/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
237.2.24 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
237.2.9 by Teddy Hogeborn
* README: Update copyright year; add "2009".
12
 * Copyright © 2008,2009 Teddy Hogeborn
13
 * Copyright © 2008,2009 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
29
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
24.1.26 by Björn Påhlsson
tally count of used symbols
44
#include <stdint.h> 		/* uint16_t, uint32_t */
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
24.1.29 by Björn Påhlsson
Added more header file comments
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, EXIT_FAILURE,
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
47
				   srand(), strtof(), abort() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
56
#include <sys/stat.h>		/* open() */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
58
				   inet_pton(), connect() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
59
#include <fcntl.h>		/* open() */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
60
#include <dirent.h>		/* opendir(), struct dirent, readdir()
61
				 */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
62
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
63
				   strtoimax() */
24.1.29 by Björn Påhlsson
Added more header file comments
64
#include <assert.h>		/* assert() */
65
#include <errno.h>		/* perror(), errno */
237.2.54 by Teddy Hogeborn
Merge from Björn:
66
#include <time.h>		/* nanosleep(), time() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
67
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
68
				   SIOCSIFFLAGS, if_indextoname(),
69
				   if_nametoindex(), IF_NAMESIZE */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
70
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
71
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
73
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
74
				   getuid(), getgid(), seteuid(),
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
75
				   setgid(), pause() */
24.1.26 by Björn Påhlsson
tally count of used symbols
76
#include <arpa/inet.h>		/* inet_pton(), htons */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
77
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
78
#include <argp.h>		/* struct argp_option, error_t, struct
79
				   argp_state, struct argp,
80
				   argp_parse(), ARGP_KEY_ARG,
81
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
237.2.70 by Teddy Hogeborn
Merge from Björn:
82
#include <signal.h>		/* sigemptyset(), sigaddset(),
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
83
				   sigaction(), SIGTERM, sig_atomic_t,
84
				   raise() */
237.2.70 by Teddy Hogeborn
Merge from Björn:
85
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
86
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
87
#include <sys/klog.h> 		/* klogctl() */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
88
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
89
90
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
91
/* All Avahi types, constants and functions
92
 Avahi*, avahi_*,
93
 AVAHI_* */
94
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
95
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
96
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
97
#include <avahi-common/simple-watch.h>
98
#include <avahi-common/malloc.h>
99
#include <avahi-common/error.h>
100
101
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
102
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
103
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
104
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
105
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
106
				   GNUTLS_* */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
107
#include <gnutls/openpgp.h>
108
			  /* gnutls_certificate_set_openpgp_key_file(),
24.1.29 by Björn Påhlsson
Added more header file comments
109
				   GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
110
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
111
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
112
#include <gpgme.h> 		/* All GPGME types, constants and
113
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
114
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
115
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
116
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
117
118
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
119
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
120
#define PATHDIR "/conf/conf.d/mandos"
121
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
122
#define PUBKEY "pubkey.txt"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
123
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
124
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
125
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
126
const char *argp_program_version = "mandos-client " VERSION;
24.1.14 by Björn Påhlsson
mandosclient
127
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
128
static const char sys_class_net[] = "/sys/class/net";
129
char *connect_to = NULL;
24.1.10 by Björn Påhlsson
merge commit
130
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
131
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
132
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
133
  AvahiSimplePoll *simple_poll;
134
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
135
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
136
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
137
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
138
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
139
  gpgme_ctx_t ctx;
24.1.9 by Björn Påhlsson
not working midwork...
140
} mandos_context;
13 by Björn Påhlsson
Added following support:
141
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
142
/* global context so signal handler can reach it*/
24.1.135 by Björn Påhlsson
Earlier signal handling
143
mandos_context mc = { .simple_poll = NULL, .server = NULL,
144
		      .dh_bits = 1024, .priority = "SECURE256"
145
		      ":!CTYPE-X.509:+CTYPE-OPENPGP" };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
146
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
147
sig_atomic_t quit_now = 0;
148
int signal_received = 0;
149
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
150
/*
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
151
 * Make additional room in "buffer" for at least BUFFER_SIZE more
152
 * bytes. "buffer_capacity" is how much is currently allocated,
153
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
154
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
155
size_t incbuffer(char **buffer, size_t buffer_length,
24.1.10 by Björn Påhlsson
merge commit
156
		  size_t buffer_capacity){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
157
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
158
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
159
    if(buffer == NULL){
24.1.10 by Björn Påhlsson
merge commit
160
      return 0;
161
    }
162
    buffer_capacity += BUFFER_SIZE;
163
  }
164
  return buffer_capacity;
165
}
166
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
167
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
168
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
169
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
170
static bool init_gpgme(const char *seckey,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
171
		       const char *pubkey, const char *tempdir){
13 by Björn Påhlsson
Added following support:
172
  gpgme_error_t rc;
173
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
174
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
175
  
176
  /*
237.2.51 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
177
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
178
   */
179
  bool import_key(const char *filename){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
180
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
181
    int fd;
182
    gpgme_data_t pgp_data;
183
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
184
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
185
    if(fd == -1){
186
      perror("open");
187
      return false;
188
    }
189
    
190
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
191
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
192
      fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
193
	      gpgme_strsource(rc), gpgme_strerror(rc));
194
      return false;
195
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
196
    
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
197
    rc = gpgme_op_import(mc.ctx, pgp_data);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
198
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
199
      fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
200
	      gpgme_strsource(rc), gpgme_strerror(rc));
201
      return false;
202
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
203
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
204
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
205
    if(ret == -1){
206
      perror("close");
207
    }
208
    gpgme_data_release(pgp_data);
209
    return true;
210
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
211
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
212
  if(debug){
237.2.70 by Teddy Hogeborn
Merge from Björn:
213
    fprintf(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
214
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
215
  
13 by Björn Påhlsson
Added following support:
216
  /* Init GPGME */
217
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
218
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
219
  if(rc != GPG_ERR_NO_ERROR){
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
220
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
221
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
222
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
223
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
224
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
225
    /* Set GPGME home directory for the OpenPGP engine only */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
226
  rc = gpgme_get_engine_info(&engine_info);
227
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
228
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
229
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
230
    return false;
13 by Björn Påhlsson
Added following support:
231
  }
232
  while(engine_info != NULL){
233
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
234
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
235
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
236
      break;
237
    }
238
    engine_info = engine_info->next;
239
  }
240
  if(engine_info == NULL){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
241
    fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
242
    return false;
243
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
244
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
245
  /* Create new GPGME "context" */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
246
  rc = gpgme_new(&(mc.ctx));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
247
  if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
248
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
249
	    gpgme_strsource(rc), gpgme_strerror(rc));
250
    return false;
251
  }
252
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
253
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
254
    return false;
255
  }
256
  
