
457
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
458
    fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
459
	    " %s\n", safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
460
    goto globalfail;
13 by Björn Påhlsson
Added following support:
461
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
462
  ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
463
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
464
    fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
465
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
466
    goto globalfail;
13 by Björn Påhlsson
Added following support:
467
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
468
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
469
  gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
470
  
24.1.13 by Björn Påhlsson
mandosclient
471
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
472
  
24.1.20 by Björn Påhlsson
mandosclient
473
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
474
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
475
  gnutls_certificate_free_credentials(mc.cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
476
  gnutls_global_deinit();
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
477
  gnutls_dh_params_deinit(mc.dh_params);
24.1.20 by Björn Påhlsson
mandosclient
478
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
479
}
480
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
481
static int init_gnutls_session(gnutls_session_t *session){
24.1.13 by Björn Påhlsson
mandosclient
482
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
483
  /* GnuTLS session creation */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
484
  do {
485
    ret = gnutls_init(session, GNUTLS_SERVER);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
486
    if(quit_now){
487
      return -1;
488
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
489
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
490
  if(ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
491
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
492
	    safer_gnutls_strerror(ret));
493
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
494
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
495
  {
496
    const char *err;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
497
    do {
498
      ret = gnutls_priority_set_direct(*session, mc.priority, &err);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
499
      if(quit_now){
500
	gnutls_deinit(*session);
501
	return -1;
502
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
503
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
504
    if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
505
      fprintf(stderr, "Syntax error at: %s\n", err);
506
      fprintf(stderr, "GnuTLS error: %s\n",
507
	      safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
508
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
509
      return -1;
510
    }
13 by Björn Påhlsson
Added following support:
511
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
512
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
513
  do {
514
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
515
				 mc.cred);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
516
    if(quit_now){
517
      gnutls_deinit(*session);
518
      return -1;
519
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
520
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
521
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
522
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
523
	    safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
524
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
525
    return -1;
526
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
527
  
13 by Björn Påhlsson
Added following support:
528
  /* ignore client certificate if any. */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
529
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
530
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
531
  gnutls_dh_set_prime_bits(*session, mc.dh_bits);
13 by Björn Påhlsson
Added following support:
532
  
533
  return 0;
534
}
535
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
536
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
537
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
538
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
539
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
540
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
541
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
542
				      AvahiIfIndex if_index,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
543
				      int af){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
544
  int ret, tcp_sd = -1;
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
545
  ssize_t sret;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
546
  union {
547
    struct sockaddr_in in;
548
    struct sockaddr_in6 in6;
549
  } to;
13 by Björn Påhlsson
Added following support:
550
  char *buffer = NULL;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
551
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
552
  size_t buffer_length = 0;
553
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
554
  size_t written;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
555
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
556
  gnutls_session_t session;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
557
  int pf;			/* Protocol family */
558
  
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
559
  errno = 0;
560
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
561
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
562
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
563
    return -1;
564
  }
565
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
566
  switch(af){
567
  case AF_INET6:
568
    pf = PF_INET6;
569
    break;
570
  case AF_INET:
571
    pf = PF_INET;
572
    break;
573
  default:
574
    fprintf(stderr, "Bad address family: %d\n", af);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
575
    errno = EINVAL;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
576
    return -1;
577
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
578
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
579
  ret = init_gnutls_session(&session);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
580
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
581
    return -1;
582
  }
583
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
584
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
585
    fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
586
	    "\n", ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
587
  }
13 by Björn Påhlsson
Added following support:
588
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
589
  tcp_sd = socket(pf, SOCK_STREAM, 0);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
590
  if(tcp_sd < 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
591
    int e = errno;
13 by Björn Påhlsson
Added following support:
592
    perror("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
593
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
594
    goto mandos_end;
595
  }
596
  
597
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
598
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
599
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
600
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
601
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
602
  memset(&to, 0, sizeof(to));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
603
  if(af == AF_INET6){
237.2.88 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): "sin6_family"
604
    to.in6.sin6_family = (sa_family_t)af;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
605
    ret = inet_pton(af, ip, &to.in6.sin6_addr);
606
  } else {			/* IPv4 */
607
    to.in.sin_family = (sa_family_t)af;
608
    ret = inet_pton(af, ip, &to.in.sin_addr);
609
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
610
  if(ret < 0 ){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
611
    int e = errno;
13 by Björn Påhlsson
Added following support:
612
    perror("inet_pton");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
613
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
614
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
615
  }
13 by Björn Påhlsson
Added following support:
616
  if(ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
617
    int e = errno;
13 by Björn Påhlsson
Added following support:
618
    fprintf(stderr, "Bad address: %s\n", ip);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
619
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
620
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
621
  }
237.2.67 by Teddy Hogeborn
Four new interrelated features:
622
  if(af == AF_INET6){
623
    to.in6.sin6_port = htons(port); /* Spurious warnings from
624
				       -Wconversion and
625
				       -Wunreachable-code */
626
    
