=== modified file 'INSTALL' --- INSTALL 2016-02-28 03:01:43 +0000 +++ INSTALL 2016-02-28 20:26:27 +0000 @@ -56,6 +56,7 @@ python-urwid pkg-config fping ssh-client *** Mandos Client + + GNU C Library 2.16 https://gnu.org/software/libc/ + initramfs-tools 0.85i https://tracker.debian.org/pkg/initramfs-tools + GnuTLS 3.3 http://www.gnutls.org/ === modified file 'plugin-runner.c' --- plugin-runner.c 2016-02-28 14:22:10 +0000 +++ plugin-runner.c 2016-02-28 20:26:27 +0000 @@ -891,18 +891,8 @@ return 1; } -#ifdef __GLIBC__ -#if __GLIBC_PREREQ(2, 15) int numplugins = scandirat(dir_fd, ".", &direntries, good_name, alphasort); -#else /* not __GLIBC_PREREQ(2, 15) */ - int numplugins = scandir(plugindir != NULL ? plugindir : PDIR, - &direntries, good_name, alphasort); -#endif /* not __GLIBC_PREREQ(2, 15) */ -#else /* not __GLIBC__ */ - int numplugins = scandir(plugindir != NULL ? plugindir : PDIR, - &direntries, good_name, alphasort); -#endif /* not __GLIBC__ */ if(numplugins == -1){ error(0, errno, "Could not scan plugin dir"); direntries = NULL; @@ -1114,20 +1104,7 @@ goto fallback; } -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wsign-conversion" -#endif -#endif - FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from - -Wconversion in GNU libc - before 2.16 */ -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic pop -#endif -#endif + FD_SET(new_plugin->fd, &rfds_all); if(maxfd < new_plugin->fd){ maxfd = new_plugin->fd; @@ -1189,20 +1166,7 @@ } /* Remove the plugin */ -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wsign-conversion" -#endif -#endif - FD_CLR(proc->fd, &rfds_all); /* Spurious warning from - -Wconversion in GNU libc - before 2.16 */ -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic pop -#endif -#endif + FD_CLR(proc->fd, &rfds_all); /* Block signal while modifying process_list */ ret = (int)TEMP_FAILURE_RETRY(sigprocmask @@ -1248,23 +1212,7 @@ } /* This process has not completed. Does it have any output? */ -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wsign-conversion" -#endif -#endif - if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious - warning from - -Wconversion - in GNU libc - before - 2.16 */ -#if defined (__GNUC__) and defined (__GLIBC__) -#if not __GLIBC_PREREQ(2, 16) -#pragma GCC diagnostic pop -#endif -#endif + if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* This process had nothing to say at this time */ proc = proc->next; continue; === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2016-02-28 14:22:10 +0000 +++ plugins.d/mandos-client.c 2016-02-28 20:38:55 +0000 @@ -57,12 +57,16 @@ #include /* socket(), struct sockaddr_in6, inet_pton(), connect(), getnameinfo() */ -#include /* open(), unlinkat() */ +#include /* open(), unlinkat(), AT_REMOVEDIR */ #include /* opendir(), struct dirent, readdir() */ #include /* PRIu16, PRIdMAX, intmax_t, strtoimax() */ -#include /* perror(), errno, +#include /* perror(), errno, EINTR, EINVAL, + EAI_SYSTEM, ENETUNREACH, + EHOSTUNREACH, ECONNREFUSED, EPROTO, + EIO, ENOENT, ENXIO, ENOMEM, EISDIR, + ENOTEMPTY, program_invocation_short_name */ #include /* nanosleep(), time(), sleep() */ #include /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, @@ -513,7 +517,7 @@ fprintf_plus(stderr, "GnuTLS: %s", string); } -__attribute__((nonnull, warn_unused_result)) +__attribute__((nonnull(1, 2, 4), warn_unused_result)) static int init_gnutls_global(const char *pubkeyfilename, const char *seckeyfilename, const char *dhparamsfilename, @@ -525,13 +529,6 @@ fprintf_plus(stderr, "Initializing GnuTLS\n"); } - ret = gnutls_global_init(); - if(ret != GNUTLS_E_SUCCESS){ - fprintf_plus(stderr, "GnuTLS global_init: %s\n", - safer_gnutls_strerror(ret)); - return -1; - } - if(debug){ /* "Use a log level over 10 to enable all debugging options." * - GnuTLS