237.2.118 by Teddy Hogeborn
* mandos: White-space fixes only.
257
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
258
}
259
260
/* 
261
 * Decrypt OpenPGP data.
262
 * Returns -1 on error
263
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
264
static ssize_t pgp_packet_decrypt(const char *cryptotext,
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
265
				  size_t crypto_size,
266
				  char **plaintext){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
267
  gpgme_data_t dh_crypto, dh_plain;
268
  gpgme_error_t rc;
269
  ssize_t ret;
270
  size_t plaintext_capacity = 0;
271
  ssize_t plaintext_length = 0;
272
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
273
  if(debug){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
274
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
275
  }
276
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
277
  /* Create new GPGME data buffer from memory cryptotext */
278
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
279
			       0);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
280
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
281
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
282
	    gpgme_strsource(rc), gpgme_strerror(rc));
283
    return -1;
284
  }
285
  
286
  /* Create new empty GPGME data buffer for the plaintext */
287
  rc = gpgme_data_new(&dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
288
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
289
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
290
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
291
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
292
    return -1;
293
  }
294
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
295
  /* Decrypt data from the cryptotext data buffer to the plaintext
296
     data buffer */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
297
  rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
298
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
299
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
300
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
301
    plaintext_length = -1;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
302
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
303
      gpgme_decrypt_result_t result;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
304
      result = gpgme_op_decrypt_result(mc.ctx);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
305
      if(result == NULL){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
306
	fprintf(stderr, "gpgme_op_decrypt_result failed\n");
307
      } else {
308
	fprintf(stderr, "Unsupported algorithm: %s\n",
309
		result->unsupported_algorithm);
310
	fprintf(stderr, "Wrong key usage: %u\n",
311
		result->wrong_key_usage);
312
	if(result->file_name != NULL){
313
	  fprintf(stderr, "File name: %s\n", result->file_name);
314
	}
315
	gpgme_recipient_t recipient;
316
	recipient = result->recipients;
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
317
	while(recipient != NULL){
318
	  fprintf(stderr, "Public key algorithm: %s\n",
319
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
320
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
321
	  fprintf(stderr, "Secret key available: %s\n",
322
		  recipient->status == GPG_ERR_NO_SECKEY
323
		  ? "No" : "Yes");
324
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
325
	}
326
      }
327
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
328
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
329
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
330
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
331
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
332
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
333
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
334
  
13 by Björn Påhlsson
Added following support:
335
  /* Seek back to the beginning of the GPGME plaintext data buffer */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
336
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.92 by Björn Påhlsson
Several memory leaks detected by valgrind fixed
337
    perror("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
338
    plaintext_length = -1;
339
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
340
  }
341
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
342
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
343
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
344
    plaintext_capacity = incbuffer(plaintext,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
345
				      (size_t)plaintext_length,
24.1.12 by Björn Påhlsson
merge +
346
				      plaintext_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
347
    if(plaintext_capacity == 0){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
348
	perror("incbuffer");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
349
	plaintext_length = -1;
350
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
351
    }
352
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
353
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
354
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
355
    /* Print the data, if any */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
356
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
357
      /* EOF */
13 by Björn Påhlsson
Added following support:
358
      break;
359
    }
360
    if(ret < 0){
361
      perror("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
362
      plaintext_length = -1;
363
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
364
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
365
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
366
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
367
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
368
  if(debug){
369
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
370
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
371
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
372
    }
373
    fprintf(stderr, "\n");
374
  }
375
  
376
 decrypt_end:
377
  
378
  /* Delete the GPGME cryptotext data buffer */
379
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
380
  
381
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
382
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
383
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
384
}
385
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
386
static const char * safer_gnutls_strerror(int value){
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
387
  const char *ret = gnutls_strerror(value); /* Spurious warning from
388
					       -Wunreachable-code */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
389
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
390
    ret = "(unknown)";
391
  return ret;
392
}
393
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
394
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
395
static void debuggnutls(__attribute__((unused)) int level,
396
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
397
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
398
}
399
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
400
static int init_gnutls_global(const char *pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
401
			      const char *seckeyfilename){
13 by Björn Påhlsson
Added following support:
402
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
403
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
404
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
405
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
406
  }
24.1.29 by Björn Påhlsson
Added more header file comments
407
  
408
  ret = gnutls_global_init();
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
409
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
410
    fprintf(stderr, "GnuTLS global_init: %s\n",
411
	    safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
412
    return -1;
413
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
414
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
415
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
416
    /* "Use a log level over 10 to enable all debugging options."
417
     * - GnuTLS manual
418
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
419
    gnutls_global_set_log_level(11);
420
    gnutls_global_set_log_function(debuggnutls);
421
  }
422
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
423
  /* OpenPGP credentials */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
424
  gnutls_certificate_allocate_credentials(&mc.cred);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
425
  if(ret != GNUTLS_E_SUCCESS){
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
426
    fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
237.2.67 by Teddy Hogeborn
Four new interrelated features:
427
						    from
428
						    -Wunreachable-code
429
						 */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
430
	    safer_gnutls_strerror(ret));
431
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
432
    return -1;
433
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
434
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
435
  if(debug){
147 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Improved wording
436
    fprintf(stderr, "Attempting to use OpenPGP public key %s and"
437
	    " secret key %s as GnuTLS credentials\n", pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
438
	    seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
439
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
440
  
13 by Björn Påhlsson
Added following support:
441
  ret = gnutls_certificate_set_openpgp_key_file
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
442
    (mc.cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
443
     GNUTLS_OPENPGP_FMT_BASE64);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
444
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
445
    fprintf(stderr,
446
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
447
	    " '%s')\n", ret, pubkeyfilename, seckeyfilename);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
448
    fprintf(stderr, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
449
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
450
    goto globalfail;
13 by Björn Påhlsson
Added following support:
451
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
452
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
453
  /* GnuTLS server initialization */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
454
  ret = gnutls_dh_params_init(&mc.dh_params);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
455
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
456
    fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
457
	    " %s\n", safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
458
    goto globalfail;
13 by Björn Påhlsson
Added following support:
459
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
460
  ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
461
  if(ret != GNUTLS_E_SUCCESS){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
462
    fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
463
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
464
    goto globalfail;
13 by Björn Påhlsson
Added following support:
465
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
466
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
467
  gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
468
  
24.1.13 by Björn Påhlsson
mandosclient
469
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
470
  