627
    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
628
       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
629
			      -Wunreachable-code*/
630
      if(if_index == AVAHI_IF_UNSPEC){
631
	fprintf(stderr, "An IPv6 link-local address is incomplete"
632
		" without a network interface\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
633
	errno = EINVAL;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
634
	goto mandos_end;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
635
      }
636
      /* Set the network interface number as scope */
637
      to.in6.sin6_scope_id = (uint32_t)if_index;
638
    }
639
  } else {
640
    to.in.sin_port = htons(port); /* Spurious warnings from
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
641
				     -Wconversion and
642
				     -Wunreachable-code */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
643
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
644
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
645
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
646
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
647
    goto mandos_end;
648
  }
649
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
650
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
651
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
652
      char interface[IF_NAMESIZE];
653
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
654
	perror("if_indextoname");
655
      } else {
656
	fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
657
		ip, interface, port);
658
      }
659
    } else {
660
      fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
661
	      port);
662
    }
663
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
664
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
665
    const char *pcret;
666
    if(af == AF_INET6){
667
      pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
668
			sizeof(addrstr));
669
    } else {
670
      pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
671
			sizeof(addrstr));
672
    }
673
    if(pcret == NULL){
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
674
      perror("inet_ntop");
675
    } else {
676
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
677
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
678
      }
679
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
680
  }
13 by Björn Påhlsson
Added following support:
681
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
682
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
683
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
684
    goto mandos_end;
685
  }
686
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
687
  if(af == AF_INET6){
688
    ret = connect(tcp_sd, &to.in6, sizeof(to));
689
  } else {
690
    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
691
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
692
  if(ret < 0){
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
693
    if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
694
      int e = errno;
695
      perror("connect");
696
      errno = e;
697
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
698
    goto mandos_end;
699
  }
700
  
701
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
702
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
703
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
704
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
705
  
24.1.12 by Björn Påhlsson
merge +
706
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
707
  written = 0;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
708
  while(true){
24.1.10 by Björn Påhlsson
merge commit
709
    size_t out_size = strlen(out);
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
710
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
24.1.10 by Björn Påhlsson
merge commit
711
				   out_size - written));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
712
    if(ret == -1){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
713
      int e = errno;
24.1.10 by Björn Påhlsson
merge commit
714
      perror("write");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
715
      errno = e;
24.1.12 by Björn Påhlsson
merge +
716
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
717
    }
24.1.12 by Björn Påhlsson
merge +
718
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
719
    if(written < out_size){
720
      continue;
721
    } else {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
722
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
723
	written = 0;
724
	out = "\r\n";
725
      } else {
726
	break;
727
      }
728
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
729
  
730
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
731
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
732
      goto mandos_end;
733
    }
24.1.10 by Björn Påhlsson
merge commit
734
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
735
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
736
  if(debug){
737
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
738
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
739
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
740
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
741
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
742
    goto mandos_end;
743
  }
744
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
745
  gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
746
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
747
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
748
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
749
    goto mandos_end;
750
  }
751
  
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
752
  do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
753
    ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
754
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
755
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
756
      goto mandos_end;
757
    }
24.1.29 by Björn Påhlsson
Added more header file comments
758
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
759
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
760
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
761
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
762
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
763
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
764
    }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
765
    errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
766
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
767
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
768
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
769
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
770
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
771
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
772
    fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
773
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
774
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
775
  
13 by Björn Påhlsson
Added following support:
776
  while(true){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
777
    
778
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
779
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
780
      goto mandos_end;
781
    }
782
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
783
    buffer_capacity = incbuffer(&buffer, buffer_length,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
784
				   buffer_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
785
    if(buffer_capacity == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
786
      int e = errno;
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
787
      perror("incbuffer");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
788
      errno = e;
24.1.12 by Björn Påhlsson
merge +
789
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
790
    }
791
    
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
792
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
793
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
794
      goto mandos_end;
795
    }
796
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
797
    sret = gnutls_record_recv(session, buffer+buffer_length,
798
			      BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
799
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
800
      break;
801
    }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
802
    if(sret < 0){
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
803
      switch(sret){
13 by Björn Påhlsson
Added following support:
804
      case GNUTLS_E_INTERRUPTED:
805
      case GNUTLS_E_AGAIN:
806
	break;
807
      case GNUTLS_E_REHANDSHAKE:
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
808
	do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
809
	  ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
810
	  
811
	  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
812
	    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
813
	    goto mandos_end;
814
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
815
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
816
	if(ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
817
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
818
	  gnutls_perror(ret);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
819
	  errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
820
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
821
	}
822
	break;
823
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
824
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
825
		" encrypted session with Mandos server\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
826
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
827
	errno = EIO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
828
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
829
      }
830
    } else {
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
831
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
832
    }
833
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
834
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
835
  if(debug){
836
    fprintf(stderr, "Closing TLS session\n");
837
  }
838
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
839
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
840
    errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
841
    goto mandos_end;
842
  }
843
  
844
  do {
845
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
846
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
847
      errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
848
      goto mandos_end;
849
    }
850
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
851
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
852
  if(buffer_length > 0){
237.2.125 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
853
    ssize_t decrypted_buffer_size;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
854
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
855
					       buffer_length,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
856
					       &decrypted_buffer);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
857
    if(decrypted_buffer_size >= 0){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
858
      
24.1.10 by Björn Påhlsson
merge commit
859
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
860
      while(written < (size_t) decrypted_buffer_size){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
861
	if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
862
	  errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
863
	  goto mandos_end;
864
	}
865
	