manual @@ -545,7 +542,6 @@ if(ret != GNUTLS_E_SUCCESS){ fprintf_plus(stderr, "GnuTLS memory error: %s\n", safer_gnutls_strerror(ret)); - gnutls_global_deinit(); return -1; } @@ -755,7 +751,6 @@ globalfail: gnutls_certificate_free_credentials(mc->cred); - gnutls_global_deinit(); gnutls_dh_params_deinit(mc->dh_params); return -1; } @@ -1914,18 +1909,8 @@ return; } } -#ifdef __GLIBC__ -#if __GLIBC_PREREQ(2, 15) int numhooks = scandirat(hookdir_fd, ".", &direntries, runnable_hook, alphasort); -#else /* not __GLIBC_PREREQ(2, 15) */ - int numhooks = scandir(hookdir, &direntries, runnable_hook, - alphasort); -#endif /* not __GLIBC_PREREQ(2, 15) */ -#else /* not __GLIBC__ */ - int numhooks = scandir(hookdir, &direntries, runnable_hook, - alphasort); -#endif /* not __GLIBC__ */ if(numhooks == -1){ perror_plus("scandir"); return; @@ -2976,7 +2961,6 @@ if(gnutls_initialized){ gnutls_certificate_free_credentials(mc.cred); - gnutls_global_deinit(); gnutls_dh_params_deinit(mc.dh_params); } @@ -3044,51 +3028,65 @@ free(interfaces_to_take_down); free(interfaces_hooks); + void clean_dir_at(int base, const char * const dirname, + uintmax_t level){ + struct dirent **direntries = NULL; + int dret; + int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname, + O_RDONLY + | O_NOFOLLOW + | O_DIRECTORY + | O_PATH)); + if(dir_fd == -1){ + perror_plus("open"); + } + int numentries = scandirat(dir_fd, ".", &direntries, + notdotentries, alphasort); + if(numentries >= 0){ + for(int i = 0; i < numentries; i++){ + if(debug){ + fprintf_plus(stderr, "Unlinking \"%s/%s\"\n", + dirname, direntries[i]->d_name); + } + dret = unlinkat(dir_fd, direntries[i]->d_name, 0); + if(dret == -1){ + if(errno == EISDIR){ + dret = unlinkat(dir_fd, direntries[i]->d_name, + AT_REMOVEDIR); + } + if((dret == -1) and (errno == ENOTEMPTY) + and (strcmp(direntries[i]->d_name, "private-keys-v1.d") + == 0) and (level == 0)){ + /* Recurse only in this special case */ + clean_dir_at(dir_fd, direntries[i]->d_name, level+1); + dret = 0; + } + if(dret == -1){ + fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname, + direntries[i]->d_name, strerror(errno)); + } + } + free(direntries[i]); + } + + /* need to clean even if 0 because man page doesn't specify */ + free(direntries); + if(numentries == -1){ + perror_plus("scandirat"); + } + dret = unlinkat(base, dirname, AT_REMOVEDIR); + if(dret == -1 and errno != ENOENT){ + perror_plus("rmdir"); + } + } else { + perror_plus("scandirat"); + } + close(dir_fd); + } + /* Removes the GPGME temp directory and all files inside */ if(tempdir != NULL){ - struct dirent **direntries = NULL; - int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY - | O_NOFOLLOW - | O_DIRECTORY - | O_PATH)); - if(tempdir_fd == -1){ - perror_plus("open"); - } else { -#ifdef __GLIBC__ -#if __GLIBC_PREREQ(2, 15) - int numentries = scandirat(tempdir_fd, ".", &direntries, - notdotentries, alphasort); -#else /* not __GLIBC_PREREQ(2, 15) */ - int numentries = scandir(tempdir, &direntries, notdotentries, - alphasort); -#endif /* not __GLIBC_PREREQ(2, 15) */ -#else /* not __GLIBC__ */ - int numentries = scandir(tempdir, &direntries, notdotentries, - alphasort); -#endif /* not __GLIBC__ */ - if(numentries >= 0){ - for(int i = 0; i < numentries; i++){ - ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0); - if(ret == -1){ - fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY)," - " \"%s\", 0): %s\n", tempdir, - direntries[i]->d_name, strerror(errno)); - } - free(direntries[i]); - } - - /* need to clean even if 0 because man page doesn't specify */ - free(direntries); - if(numentries == -1){ - perror_plus("scandir"); - } - ret = rmdir(tempdir); - if(ret == -1 and errno != ENOENT){ - perror_plus("rmdir"); - } - } - close(tempdir_fd); - } + clean_dir_at(-1, tempdir, 0); } if(quit_now){