24.1.20 by Björn Påhlsson
mandosclient
471
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
472
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
473
  gnutls_certificate_free_credentials(mc.cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
474
  gnutls_global_deinit();
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
475
  gnutls_dh_params_deinit(mc.dh_params);
24.1.20 by Björn Påhlsson
mandosclient
476
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
477
}
478
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
479
static int init_gnutls_session(gnutls_session_t *session){
24.1.13 by Björn Påhlsson
mandosclient
480
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
481
  /* GnuTLS session creation */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
482
  do {
483
    ret = gnutls_init(session, GNUTLS_SERVER);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
484
    if(quit_now){
485
      return -1;
486
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
487
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
488
  if(ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
489
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
490
	    safer_gnutls_strerror(ret));
491
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
492
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
493
  {
494
    const char *err;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
495
    do {
496
      ret = gnutls_priority_set_direct(*session, mc.priority, &err);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
497
      if(quit_now){
498
	gnutls_deinit(*session);
499
	return -1;
500
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
501
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
502
    if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
503
      fprintf(stderr, "Syntax error at: %s\n", err);
504
      fprintf(stderr, "GnuTLS error: %s\n",
505
	      safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
506
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
507
      return -1;
508
    }
13 by Björn Påhlsson
Added following support:
509
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
510
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
511
  do {
512
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
513
				 mc.cred);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
514
    if(quit_now){
515
      gnutls_deinit(*session);
516
      return -1;
517
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
518
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
519
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
520
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
521
	    safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
522
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
523
    return -1;
524
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
525
  
13 by Björn Påhlsson
Added following support:
526
  /* ignore client certificate if any. */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
527
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
528
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
529
  gnutls_dh_set_prime_bits(*session, mc.dh_bits);
13 by Björn Påhlsson
Added following support:
530
  
531
  return 0;
532
}
533
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
534
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
535
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
536
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
537
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
538
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
539
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
540
				      AvahiIfIndex if_index,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
541
				      int af){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
542
  int ret, tcp_sd = -1;
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
543
  ssize_t sret;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
544
  union {
545
    struct sockaddr_in in;
546
    struct sockaddr_in6 in6;
547
  } to;
13 by Björn Påhlsson
Added following support:
548
  char *buffer = NULL;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
549
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
550
  size_t buffer_length = 0;
551
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
552
  size_t written;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
553
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
554
  gnutls_session_t session;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
555
  int pf;			/* Protocol family */
556
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
557
  if(quit_now){
558
    return -1;
559
  }
560
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
561
  switch(af){
562
  case AF_INET6:
563
    pf = PF_INET6;
564
    break;
565
  case AF_INET:
566
    pf = PF_INET;
567
    break;
568
  default:
569
    fprintf(stderr, "Bad address family: %d\n", af);
570
    return -1;
571
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
572
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
573
  ret = init_gnutls_session(&session);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
574
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
575
    return -1;
576
  }
577
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
578
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
579
    fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
580
	    "\n", ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
581
  }
13 by Björn Påhlsson
Added following support:
582
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
583
  tcp_sd = socket(pf, SOCK_STREAM, 0);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
584
  if(tcp_sd < 0){
13 by Björn Påhlsson
Added following support:
585
    perror("socket");
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
586
    goto mandos_end;
587
  }
588
  
589
  if(quit_now){
590
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
591
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
592
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
593
  memset(&to, 0, sizeof(to));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
594
  if(af == AF_INET6){
237.2.88 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): "sin6_family"
595
    to.in6.sin6_family = (sa_family_t)af;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
596
    ret = inet_pton(af, ip, &to.in6.sin6_addr);
597
  } else {			/* IPv4 */
598
    to.in.sin_family = (sa_family_t)af;
599
    ret = inet_pton(af, ip, &to.in.sin_addr);
600
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
601
  if(ret < 0 ){
13 by Björn Påhlsson
Added following support:
602
    perror("inet_pton");
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
603
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
604
  }
13 by Björn Påhlsson
Added following support:
605
  if(ret == 0){
606
    fprintf(stderr, "Bad address: %s\n", ip);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
607
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
608
  }
237.2.67 by Teddy Hogeborn
Four new interrelated features:
609
  if(af == AF_INET6){
610
    to.in6.sin6_port = htons(port); /* Spurious warnings from
611
				       -Wconversion and
612
				       -Wunreachable-code */
613
    
614
    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
615
       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
616
			      -Wunreachable-code*/
617
      if(if_index == AVAHI_IF_UNSPEC){
618
	fprintf(stderr, "An IPv6 link-local address is incomplete"
619
		" without a network interface\n");
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
620
	goto mandos_end;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
621
      }
622
      /* Set the network interface number as scope */
623
      to.in6.sin6_scope_id = (uint32_t)if_index;
624
    }
625
  } else {
626
    to.in.sin_port = htons(port); /* Spurious warnings from
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
627
				     -Wconversion and
628
				     -Wunreachable-code */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
629
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
630
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
631
  if(quit_now){
632
    goto mandos_end;
633
  }
634
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
635
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
636
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
637
      char interface[IF_NAMESIZE];
638
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
639
	perror("if_indextoname");
640
      } else {
641
	fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
642
		ip, interface, port);
643
      }
644
    } else {
645
      fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
646
	      port);
647
    }
648
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
649
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
650
    const char *pcret;
651
    if(af == AF_INET6){
652
      pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
653
			sizeof(addrstr));
654
    } else {
655
      pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
656
			sizeof(addrstr));
657
    }
658
    if(pcret == NULL){
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
659
      perror("inet_ntop");
660
    } else {
661
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
662
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
663
      }
664
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
665
  }
13 by Björn Påhlsson
Added following support:
666
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
667
  if(quit_now){
668
    goto mandos_end;
669
  }
670
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
671
  if(af == AF_INET6){
672
    ret = connect(tcp_sd, &to.in6, sizeof(to));
673
  } else {
674
    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
675
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
676
  if(ret < 0){
13 by Björn Påhlsson
Added following support:
677
    perror("connect");
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
678
    goto mandos_end;
679
  }
680
  
681
  if(quit_now){
682
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
683
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
684
  
24.1.12 by Björn Påhlsson
merge +
685
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
686
  written = 0;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
687
  while(true){
24.1.10 by Björn Påhlsson
merge commit
688
    size_t out_size = strlen(out);
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
689
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
24.1.10 by Björn Påhlsson
merge commit
690
				   out_size - written));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
691
    if(ret == -1){
24.1.10 by Björn Påhlsson
merge commit
692
      perror("write");
24.1.12 by Björn Påhlsson
merge +
693
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
694
    }
24.1.12 by Björn Påhlsson
merge +
695
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
696
    if(written < out_size){
697
      continue;
698
    } else {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
699
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
700
	written = 0;
701
	out = "\r\n";
702
      } else {
703
	break;
704
      }
705
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
706
  