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
866
	ret = (int)fwrite(decrypted_buffer + written, 1,
867
			  (size_t)decrypted_buffer_size - written,
868
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
869
	if(ret == 0 and ferror(stdout)){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
870
	  int e = errno;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
871
	  if(debug){
872
	    fprintf(stderr, "Error writing encrypted data: %s\n",
873
		    strerror(errno));
874
	  }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
875
	  errno = e;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
876
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
877
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
878
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
879
      }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
880
      retval = 0;
13 by Björn Påhlsson
Added following support:
881
    }
882
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
883
  
884
  /* Shutdown procedure */
885
  
886
 mandos_end:
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
887
  {
888
    int e = errno;
889
    free(decrypted_buffer);
890
    free(buffer);
891
    if(tcp_sd >= 0){
892
      ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
893
    }
894
    if(ret == -1){
895
      if(e == 0){
896
	e = errno;
897
      }
898
      perror("close");
899
    }
900
    gnutls_deinit(session);
901
    if(quit_now){
902
      e = EINTR;
903
      retval = -1;
904
    }
905
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
906
  }
13 by Björn Påhlsson
Added following support:
907
  return retval;
908
}
909
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
910
static void resolve_callback(AvahiSServiceResolver *r,
911
			     AvahiIfIndex interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
912
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
913
			     AvahiResolverEvent event,
914
			     const char *name,
915
			     const char *type,
916
			     const char *domain,
917
			     const char *host_name,
918
			     const AvahiAddress *address,
919
			     uint16_t port,
920
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
921
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
922
			     flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
923
			     AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
924
  assert(r);
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
925
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
926
  /* Called whenever a service has been resolved successfully or
927
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
928
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
929
  if(quit_now){
930
    return;
931
  }
932
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
933
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
934
  default:
935
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
936
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
937
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
938
	    avahi_strerror(avahi_server_errno(mc.server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
939
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
940
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
941
  case AVAHI_RESOLVER_FOUND:
942
    {
943
      char ip[AVAHI_ADDRESS_STR_MAX];
944
      avahi_address_snprint(ip, sizeof(ip), address);
945
      if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
946
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
237.2.31 by Teddy Hogeborn
Fixes for sscanf usage:
947
		PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
948
		ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
949
      }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
950
      int ret = start_mandos_communication(ip, port, interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
951
					   avahi_proto_to_af(proto));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
952
      if(ret == 0){
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
953
	avahi_simple_poll_quit(mc.simple_poll);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
954
      }
13 by Björn Påhlsson
Added following support:
955
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
956
  }
957
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
958
}
959
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
960
static void browse_callback(AvahiSServiceBrowser *b,
961
			    AvahiIfIndex interface,
962
			    AvahiProtocol protocol,
963
			    AvahiBrowserEvent event,
964
			    const char *name,
965
			    const char *type,
966
			    const char *domain,
967
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
968
			    flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
969
			    AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
970
  assert(b);
24.1.9 by Björn Påhlsson
not working midwork...
971
  
972
  /* Called whenever a new services becomes available on the LAN or
973
     is removed from the LAN */
974
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
975
  if(quit_now){
976
    return;
977
  }
978
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
979
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
980
  default:
981
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
982
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
983
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
984
	    avahi_strerror(avahi_server_errno(mc.server)));
985
    avahi_simple_poll_quit(mc.simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
986
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
987
    
24.1.9 by Björn Påhlsson
not working midwork...
988
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
989
    /* We ignore the returned Avahi resolver object. In the callback
990
       function we free it. If the Avahi server is terminated before
991
       the callback function is called the Avahi server will free the
992
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
993
    
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
994
    if(avahi_s_service_resolver_new(mc.server, interface, protocol,
995
				    name, type, domain, protocol, 0,
996
				    resolve_callback, NULL) == NULL)
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
997
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
998
	      name, avahi_strerror(avahi_server_errno(mc.server)));
24.1.9 by Björn Påhlsson
not working midwork...
999
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1000
    
24.1.9 by Björn Påhlsson
not working midwork...
1001
  case AVAHI_BROWSER_REMOVE:
1002
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1003
    