707
    if(quit_now){
708
      goto mandos_end;
709
    }
24.1.10 by Björn Påhlsson
merge commit
710
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
711
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
712
  if(debug){
713
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
714
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
715
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
716
  if(quit_now){
717
    goto mandos_end;
718
  }
719
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
720
  gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
721
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
722
  if(quit_now){
723
    goto mandos_end;
724
  }
725
  
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
726
  do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
727
    ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
728
    if(quit_now){
729
      goto mandos_end;
730
    }
24.1.29 by Björn Påhlsson
Added more header file comments
731
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
732
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
733
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
734
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
735
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
736
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
737
    }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
738
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
739
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
740
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
741
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
742
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
743
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
744
    fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
745
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
746
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
747
  
13 by Björn Påhlsson
Added following support:
748
  while(true){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
749
    
750
    if(quit_now){
751
      goto mandos_end;
752
    }
753
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
754
    buffer_capacity = incbuffer(&buffer, buffer_length,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
755
				   buffer_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
756
    if(buffer_capacity == 0){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
757
      perror("incbuffer");
24.1.12 by Björn Påhlsson
merge +
758
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
759
    }
760
    
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
761
    if(quit_now){
762
      goto mandos_end;
763
    }
764
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
765
    sret = gnutls_record_recv(session, buffer+buffer_length,
766
			      BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
767
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
768
      break;
769
    }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
770
    if(sret < 0){
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
771
      switch(sret){
13 by Björn Påhlsson
Added following support:
772
      case GNUTLS_E_INTERRUPTED:
773
      case GNUTLS_E_AGAIN:
774
	break;
775
      case GNUTLS_E_REHANDSHAKE:
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
776
	do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
777
	  ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
778
	  
779
	  if(quit_now){
780
	    goto mandos_end;
781
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
782
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
783
	if(ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
784
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
785
	  gnutls_perror(ret);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
786
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
787
	}
788
	break;
789
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
790
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
791
		" encrypted session with Mandos server\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
792
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
793
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
794
      }
795
    } else {
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
796
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
797
    }
798
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
799
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
800
  if(debug){
801
    fprintf(stderr, "Closing TLS session\n");
802
  }
803
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
804
  if(quit_now){
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
805
    goto mandos_end;
806
  }
807
  
808
  do {
809
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
810
    if(quit_now){
811
      goto mandos_end;
812
    }
813
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
814
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
815
  if(buffer_length > 0){
237.2.125 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
816
    ssize_t decrypted_buffer_size;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
817
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
818
					       buffer_length,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
819
					       &decrypted_buffer);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
820
    if(decrypted_buffer_size >= 0){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
821
      
24.1.10 by Björn Påhlsson
merge commit
822
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
823
      while(written < (size_t) decrypted_buffer_size){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
824
	if(quit_now){
825
	  goto mandos_end;
826
	}
827
	
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
828
	ret = (int)fwrite(decrypted_buffer + written, 1,
829
			  (size_t)decrypted_buffer_size - written,
830
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
831
	if(ret == 0 and ferror(stdout)){
832
	  if(debug){
833
	    fprintf(stderr, "Error writing encrypted data: %s\n",
834
		    strerror(errno));
835
	  }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
836
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
837
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
838
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
839
      }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
840
      retval = 0;
13 by Björn Påhlsson
Added following support:
841
    }
842
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
843
  
844
  /* Shutdown procedure */
845
  
846
 mandos_end:
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
847
  free(decrypted_buffer);
13 by Björn Påhlsson
Added following support:
848
  free(buffer);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
849
  if(tcp_sd >= 0){
850
    ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
851
  }
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
852
  if(ret == -1){
853
    perror("close");
854
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
855
  gnutls_deinit(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
856
  if(quit_now){
857
    retval = -1;
858
  }
13 by Björn Påhlsson
Added following support:
859
  return retval;
860
}
861
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
862
static void resolve_callback(AvahiSServiceResolver *r,
863
			     AvahiIfIndex interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
864
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
865
			     AvahiResolverEvent event,
866
			     const char *name,
867
			     const char *type,
868
			     const char *domain,
869
			     const char *host_name,
870
			     const AvahiAddress *address,
871
			     uint16_t port,
872
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
873
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
874
			     flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
875
			     AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
876
  assert(r);
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
877
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
878
  /* Called whenever a service has been resolved successfully or
879
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
880
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
881
  if(quit_now){
882
    return;
883
  }
884
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
885
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
886
  default:
887
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
888
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
889
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
890
	    avahi_strerror(avahi_server_errno(mc.server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
891
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
892
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
893
  case AVAHI_RESOLVER_FOUND:
894
    {
895
      char ip[AVAHI_ADDRESS_STR_MAX];
896
      avahi_address_snprint(ip, sizeof(ip), address);
897
      if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
898
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
237.2.31 by Teddy Hogeborn
Fixes for sscanf usage:
899
		PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
900
		ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
901
      }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
902
      int ret = start_mandos_communication(ip, port, interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
903
					   avahi_proto_to_af(proto));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
904
      if(ret == 0){
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
905
	avahi_simple_poll_quit(mc.simple_poll);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
906
      }
13 by Björn Påhlsson
Added following support:
907
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
908
  }
909
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
910
}
911
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
912
static void browse_callback(AvahiSServiceBrowser *b,
913
			    AvahiIfIndex interface,
914
			    AvahiProtocol protocol,
915
			    AvahiBrowserEvent event,
916
			    const char *name,
917
			    const char *type,
918
			    const char *domain,
919
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
920
			    flags,
237.2.70 by Teddy Hogeborn
Merge from Björn:
921
			    AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
922
  assert(b);
24.1.9 by Björn Påhlsson
not working midwork...
923
  
924
  /* Called whenever a new services becomes available on the LAN or
925
     is removed from the LAN */
926
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
927
  if(quit_now){
928
    return;
929
  }
930
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
931
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
932
  default:
933
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
934
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
935
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
936
	    avahi_strerror(avahi_server_errno(mc.server)));
937
    avahi_simple_poll_quit(mc.simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
938
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
939
    
24.1.9 by Björn Påhlsson
not working midwork...
940
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
941
    /* We ignore the returned Avahi resolver object. In the callback
942
       function we free it. If the Avahi server is terminated before
943
       the callback function is called the Avahi server will free the
944
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
945
    
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
946
    if(avahi_s_service_resolver_new(mc.server, interface, protocol,
947
				    name, type, domain, protocol, 0,
948
				    resolve_callback, NULL) == NULL)
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
949
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
950
	      name, avahi_strerror(avahi_server_errno(mc.server)));
24.1.9 by Björn Påhlsson
not working midwork...
951
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
952
    
24.1.9 by Björn Påhlsson
not working midwork...
953
  case AVAHI_BROWSER_REMOVE:
954
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
955
    
24.1.9 by Björn Påhlsson
not working midwork...
956
  case AVAHI_BROWSER_ALL_FOR_NOW:
957
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
958
    if(debug){
959
      fprintf(stderr, "No Mandos server found, still searching...\n");
960
    }
24.1.9 by Björn Påhlsson
not working midwork...
961
    break;
962
  }
13 by Björn Påhlsson
Added following support:
963
}
964
24.1.135 by Björn Påhlsson
Earlier signal handling
965
/* stop main loop after sigterm has been called */
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
966
static void handle_sigterm(int sig){
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
967
  if(quit_now){
968
    return;
969
  }
970
  quit_now = 1;
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
971
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
972
  int old_errno = errno;
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
973
  if(mc.simple_poll != NULL){
974
    avahi_simple_poll_quit(mc.simple_poll);
975
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
976
  errno = old_errno;
977
}
978
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
979
/* 
980
 * This function determines if a directory entry in /sys/class/net
981
 * corresponds to an acceptable network device.
982
 * (This function is passed to scandir(3) as a filter function.)
983
 */
984
int good_interface(const struct dirent *if_entry){
985
  ssize_t ssret;
986
  char *flagname = NULL;
987
  int ret = asprintf(&flagname, "%s/%s/flags", sys_class_net,
988
		     if_entry->d_name);
989
  if(ret < 0){
990
    perror("asprintf");
991
    return 0;
992
  }
993
  if(if_entry->d_name[0] == '.'){
994
    return 0;
995
  }
996
  int flags_fd = (int)TEMP_FAILURE_RETRY(open(flagname, O_RDONLY));
997
  if(flags_fd == -1){
998
    perror("open");
999
    return 0;
1000
  }
1001
  typedef short ifreq_flags;	/* ifreq.ifr_flags in netdevice(7) */
1002
  /* read line from flags_fd */
1003
  ssize_t to_read = (sizeof(ifreq_flags)*2)+3; /* "0x1003\n" */
1004
  char *flagstring = malloc((size_t)to_read);
1005
  if(flagstring == NULL){
1006
    perror("malloc");
1007
    close(flags_fd);
1008
    return 0;
1009
  }
1010
  while(to_read > 0){
1011
    ssret = (ssize_t)TEMP_FAILURE_RETRY(read(flags_fd, flagstring,
1012
					     (size_t)to_read));
1013
    if(ssret == -1){
1014
      perror("read");
1015
      free(flagstring);
1016
      close(flags_fd);
1017
      return 0;
1018
    }
1019
    to_read -= ssret;
1020
    if(ssret == 0){
1021
      break;
1022
    }
1023
  }
1024
  close(flags_fd);
1025
  intmax_t tmpmax;
1026
  char *tmp;
1027
  errno = 0;
1028
  tmpmax = strtoimax(flagstring, &tmp, 0);
1029
  if(errno != 0 or tmp == flagstring or (*tmp != '\0'
1030
					 and not (isspace(*tmp)))
1031
     or tmpmax != (ifreq_flags)tmpmax){
1032
    free(flagstring);
1033
    return 0;
1034
  }
1035
  free(flagstring);
1036
  ifreq_flags flags = (ifreq_flags)tmpmax;
1037
  /* Reject the loopback device */
1038
  if(flags & IFF_LOOPBACK){
1039
    return 0;
1040
  }
1041
  /* Accept point-to-point devices only if connect_to is specified */
1042
  if(connect_to != NULL and (flags & IFF_POINTOPOINT)){
1043
    return 1;
1044
  }
1045
  /* Otherwise, reject non-broadcast-capable devices */
1046
  if(not (flags & IFF_BROADCAST)){
1047
    return 0;
1048
  }
1049
  /* Accept this device */
1050
  return 1;
1051
}
1052
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1053
int main(int argc, char *argv[]){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1054
  AvahiSServiceBrowser *sb = NULL;
1055
  int error;
1056
  int ret;
1057
  intmax_t tmpmax;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1058
  char *tmp;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1059
  int exitcode = EXIT_SUCCESS;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1060
  const char *interface = "";
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1061
  struct ifreq network;
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1062
  int sd = -1;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1063
  bool take_down_interface = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1064
  uid_t uid;
1065
  gid_t gid;
1066
  char tempdir[] = "/tmp/mandosXXXXXX";
1067
  bool tempdir_created = false;
1068
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1069
  const char *seckey = PATHDIR "/" SECKEY;
1070
  const char *pubkey = PATHDIR "/" PUBKEY;
1071
  
1072
  bool gnutls_initialized = false;
1073
  bool gpgme_initialized = false;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1074
  float delay = 2.5f;
1075
  
237.2.132 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1076
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1077
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1078
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1079
  uid = getuid();
1080
  gid = getgid();
1081
  
1082
  /* Lower any group privileges we might have, just to be safe */
1083
  errno = 0;
1084
  ret = setgid(gid);
1085
  if(ret == -1){
1086
    perror("setgid");
1087
  }
1088
  
1089
  /* Lower user privileges (temporarily) */
1090
  errno = 0;
1091
  ret = seteuid(uid);
1092
  if(ret == -1){
1093
    perror("seteuid");
1094
  }
1095
  
1096
  if(quit_now){
1097
    goto end;
1098
  }
1099
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1100
  {
1101
    struct argp_option options[] = {
1102
      { .name = "debug", .key = 128,
1103
	.doc = "Debug mode", .group = 3 },
1104
      { .name = "connect", .key = 'c',
1105
	.arg = "ADDRESS:PORT",
1106
	.doc = "Connect directly to a specific Mandos server",
1107
	.group = 1 },
1108
      { .name = "interface", .key = 'i',
1109
	.arg = "NAME",
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1110
	.doc = "Network interface that will be used to search for"
1111
	" Mandos servers",
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1112
	.group = 1 },
1113
      { .name = "seckey", .key = 's',
1114
	.arg = "FILE",
1115
	.doc = "OpenPGP secret key file base name",
1116
	.group = 1 },
1117
      { .name = "pubkey", .key = 'p',
1118
	.arg = "FILE",
1119
	.doc = "OpenPGP public key file base name",
1120
	.group = 2 },
1121
      { .name = "dh-bits", .key = 129,
1122
	.arg = "BITS",
1123
	.doc = "Bit length of the prime number used in the"
1124
	" Diffie-Hellman key exchange",
1125
	.group = 2 },
1126
      { .name = "priority", .key = 130,
1127
	.arg = "STRING",
1128
	.doc = "GnuTLS priority string for the TLS handshake",
1129
	.group = 1 },
1130
      { .name = "delay", .key = 131,
1131
	.arg = "SECONDS",
1132
	.doc = "Maximum delay to wait for interface startup",
1133
	.group = 2 },
1134
      { .name = NULL }
1135
    };
1136
    