24.1.9 by Björn Påhlsson
not working midwork...
1004
  case AVAHI_BROWSER_ALL_FOR_NOW:
1005
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1006
    if(debug){
1007
      fprintf(stderr, "No Mandos server found, still searching...\n");
1008
    }
24.1.9 by Björn Påhlsson
not working midwork...
1009
    break;
1010
  }
13 by Björn Påhlsson
Added following support:
1011
}
1012
24.1.135 by Björn Påhlsson
Earlier signal handling
1013
/* stop main loop after sigterm has been called */
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1014
static void handle_sigterm(int sig){
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1015
  if(quit_now){
1016
    return;
1017
  }
1018
  quit_now = 1;
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1019
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1020
  int old_errno = errno;
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1021
  if(mc.simple_poll != NULL){
1022
    avahi_simple_poll_quit(mc.simple_poll);
1023
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1024
  errno = old_errno;
1025
}
1026
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1027
/* 
1028
 * This function determines if a directory entry in /sys/class/net
1029
 * corresponds to an acceptable network device.
1030
 * (This function is passed to scandir(3) as a filter function.)
1031
 */
1032
int good_interface(const struct dirent *if_entry){
1033
  ssize_t ssret;
1034
  char *flagname = NULL;
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1035
  if(if_entry->d_name[0] == '.'){
1036
    return 0;
1037
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1038
  int ret = asprintf(&flagname, "%s/%s/flags", sys_class_net,
1039
		     if_entry->d_name);
1040
  if(ret < 0){
1041
    perror("asprintf");
1042
    return 0;
1043
  }
1044
  int flags_fd = (int)TEMP_FAILURE_RETRY(open(flagname, O_RDONLY));
1045
  if(flags_fd == -1){
1046
    perror("open");
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1047
    free(flagname);
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1048
    return 0;
1049
  }
237.7.28 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Check if the interface
1050
  free(flagname);
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1051
  typedef short ifreq_flags;	/* ifreq.ifr_flags in netdevice(7) */
1052
  /* read line from flags_fd */
1053
  ssize_t to_read = (sizeof(ifreq_flags)*2)+3; /* "0x1003\n" */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1054
  char *flagstring = malloc((size_t)to_read+1); /* +1 for final \0 */
1055
  flagstring[(size_t)to_read] = '\0';
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1056
  if(flagstring == NULL){
1057
    perror("malloc");
1058
    close(flags_fd);
1059
    return 0;
1060
  }
1061
  while(to_read > 0){
1062
    ssret = (ssize_t)TEMP_FAILURE_RETRY(read(flags_fd, flagstring,
1063
					     (size_t)to_read));
1064
    if(ssret == -1){
1065
      perror("read");
1066
      free(flagstring);
1067
      close(flags_fd);
1068
      return 0;
1069
    }
1070
    to_read -= ssret;
1071
    if(ssret == 0){
1072
      break;
1073
    }
1074
  }
1075
  close(flags_fd);
1076
  intmax_t tmpmax;
1077
  char *tmp;
1078
  errno = 0;
1079
  tmpmax = strtoimax(flagstring, &tmp, 0);
1080
  if(errno != 0 or tmp == flagstring or (*tmp != '\0'
1081
					 and not (isspace(*tmp)))
1082
     or tmpmax != (ifreq_flags)tmpmax){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1083
    if(debug){
1084
      fprintf(stderr, "Invalid flags \"%s\" for interface \"%s\"\n",
1085
	      flagstring, if_entry->d_name);
1086
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1087
    free(flagstring);
1088
    return 0;
1089
  }
1090
  free(flagstring);
1091
  ifreq_flags flags = (ifreq_flags)tmpmax;
1092
  /* Reject the loopback device */
1093
  if(flags & IFF_LOOPBACK){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1094
    if(debug){
1095
      fprintf(stderr, "Rejecting loopback interface \"%s\"\n",
1096
	      if_entry->d_name);
1097
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1098
    return 0;
1099
  }
1100
  /* Accept point-to-point devices only if connect_to is specified */
1101
  if(connect_to != NULL and (flags & IFF_POINTOPOINT)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1102
    if(debug){
1103
      fprintf(stderr, "Accepting point-to-point interface \"%s\"\n",
1104
	      if_entry->d_name);
1105
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1106
    return 1;
1107
  }
1108
  /* Otherwise, reject non-broadcast-capable devices */
1109
  if(not (flags & IFF_BROADCAST)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1110
    if(debug){
1111
      fprintf(stderr, "Rejecting non-broadcast interface \"%s\"\n",
1112
	      if_entry->d_name);
1113
    }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1114
    return 0;
1115
  }
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1116
  /* Reject non-ARP interfaces (including dummy interfaces) */
1117
  if(flags & IFF_NOARP){
1118
    if(debug){
1119
      fprintf(stderr, "Rejecting non-ARP interface \"%s\"\n",
1120
	      if_entry->d_name);
1121
    }
1122
    return 0;
1123
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1124
  /* Accept this device */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1125
  if(debug){
1126
    fprintf(stderr, "Interface \"%s\" is acceptable\n",
1127
	    if_entry->d_name);
1128
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1129
  return 1;
1130
}
1131
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1132
int main(int argc, char *argv[]){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1133
  AvahiSServiceBrowser *sb = NULL;
1134
  int error;
1135
  int ret;
1136
  intmax_t tmpmax;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1137
  char *tmp;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1138
  int exitcode = EXIT_SUCCESS;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1139
  const char *interface = "";
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1140
  struct ifreq network;
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1141
  int sd = -1;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1142
  bool take_down_interface = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1143
  uid_t uid;
1144
  gid_t gid;
1145
  char tempdir[] = "/tmp/mandosXXXXXX";
1146
  bool tempdir_created = false;
1147
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1148
  const char *seckey = PATHDIR "/" SECKEY;
1149
  const char *pubkey = PATHDIR "/" PUBKEY;
1150
  
1151
  bool gnutls_initialized = false;
1152
  bool gpgme_initialized = false;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1153
  float delay = 2.5f;
1154
  
237.2.132 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1155
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1156
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1157
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1158
  uid = getuid();
1159
  gid = getgid();
1160
  
1161
  /* Lower any group privileges we might have, just to be safe */
1162
  errno = 0;
1163
  ret = setgid(gid);
1164
  if(ret == -1){
1165
    perror("setgid");
1166
  }
1167
  