1137
    error_t parse_opt(int key, char *arg,
1138
		      struct argp_state *state){
1139
      switch(key){
1140
      case 128:			/* --debug */
1141
	debug = true;
1142
	break;
1143
      case 'c':			/* --connect */
1144
	connect_to = arg;
1145
	break;
1146
      case 'i':			/* --interface */
1147
	interface = arg;
1148
	break;
1149
      case 's':			/* --seckey */
1150
	seckey = arg;
1151
	break;
1152
      case 'p':			/* --pubkey */
1153
	pubkey = arg;
1154
	break;
1155
      case 129:			/* --dh-bits */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1156
	errno = 0;
1157
	tmpmax = strtoimax(arg, &tmp, 10);
1158
	if(errno != 0 or tmp == arg or *tmp != '\0'
1159
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1160
	  fprintf(stderr, "Bad number of DH bits\n");
1161
	  exit(EXIT_FAILURE);
1162
	}
1163
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1164
	break;
1165
      case 130:			/* --priority */
1166
	mc.priority = arg;
1167
	break;
1168
      case 131:			/* --delay */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1169
	errno = 0;
1170
	delay = strtof(arg, &tmp);
1171
	if(errno != 0 or tmp == arg or *tmp != '\0'){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1172
	  fprintf(stderr, "Bad delay\n");
1173
	  exit(EXIT_FAILURE);
1174
	}
1175
	break;
1176
      case ARGP_KEY_ARG:
1177
	argp_usage(state);
1178
      case ARGP_KEY_END:
1179
	break;
1180
      default:
1181
	return ARGP_ERR_UNKNOWN;
1182
      }
1183
      return 0;
1184
    }
1185
    
1186
    struct argp argp = { .options = options, .parser = parse_opt,
1187
			 .args_doc = "",
1188
			 .doc = "Mandos client -- Get and decrypt"
1189
			 " passwords from a Mandos server" };
1190
    ret = argp_parse(&argp, argc, argv, 0, 0, NULL);
1191
    if(ret == ARGP_ERR_UNKNOWN){
1192
      fprintf(stderr, "Unknown error while parsing arguments\n");
1193
      exitcode = EXIT_FAILURE;
1194
      goto end;
1195
    }
1196
  }
1197
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1198
  if(not debug){
1199
    avahi_set_log_function(empty_log);
1200
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1201
1202
  if(interface[0] == '\0'){
1203
    struct dirent **direntries;
1204
    ret = scandir(sys_class_net, &direntries, good_interface,
1205
		  alphasort);
1206
    if(ret >= 1){
1207
      /* Pick the first good interface */
1208
      interface = strdup(direntries[0]->d_name);
1209
      if(interface == NULL){
1210
	perror("malloc");
1211
	free(direntries);
1212
	exitcode = EXIT_FAILURE;
1213
	goto end;
1214
      }
1215
      free(direntries);
1216
    } else {
1217
      free(direntries);
1218
      fprintf(stderr, "Could not find a network interface\n");
1219
      exitcode = EXIT_FAILURE;
1220
      goto end;
1221
    }
1222
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1223
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1224
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
1225
     from the signal handler */
1226
  /* Initialize the pseudo-RNG for Avahi */
1227
  srand((unsigned int) time(NULL));
1228
  mc.simple_poll = avahi_simple_poll_new();
1229
  if(mc.simple_poll == NULL){
1230
    fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1231
    exitcode = EXIT_FAILURE;
1232
    goto end;
1233
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
1234
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1235
  sigemptyset(&sigterm_action.sa_mask);
237.2.72 by Teddy Hogeborn
Merge from Björn:
1236
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1237
  if(ret == -1){
1238
    perror("sigaddset");
1239
    exitcode = EXIT_FAILURE;
1240
    goto end;
1241
  }
1242
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1243
  if(ret == -1){
1244
    perror("sigaddset");
1245
    exitcode = EXIT_FAILURE;
1246
    goto end;
1247
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
1248
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1249
  if(ret == -1){
1250
    perror("sigaddset");
1251
    exitcode = EXIT_FAILURE;
1252
    goto end;
1253
  }
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1254
  /* Need to check if the handler is SIG_IGN before handling:
1255
     | [[info:libc:Initial Signal Actions]] |
1256
     | [[info:libc:Basic Signal Handling]]  |
1257
  */
1258
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1259
  if(ret == -1){
1260
    perror("sigaction");
1261
    return EXIT_FAILURE;
1262
  }
1263
  if(old_sigterm_action.sa_handler != SIG_IGN){
1264
    ret = sigaction(SIGINT, &sigterm_action, NULL);
1265
    if(ret == -1){
1266
      perror("sigaction");
1267
      exitcode = EXIT_FAILURE;
1268
      goto end;
1269
    }
1270
  }
1271
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1272
  if(ret == -1){
1273
    perror("sigaction");
1274
    return EXIT_FAILURE;
1275
  }
1276
  if(old_sigterm_action.sa_handler != SIG_IGN){
1277
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
1278
    if(ret == -1){
1279
      perror("sigaction");
1280
      exitcode = EXIT_FAILURE;
1281
      goto end;
1282
    }
1283
  }
1284
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1285
  if(ret == -1){
1286
    perror("sigaction");
1287
    return EXIT_FAILURE;
1288
  }
1289
  if(old_sigterm_action.sa_handler != SIG_IGN){
1290
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
1291
    if(ret == -1){
1292
      perror("sigaction");
1293
      exitcode = EXIT_FAILURE;
1294
      goto end;
1295
    }
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1296
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1297
  
1298
  /* If the interface is down, bring it up */
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1299
  if(strcmp(interface, "none") != 0){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1300
    if_index = (AvahiIfIndex) if_nametoindex(interface);
1301
    if(if_index == 0){
1302
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
1303
      exitcode = EXIT_FAILURE;
1304
      goto end;
1305
    }
1306
    
1307
    if(quit_now){
1308
      goto end;
1309
    }
1310
    
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1311
    /* Re-raise priviliges */
1312
    errno = 0;
1313
    ret = seteuid(0);
1314
    if(ret == -1){
1315
      perror("seteuid");
1316
    }
1317
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1318
#ifdef __linux__
1319
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1320
       messages to mess up the prompt */
1321
    ret = klogctl(8, NULL, 5);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1322
    bool restore_loglevel = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1323
    if(ret == -1){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1324
      restore_loglevel = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1325
      perror("klogctl");
1326
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1327
#endif	/* __linux__ */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1328
    
1329
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1330
    if(sd < 0){
1331
      perror("socket");
1332
      exitcode = EXIT_FAILURE;
1333
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1334
      if(restore_loglevel){
1335
	ret = klogctl(7, NULL, 0);
1336
	if(ret == -1){
1337
	  perror("klogctl");
1338
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1339
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1340
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1341
      /* Lower privileges */
1342
      errno = 0;
1343
      ret = seteuid(uid);
1344
      if(ret == -1){
1345
	perror("seteuid");
1346
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1347
      goto end;
1348
    }
1349
    strcpy(network.ifr_name, interface);
1350
    ret = ioctl(sd, SIOCGIFFLAGS, &network);
1351
    if(ret == -1){
1352
      perror("ioctl SIOCGIFFLAGS");
1353
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1354
      if(restore_loglevel){
1355
	ret = klogctl(7, NULL, 0);
1356
	if(ret == -1){
1357
	  perror("klogctl");
1358
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1359
      }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1360
#endif	/* __linux__ */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1361
      exitcode = EXIT_FAILURE;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1362
      /* Lower privileges */
1363
      errno = 0;
1364
      ret = seteuid(uid);
1365
      if(ret == -1){
1366
	perror("seteuid");
1367
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1368
      goto end;
1369
    }
1370
    if((network.ifr_flags & IFF_UP) == 0){
1371
      network.ifr_flags |= IFF_UP;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1372
      take_down_interface = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1373
      ret = ioctl(sd, SIOCSIFFLAGS, &network);
1374
      if(ret == -1){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1375
	take_down_interface = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1376
	perror("ioctl SIOCSIFFLAGS");
1377
	exitcode = EXIT_FAILURE;
1378
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1379
	if(restore_loglevel){
1380
	  ret = klogctl(7, NULL, 0);
1381
	  if(ret == -1){
1382
	    perror("klogctl");
1383
	  }
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
1384
	}
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1385
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1386
	/* Lower privileges */
1387
	errno = 0;
1388
	ret = seteuid(uid);
1389
	if(ret == -1){
1390
	  perror("seteuid");
1391
	}
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1392
	goto end;
1393
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1394
    }
1395
    /* sleep checking until interface is running */
1396
    for(int i=0; i < delay * 4; i++){
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1397
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1398
      if(ret == -1){
1399
	perror("ioctl SIOCGIFFLAGS");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1400
      } else if(network.ifr_flags & IFF_RUNNING){
1401
	break;
1402
      }
1403
      struct timespec sleeptime = { .tv_nsec = 250000000 };
1404
      ret = nanosleep(&sleeptime, NULL);
1405
      if(ret == -1 and errno != EINTR){
1406
	perror("nanosleep");
1407
      }
1408
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1409
    if(not take_down_interface){
1410
      /* We won't need the socket anymore */
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1411
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1412
      if(ret == -1){
1413
	perror("close");
1414
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1415
    }
1416
#ifdef __linux__
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1417
    if(restore_loglevel){
1418
      /* Restores kernel loglevel to default */
1419
      ret = klogctl(7, NULL, 0);
1420
      if(ret == -1){
1421
	perror("klogctl");
1422
      }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1423
    }
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1424
#endif	/* __linux__ */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1425
    /* Lower privileges */
1426
    errno = 0;
1427
    if(take_down_interface){
1428
      /* Lower privileges */
1429
      ret = seteuid(uid);
1430
      if(ret == -1){
1431
	perror("seteuid");
1432
      }
1433
    } else {
1434
      /* Lower privileges permanently */
1435
      ret = setuid(uid);
1436
      if(ret == -1){
1437
	perror("setuid");
1438
      }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1439
    }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1440
  }
1441
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1442
  if(quit_now){
1443
    goto end;
1444
  }
1445
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1446
  ret = init_gnutls_global(pubkey, seckey);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1447
  if(ret == -1){
1448
    fprintf(stderr, "init_gnutls_global failed\n");
1449
    exitcode = EXIT_FAILURE;
1450
    goto end;
1451
  } else {
1452
    gnutls_initialized = true;
1453
  }
1454
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1455
  if(quit_now){
1456
    goto end;
1457
  }
1458
  
1459
  tempdir_created = true;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1460
  if(mkdtemp(tempdir) == NULL){
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1461
    tempdir_created = false;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1462
    perror("mkdtemp");
1463
    goto end;
1464
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1465
  
1466
  if(quit_now){
1467
    goto end;
1468
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1469
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1470
  if(not init_gpgme(pubkey, seckey, tempdir)){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1471
    fprintf(stderr, "init_gpgme failed\n");
1472
    exitcode = EXIT_FAILURE;
1473
    goto end;
1474
  } else {
1475
    gpgme_initialized = true;
1476
  }
1477
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1478
  if(quit_now){
1479
    goto end;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1480
  }
1481
  
1482
  if(connect_to != NULL){
1483
    /* Connect directly, do not use Zeroconf */
1484
    /* (Mainly meant for debugging) */
1485
    char *address = strrchr(connect_to, ':');
1486
    if(address == NULL){
1487
      fprintf(stderr, "No colon in address\n");
1488
      exitcode = EXIT_FAILURE;
1489
      goto end;
1490
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1491
    
1492
    if(quit_now){
1493
      goto end;
1494
    }
1495
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1496
    uint16_t port;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1497
    errno = 0;
1498
    tmpmax = strtoimax(address+1, &tmp, 10);
1499
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
1500
       or tmpmax != (uint16_t)tmpmax){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1501
      fprintf(stderr, "Bad port number\n");
1502
      exitcode = EXIT_FAILURE;
1503
      goto end;
1504
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1505
  
1506
    if(quit_now){
1507
      goto end;
1508
    }
1509
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1510
    port = (uint16_t)tmpmax;
1511
    *address = '\0';
1512
    address = connect_to;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1513
    /* Colon in address indicates IPv6 */
1514
    int af;
1515
    if(strchr(address, ':') != NULL){
1516
      af = AF_INET6;
1517
    } else {
1518
      af = AF_INET;
1519
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1520
    