1168
  /* Lower user privileges (temporarily) */
1169
  errno = 0;
1170
  ret = seteuid(uid);
1171
  if(ret == -1){
1172
    perror("seteuid");
1173
  }
1174
  
1175
  if(quit_now){
1176
    goto end;
1177
  }
1178
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1179
  {
1180
    struct argp_option options[] = {
1181
      { .name = "debug", .key = 128,
1182
	.doc = "Debug mode", .group = 3 },
1183
      { .name = "connect", .key = 'c',
1184
	.arg = "ADDRESS:PORT",
1185
	.doc = "Connect directly to a specific Mandos server",
1186
	.group = 1 },
1187
      { .name = "interface", .key = 'i',
1188
	.arg = "NAME",
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1189
	.doc = "Network interface that will be used to search for"
1190
	" Mandos servers",
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1191
	.group = 1 },
1192
      { .name = "seckey", .key = 's',
1193
	.arg = "FILE",
1194
	.doc = "OpenPGP secret key file base name",
1195
	.group = 1 },
1196
      { .name = "pubkey", .key = 'p',
1197
	.arg = "FILE",
1198
	.doc = "OpenPGP public key file base name",
1199
	.group = 2 },
1200
      { .name = "dh-bits", .key = 129,
1201
	.arg = "BITS",
1202
	.doc = "Bit length of the prime number used in the"
1203
	" Diffie-Hellman key exchange",
1204
	.group = 2 },
1205
      { .name = "priority", .key = 130,
1206
	.arg = "STRING",
1207
	.doc = "GnuTLS priority string for the TLS handshake",
1208
	.group = 1 },
1209
      { .name = "delay", .key = 131,
1210
	.arg = "SECONDS",
1211
	.doc = "Maximum delay to wait for interface startup",
1212
	.group = 2 },
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1213
      /*
1214
       * These reproduce what we would get without ARGP_NO_HELP
1215
       */
1216
      { .name = "help", .key = '?',
1217
	.doc = "Give this help list", .group = -1 },
1218
      { .name = "usage", .key = -3,
1219
	.doc = "Give a short usage message", .group = -1 },
1220
      { .name = "version", .key = 'V',
1221
	.doc = "Print program version", .group = -1 },
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1222
      { .name = NULL }
1223
    };
1224
    
1225
    error_t parse_opt(int key, char *arg,
1226
		      struct argp_state *state){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1227
      errno = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1228
      switch(key){
1229
      case 128:			/* --debug */
1230
	debug = true;
1231
	break;
1232
      case 'c':			/* --connect */
1233
	connect_to = arg;
1234
	break;
1235
      case 'i':			/* --interface */
1236
	interface = arg;
1237
	break;
1238
      case 's':			/* --seckey */
1239
	seckey = arg;
1240
	break;
1241
      case 'p':			/* --pubkey */
1242
	pubkey = arg;
1243
	break;
1244
      case 129:			/* --dh-bits */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1245
	errno = 0;
1246
	tmpmax = strtoimax(arg, &tmp, 10);
1247
	if(errno != 0 or tmp == arg or *tmp != '\0'
1248
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1249
	  argp_error(state, "Bad number of DH bits");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1250
	}
1251
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1252
	break;
1253
      case 130:			/* --priority */
1254
	mc.priority = arg;
1255
	break;
1256
      case 131:			/* --delay */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1257
	errno = 0;
1258
	delay = strtof(arg, &tmp);
1259
	if(errno != 0 or tmp == arg or *tmp != '\0'){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1260
	  argp_error(state, "Bad delay");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1261
	}
1262
	break;
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1263
	/*
1264
	 * These reproduce what we would get without ARGP_NO_HELP
1265
	 */
1266
      case '?':			/* --help */
1267
	argp_state_help(state, state->out_stream,
1268
			(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1269
			& ~(unsigned int)ARGP_HELP_EXIT_OK);
1270
      case -3:			/* --usage */
1271
	argp_state_help(state, state->out_stream,
1272
			ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1273
      case 'V':			/* --version */
1274
	fprintf(state->out_stream, "%s\n", argp_program_version);
1275
	exit(argp_err_exit_status);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1276
	break;
1277
      default:
1278
	return ARGP_ERR_UNKNOWN;
1279
      }
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1280
      return errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1281
    }
1282
    