1521
    if(quit_now){
1522
      goto end;
1523
    }
1524
    
237.2.70 by Teddy Hogeborn
Merge from Björn:
1525
    ret = start_mandos_communication(address, port, if_index, af);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1526
    if(ret < 0){
1527
      exitcode = EXIT_FAILURE;
1528
    } else {
1529
      exitcode = EXIT_SUCCESS;
1530
    }
1531
    goto end;
1532
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1533
  
1534
  if(quit_now){
1535
    goto end;
1536
  }
1537
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1538
  {
1539
    AvahiServerConfig config;
1540
    /* Do not publish any local Zeroconf records */
1541
    avahi_server_config_init(&config);
1542
    config.publish_hinfo = 0;
1543
    config.publish_addresses = 0;
1544
    config.publish_workstation = 0;
1545
    config.publish_domain = 0;
1546
    
1547
    /* Allocate a new server */
1548
    mc.server = avahi_server_new(avahi_simple_poll_get
1549
				 (mc.simple_poll), &config, NULL,
1550
				 NULL, &error);
1551
    
1552
    /* Free the Avahi configuration data */
1553
    avahi_server_config_free(&config);
1554
  }
1555
  
1556
  /* Check if creating the Avahi server object succeeded */
1557
  if(mc.server == NULL){
1558
    fprintf(stderr, "Failed to create Avahi server: %s\n",
1559
	    avahi_strerror(error));
1560
    exitcode = EXIT_FAILURE;
1561
    goto end;
1562
  }
1563
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1564
  if(quit_now){
1565
    goto end;
1566
  }
1567
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1568
  /* Create the Avahi service browser */
1569
  sb = avahi_s_service_browser_new(mc.server, if_index,
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
1570
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1571
				   NULL, 0, browse_callback, NULL);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1572
  if(sb == NULL){
1573
    fprintf(stderr, "Failed to create service browser: %s\n",
1574
	    avahi_strerror(avahi_server_errno(mc.server)));
1575
    exitcode = EXIT_FAILURE;
1576
    goto end;
1577
  }
237.2.70 by Teddy Hogeborn
Merge from Björn:
1578
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1579
  if(quit_now){
1580
    goto end;
1581
  }
1582
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1583
  /* Run the main loop */
1584
  
1585
  if(debug){
1586
    fprintf(stderr, "Starting Avahi loop search\n");
1587
  }
1588
  
1589
  avahi_simple_poll_loop(mc.simple_poll);
1590
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1591
 end:
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1592
  
1593
  if(debug){
1594
    fprintf(stderr, "%s exiting\n", argv[0]);
1595
  }
1596
  
1597
  /* Cleanup things */
1598
  if(sb != NULL)
1599
    avahi_s_service_browser_free(sb);
1600
  
1601
  if(mc.server != NULL)
1602
    avahi_server_free(mc.server);
1603
  
1604
  if(mc.simple_poll != NULL)
1605
    avahi_simple_poll_free(mc.simple_poll);
1606
  
1607
  if(gnutls_initialized){
1608
    gnutls_certificate_free_credentials(mc.cred);
1609
    gnutls_global_deinit();
1610
    gnutls_dh_params_deinit(mc.dh_params);
1611
  }
1612
  
1613
  if(gpgme_initialized){
1614
    gpgme_release(mc.ctx);
1615
  }
1616
  
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1617
  /* Take down the network interface */
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1618
  if(take_down_interface){
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1619
    /* Re-raise priviliges */
1620
    errno = 0;
1621
    ret = seteuid(0);
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1622
    if(ret == -1){
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1623
      perror("seteuid");
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1624
    }
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1625
    if(geteuid() == 0){
1626
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1627
      if(ret == -1){
1628
	perror("ioctl SIOCGIFFLAGS");
1629
      } else if(network.ifr_flags & IFF_UP) {
1630
	network.ifr_flags &= ~IFF_UP; /* clear flag */
1631
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
1632
	if(ret == -1){
1633
	  perror("ioctl SIOCSIFFLAGS");
1634
	}
1635
      }
1636
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1637
      if(ret == -1){
1638
	perror("close");
1639
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1640
      /* Lower privileges permanently */
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1641
      errno = 0;
1642
      ret = setuid(uid);
1643
      if(ret == -1){
1644
	perror("setuid");
1645
      }
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1646
    }
1647
  }
1648
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1649
  /* Removes the temp directory used by GPGME */
1650
  if(tempdir_created){
1651
    DIR *d;
1652
    struct dirent *direntry;
1653
    d = opendir(tempdir);
1654
    if(d == NULL){
1655
      if(errno != ENOENT){
1656
	perror("opendir");
1657
      }
1658
    } else {
1659
      while(true){
1660
	direntry = readdir(d);
1661
	if(direntry == NULL){
1662
	  break;
1663
	}
1664
	/* Skip "." and ".." */
1665
	if(direntry->d_name[0] == '.'
1666
	   and (direntry->d_name[1] == '\0'
1667
		or (direntry->d_name[1] == '.'
1668
		    and direntry->d_name[2] == '\0'))){
1669
	  continue;
1670
	}
1671
	char *fullname = NULL;
1672
	ret = asprintf(&fullname, "%s/%s", tempdir,
1673
		       direntry->d_name);
1674
	if(ret < 0){
1675
	  perror("asprintf");
1676
	  continue;
1677
	}
1678
	ret = remove(fullname);
1679
	if(ret == -1){
1680
	  fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1681
		  strerror(errno));
1682
	}
1683
	free(fullname);
1684
      }
1685
      closedir(d);
1686
    }
1687
    ret = rmdir(tempdir);
1688
    if(ret == -1 and errno != ENOENT){
1689
      perror("rmdir");
1690
    }
1691
  }
1692
  
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1693
  if(quit_now){
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1694
    sigemptyset(&old_sigterm_action.sa_mask);
1695
    old_sigterm_action.sa_handler = SIG_DFL;
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1696
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
1697
					    &old_sigterm_action,
1698
					    NULL));
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1699
    if(ret == -1){
1700
      perror("sigaction");
1701
    }
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1702
    do {
1703
      ret = raise(signal_received);
1704
    } while(ret != 0 and errno == EINTR);
1705
    if(ret != 0){
1706
      perror("raise");
1707
      abort();
1708
    }
1709
    TEMP_FAILURE_RETRY(pause());
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1710
  }
1711
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1712
  return exitcode;
13 by Björn Påhlsson
Added following support:
1713
}