1283
    struct argp argp = { .options = options, .parser = parse_opt,
1284
			 .args_doc = "",
1285
			 .doc = "Mandos client -- Get and decrypt"
1286
			 " passwords from a Mandos server" };
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1287
    ret = argp_parse(&argp, argc, argv,
1288
		     ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1289
    switch(ret){
1290
    case 0:
1291
      break;
1292
    case ENOMEM:
1293
    default:
1294
      errno = ret;
1295
      perror("argp_parse");
1296
      exitcode = EX_OSERR;
1297
      goto end;
1298
    case EINVAL:
1299
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1300
      goto end;
1301
    }
1302
  }
1303
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1304
  if(not debug){
1305
    avahi_set_log_function(empty_log);
1306
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1307
1308
  if(interface[0] == '\0'){
1309
    struct dirent **direntries;
1310
    ret = scandir(sys_class_net, &direntries, good_interface,
1311
		  alphasort);
1312
    if(ret >= 1){
1313
      /* Pick the first good interface */
1314
      interface = strdup(direntries[0]->d_name);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1315
      if(debug){
1316
	fprintf(stderr, "Using interface \"%s\"\n", interface);
1317
      }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1318
      if(interface == NULL){
1319
	perror("malloc");
1320
	free(direntries);
1321
	exitcode = EXIT_FAILURE;
1322
	goto end;
1323
      }
1324
      free(direntries);
1325
    } else {
1326
      free(direntries);
1327
      fprintf(stderr, "Could not find a network interface\n");
1328
      exitcode = EXIT_FAILURE;
1329
      goto end;
1330
    }
1331
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1332
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1333
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
1334
     from the signal handler */
1335
  /* Initialize the pseudo-RNG for Avahi */
1336
  srand((unsigned int) time(NULL));
1337
  mc.simple_poll = avahi_simple_poll_new();
1338
  if(mc.simple_poll == NULL){
1339
    fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1340
    exitcode = EX_UNAVAILABLE;
24.1.135 by Björn Påhlsson
Earlier signal handling
1341
    goto end;
1342
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1343
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1344
  sigemptyset(&sigterm_action.sa_mask);
237.2.72 by Teddy Hogeborn
Merge from Björn:
1345
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1346
  if(ret == -1){
1347
    perror("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1348
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
1349
    goto end;
1350
  }
1351
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1352
  if(ret == -1){
1353
    perror("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1354
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
1355
    goto end;
1356
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
1357
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1358
  if(ret == -1){
1359
    perror("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1360
    exitcode = EX_OSERR;
24.1.135 by Björn Påhlsson
Earlier signal handling
1361
    goto end;
1362
  }
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1363
  /* Need to check if the handler is SIG_IGN before handling:
1364
     | [[info:libc:Initial Signal Actions]] |
1365
     | [[info:libc:Basic Signal Handling]]  |
1366
  */
1367
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1368
  if(ret == -1){
1369
    perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1370
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1371
  }
1372
  if(old_sigterm_action.sa_handler != SIG_IGN){
1373
    ret = sigaction(SIGINT, &sigterm_action, NULL);
1374
    if(ret == -1){
1375
      perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1376
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1377
      goto end;
1378
    }
1379
  }
1380
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1381
  if(ret == -1){
1382
    perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1383
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1384
  }
1385
  if(old_sigterm_action.sa_handler != SIG_IGN){
1386
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
1387
    if(ret == -1){
1388
      perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1389
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1390
      goto end;
1391
    }
1392
  }
1393
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1394
  if(ret == -1){
1395
    perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1396
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1397
  }
1398
  if(old_sigterm_action.sa_handler != SIG_IGN){
1399
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
1400
    if(ret == -1){
1401
      perror("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1402
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1403
      goto end;
1404
    }
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1405
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1406
  
1407
  /* If the interface is down, bring it up */
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1408
  if(strcmp(interface, "none") != 0){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1409
    if_index = (AvahiIfIndex) if_nametoindex(interface);
1410
    if(if_index == 0){
1411
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1412
      exitcode = EX_UNAVAILABLE;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1413
      goto end;
1414
    }
1415
    
1416
    if(quit_now){
1417
      goto end;
1418
    }
1419
    
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1420
    /* Re-raise priviliges */
1421
    errno = 0;
1422
    ret = seteuid(0);
1423
    if(ret == -1){
1424
      perror("seteuid");
1425
    }
1426
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1427
#ifdef __linux__
1428
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1429
       messages about the network interface to mess up the prompt */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1430
    ret = klogctl(8, NULL, 5);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1431
    bool restore_loglevel = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1432
    if(ret == -1){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1433
      restore_loglevel = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1434
      perror("klogctl");
1435
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1436
#endif	/* __linux__ */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1437
    
1438
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1439
    if(sd < 0){
1440
      perror("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1441
      exitcode = EX_OSERR;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1442
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1443
      if(restore_loglevel){
1444
	ret = klogctl(7, NULL, 0);
1445
	if(ret == -1){
1446
	  perror("klogctl");
1447
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1448
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1449
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1450
      /* Lower privileges */
1451
      errno = 0;
1452
      ret = seteuid(uid);
1453
      if(ret == -1){
1454
	perror("seteuid");
1455
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1456
      goto end;
1457
    }
1458
    strcpy(network.ifr_name, interface);
1459
    ret = ioctl(sd, SIOCGIFFLAGS, &network);
1460
    if(ret == -1){
1461
      perror("ioctl SIOCGIFFLAGS");
1462
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1463
      if(restore_loglevel){
1464
	ret = klogctl(7, NULL, 0);
1465
	if(ret == -1){
1466
	  perror("klogctl");
1467
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1468
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1469
#endif	/* __linux__ */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1470
      exitcode = EX_OSERR;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1471
      /* Lower privileges */
1472
      errno = 0;
1473
      ret = seteuid(uid);
1474
      if(ret == -1){
1475
	perror("seteuid");
1476
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1477
      goto end;
1478
    }
1479
    if((network.ifr_flags & IFF_UP) == 0){
1480
      network.ifr_flags |= IFF_UP;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1481
      take_down_interface = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1482
      ret = ioctl(sd, SIOCSIFFLAGS, &network);
1483
      if(ret == -1){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1484
	take_down_interface = false;
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1485
	perror("ioctl SIOCSIFFLAGS +IFF_UP");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1486
	exitcode = EX_OSERR;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1487
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1488
	if(restore_loglevel){
1489
	  ret = klogctl(7, NULL, 0);
1490
	  if(ret == -1){
1491
	    perror("klogctl");
1492
	  }
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
1493
	}
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1494
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1495
	/* Lower privileges */
1496
	errno = 0;
1497
	ret = seteuid(uid);
1498
	if(ret == -1){
1499
	  perror("seteuid");
1500
	}
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1501
	goto end;
1502
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1503
    }
1504
    /* sleep checking until interface is running */
1505
    for(int i=0; i < delay * 4; i++){
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1506
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1507
      if(ret == -1){
1508
	perror("ioctl SIOCGIFFLAGS");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1509
      } else if(network.ifr_flags & IFF_RUNNING){
1510
	break;
1511
      }
1512
      struct timespec sleeptime = { .tv_nsec = 250000000 };
1513
      ret = nanosleep(&sleeptime, NULL);
1514
      if(ret == -1 and errno != EINTR){
1515
	perror("nanosleep");
1516
      }
1517
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1518
    if(not take_down_interface){
1519
      /* We won't need the socket anymore */
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1520
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1521
      if(ret == -1){
1522
	perror("close");
1523
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1524
    }
1525
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1526
    if(restore_loglevel){
1527
      /* Restores kernel loglevel to default */
1528
      ret = klogctl(7, NULL, 0);
1529
      if(ret == -1){
1530
	perror("klogctl");
1531
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1532
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1533
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1534
    /* Lower privileges */
1535
    errno = 0;
1536
    if(take_down_interface){
1537
      /* Lower privileges */
1538
      ret = seteuid(uid);
1539
      if(ret == -1){
1540
	perror("seteuid");
1541
      }
1542
    } else {
1543
      /* Lower privileges permanently */
1544
      ret = setuid(uid);
1545
      if(ret == -1){
1546
	perror("setuid");
1547
      }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1548
    }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1549
  }
1550
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1551
  if(quit_now){
1552
    goto end;
1553
  }
1554
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1555
  ret = init_gnutls_global(pubkey, seckey);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1556
  if(ret == -1){
1557
    fprintf(stderr, "init_gnutls_global failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1558
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1559
    goto end;
1560
  } else {
1561
    gnutls_initialized = true;
1562
  }
1563
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1564
  if(quit_now){
1565
    goto end;
1566
  }
1567
  
1568
  tempdir_created = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1569
  if(mkdtemp(tempdir) == NULL){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1570
    tempdir_created = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1571
    perror("mkdtemp");
1572
    goto end;
1573
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1574
  
1575
  if(quit_now){
1576
    goto end;
1577
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1578
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1579
  if(not init_gpgme(pubkey, seckey, tempdir)){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1580
    fprintf(stderr, "init_gpgme failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1581
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1582
    goto end;
1583
  } else {
1584
    gpgme_initialized = true;
1585
  }
1586
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1587
  if(quit_now){
1588
    goto end;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1589
  }
1590
  
1591
  if(connect_to != NULL){
1592
    /* Connect directly, do not use Zeroconf */
1593
    /* (Mainly meant for debugging) */
1594
    char *address = strrchr(connect_to, ':');
1595
    if(address == NULL){
1596
      fprintf(stderr, "No colon in address\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1597
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1598
      goto end;
1599
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1600
    
1601
    if(quit_now){
1602
      goto end;
1603
    }
1604
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1605
    uint16_t port;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1606
    errno = 0;
1607
    tmpmax = strtoimax(address+1, &tmp, 10);
1608
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
1609
       or tmpmax != (uint16_t)tmpmax){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1610
      fprintf(stderr, "Bad port number\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1611
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1612
      goto end;
1613
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1614
  
1615
    if(quit_now){
1616
      goto end;
1617
    }
1618
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1619
    port = (uint16_t)tmpmax;
1620
    *address = '\0';
1621
    address = connect_to;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1622
    /* Colon in address indicates IPv6 */
1623
    int af;
1624
    if(strchr(address, ':') != NULL){
1625
      af = AF_INET6;
1626
    } else {
1627
      af = AF_INET;
1628
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1629
    
1630
    if(quit_now){
1631
      goto end;
1632
    }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1633
1634
    while(not quit_now){
1635
      ret = start_mandos_communication(address, port, if_index, af);
1636
      if(quit_now or ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1637
	break;
1638
      }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1639
      sleep(15);
1640
    };
1641
1642
    if (not quit_now){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1643
      exitcode = EXIT_SUCCESS;
1644
    }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1645
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1646
    goto end;
1647
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1648
  
1649
  if(quit_now){
1650
    goto end;
1651
  }
1652
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1653
  {
1654
    AvahiServerConfig config;
1655
    /* Do not publish any local Zeroconf records */
1656
    avahi_server_config_init(&config);
1657
    config.publish_hinfo = 0;
1658
    config.publish_addresses = 0;
1659
    config.publish_workstation = 0;
1660
    config.publish_domain = 0;
1661
    
1662
    /* Allocate a new server */
1663
    mc.server = avahi_server_new(avahi_simple_poll_get
1664
				 (mc.simple_poll), &config, NULL,
1665
				 NULL, &error);
1666
    
1667
    /* Free the Avahi configuration data */
1668
    avahi_server_config_free(&config);
1669
  }
1670
  
1671
  /* Check if creating the Avahi server object succeeded */
1672
  if(mc.server == NULL){
1673
    fprintf(stderr, "Failed to create Avahi server: %s\n",
1674
	    avahi_strerror(error));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1675
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1676
    goto end;
1677
  }
1678
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1679
  if(quit_now){
1680
    goto end;
1681
  }
1682
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1683
  /* Create the Avahi service browser */
1684
  sb = avahi_s_service_browser_new(mc.server, if_index,
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
1685
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1686
				   NULL, 0, browse_callback, NULL);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1687
  if(sb == NULL){
1688
    fprintf(stderr, "Failed to create service browser: %s\n",
1689
	    avahi_strerror(avahi_server_errno(mc.server)));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1690
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1691
    goto end;
1692
  }
237.2.70 by Teddy Hogeborn
Merge from Björn:
1693
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1694
  if(quit_now){
1695
    goto end;
1696
  }
1697
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1698
  /* Run the main loop */
1699
  
1700
  if(debug){
1701
    fprintf(stderr, "Starting Avahi loop search\n");
1702
  }
1703
  
1704
  avahi_simple_poll_loop(mc.simple_poll);
1705
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1706
 end:
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1707
  
1708
  if(debug){
1709
    fprintf(stderr, "%s exiting\n", argv[0]);
1710
  }
1711
  
1712
  /* Cleanup things */
1713
  if(sb != NULL)
1714
    avahi_s_service_browser_free(sb);
1715
  
1716
  if(mc.server != NULL)
1717
    avahi_server_free(mc.server);
1718
  
1719
  if(mc.simple_poll != NULL)
1720
    avahi_simple_poll_free(mc.simple_poll);
1721
  
1722
  if(gnutls_initialized){
1723
    gnutls_certificate_free_credentials(mc.cred);
1724
    gnutls_global_deinit();
1725
    gnutls_dh_params_deinit(mc.dh_params);
1726
  }
1727
  
1728
  if(gpgme_initialized){
1729
    gpgme_release(mc.ctx);
1730
  }
1731
  
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1732
  /* Take down the network interface */
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1733
  if(take_down_interface){
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1734
    /* Re-raise priviliges */
1735
    errno = 0;
1736
    ret = seteuid(0);
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1737
    if(ret == -1){
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1738
      perror("seteuid");
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1739
    }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1740
    if(geteuid() == 0){
1741
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1742
      if(ret == -1){
1743
	perror("ioctl SIOCGIFFLAGS");
1744
      } else if(network.ifr_flags & IFF_UP) {
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1745
	network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1746
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
1747
	if(ret == -1){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1748
	  perror("ioctl SIOCSIFFLAGS -IFF_UP");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1749
	}
1750
      }
1751
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1752
      if(ret == -1){
1753
	perror("close");
1754
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1755
      /* Lower privileges permanently */
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1756
      errno = 0;
1757
      ret = setuid(uid);
1758
      if(ret == -1){
1759
	perror("setuid");
1760
      }
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1761
    }
1762
  }
1763
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1764
  /* Removes the temp directory used by GPGME */
1765
  if(tempdir_created){
1766
    DIR *d;
1767
    struct dirent *direntry;
1768
    d = opendir(tempdir);
1769
    if(d == NULL){
1770
      if(errno != ENOENT){
1771
	perror("opendir");
1772
      }
1773
    } else {
1774
      while(true){
1775
	direntry = readdir(d);
1776
	if(direntry == NULL){
1777
	  break;
1778
	}
1779
	/* Skip "." and ".." */
1780
	if(direntry->d_name[0] == '.'
1781
	   and (direntry->d_name[1] == '\0'
1782
		or (direntry->d_name[1] == '.'
1783
		    and direntry->d_name[2] == '\0'))){
1784
	  continue;
1785
	}
1786
	char *fullname = NULL;
1787
	ret = asprintf(&fullname, "%s/%s", tempdir,
1788
		       direntry->d_name);
1789
	if(ret < 0){
1790
	  perror("asprintf");
1791
	  continue;
1792
	}
1793
	ret = remove(fullname);
1794
	if(ret == -1){
1795
	  fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1796
		  strerror(errno));
1797
	}
1798
	free(fullname);
1799
      }
1800
      closedir(d);
1801
    }
1802
    ret = rmdir(tempdir);
1803
    if(ret == -1 and errno != ENOENT){
1804
      perror("rmdir");
1805
    }
1806
  }
1807
  
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1808
  if(quit_now){
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1809
    sigemptyset(&old_sigterm_action.sa_mask);
1810
    old_sigterm_action.sa_handler = SIG_DFL;
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1811
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
1812
					    &old_sigterm_action,
1813
					    NULL));
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1814
    if(ret == -1){
1815
      perror("sigaction");
1816
    }
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1817
    do {
1818
      ret = raise(signal_received);
1819
    } while(ret != 0 and errno == EINTR);
1820
    if(ret != 0){
1821
      perror("raise");
1822
      abort();
1823
    }
1824
    TEMP_FAILURE_RETRY(pause());
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1825
  }
1826
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1827
  return exitcode;
13 by Björn Påhlsson
Added following support:
1828
}