=== modified file 'Makefile' --- Makefile 2016-02-29 21:28:39 +0000 +++ Makefile 2016-03-04 20:50:45 +0000 @@ -15,23 +15,19 @@ # and . FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC # -# The sanitizing options are available in GCC 4.9 and above. -ifeq ($(shell test $(shell $(CC) -dumpversion) \> 4.9-; echo $$?),0) -SANITIZE:=-fsanitize=address -fsanitize=undefined -fsanitize=shift \ - -fsanitize=integer-divide-by-zero -fsanitize=unreachable \ - -fsanitize=vla-bound -fsanitize=null -fsanitize=return \ - -fsanitize=signed-integer-overflow -# GCC 5.3 has some more sanitizing options -ifeq ($(shell test $(shell $(CC) -dumpversion) \> 5.3-; echo $$?),0) -SANITIZE+=-fsanitize=bounds -fsanitize=alignment \ - -fsanitize=object-size -fsanitize=float-divide-by-zero \ - -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \ - -fsanitize=returns-nonnull-attribute -fsanitize=bool \ - -fsanitize=enum -endif -else -SANITIZE:= -endif +ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \ + -fsanitize=shift -fsanitize=integer-divide-by-zero \ + -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \ + -fsanitize=return -fsanitize=signed-integer-overflow \ + -fsanitize=bounds -fsanitize=alignment \ + -fsanitize=object-size -fsanitize=float-divide-by-zero \ + -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \ + -fsanitize=returns-nonnull-attribute -fsanitize=bool \ + -fsanitize=enum +# Check which sanitizing options can be used +SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \ + echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \ + -o /dev/null >/dev/null 2>&1 && echo $(option))) LINK_FORTIFY_LD=-z relro -z now LINK_FORTIFY= @@ -48,7 +44,7 @@ SED=sed USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534))) -GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534))) +GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534))) ## Use these settings for a traditional /usr/local install # PREFIX=$(DESTDIR)/usr/local === modified file 'TODO' --- TODO 2015-10-04 13:44:03 +0000 +++ TODO 2016-03-05 21:42:56 +0000 @@ -1,19 +1,5 @@ -*- org -*- -* GIT -** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]] [[https://news.ycombinator.com/item?id=9661349][On undoing, fixing, or removing commits in git]] -** Intro: [[http://www.eyrie.org/~eagle/notes/debian/git.html#combine][Using Git for Debian Packaging]] -** Use: [[https://honk.sigxcpu.org/piki/projects/git-buildpackage/][git-buildpackage]] -** Migration - tailor? - Using bzr-fastimport: [[http://www.fusonic.net/en/blog/2013/03/26/migrating-from-bazaar-to-git/][Migrating from Bazaar to Git]] -** Unresolved: [[http://jameswestby.net/bzr/builddeb/user_manual/split.html][bzr builddeb split mode]] - Maybe: [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.import.html#GBP.IMPORT.UPSTREAM.GIT.NOTARBALL][git-buildpackage - No upstream tarballs]] - [[http://www.python.org/dev/peps/pep-0374/][PEP 374 - Choosing a distributed VCS for the Python project]] - [[http://www.emacswiki.org/emacs/GitForEmacsDevs][Git For Emacs Devs]] - -* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]] - * Testing ** python-nemu @@ -27,7 +13,6 @@ ** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton() ** TODO [#C] Make start_mandos_communication() take "struct server". ** TODO [#C] --interfaces=regex,eth*,noregex (bridge-utils-interfaces(5)) -** TODO [#C] Remove code for GNU libc < 2.15 * splashy ** TODO [#B] use scandir(3) instead of readdir(3) @@ -50,7 +35,6 @@ *** Hook up stderr of plugins, buffer them, and prepend "Mandos Plugin [plugin name]" ** TODO [#C] use same file name rules as run-parts(8) ** kernel command line option for debug info -** TODO [#C] Remove code for GNU libc < 2.15 * mandos (server) ** TODO [#B] --notify-command @@ -74,7 +58,6 @@ ** TODO [#B] break the wait on approval_delay if connection dies ** TODO Generate Client.runtime_expansions from client options + extra ** TODO Allow %%(checker)s as a runtime expansion -** TODO Use python-tlslite? ** TODO D-Bus AddClient() method on server object ** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2: ** TODO Save state periodically to recover better from hard shutdowns @@ -82,34 +65,31 @@ ** TODO Secret Service API? http://standards.freedesktop.org/secret-service/ ** TODO Remove D-Bus interfaces with old domain name :2: -** TODO Remove old string_to_delta format :2: +** TODO Remove old string_to_delta format :2: ** TODO http://0pointer.de/blog/projects/stateless.html *** tmpfiles snippet to create /var/lib/mandos with right user+perms *** File in /usr/lib/sysusers.d to create user+group "_mandos" ** TODO Error handling on error parsing config files ** TODO init.d script error handling -** TODO D-Bus server properties; address, port, interface, etc. :2: +** TODO D-Bus server properties; address, port, interface, etc. :2: ** TODO [#C] In Python 3.3, use shlex.quote() instead of re.escape() -* mandos.xml -** Add mandos contact info in manual pages - * mandos-ctl *** Handle "no D-Bus server" and/or "no Mandos server found" better *** [#B] --dump option -** TODO Remove old string_to_delta format :2: +** TODO Remove old string_to_delta format :2: * TODO mandos-dispatch Listens for specified D-Bus signals and spawns shell commands with arguments. * mandos-monitor +** TODO --servicename :BUGS: ** TODO help should be toggleable ** Urwid client data displayer Better view of client data in the listing *** Properties popup ** Print a nice "We are sorry" message, save stack trace to log. -** Rename module "gobject" to "GObject". * mandos-keygen ** TODO "--secfile" option @@ -129,5 +109,7 @@ ** TODO Locate which package moves the other bin/sh when busybox is deactivated ** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox +* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]] + #+STARTUP: showall === added file 'bugs.xml' --- bugs.xml 1970-01-01 00:00:00 +0000 +++ bugs.xml 2016-03-05 21:42:56 +0000 @@ -0,0 +1,11 @@ + + + + Please report bugs to the Mandos development mailing list: + mandos-dev@recompile.se (subscription required). + Note that this list is public. The developers can be reached + privately at mandos@recompile.se (OpenPGP key + fingerprint 153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34 + C2C4 for encrypted mail). + === modified file 'debian/control' --- debian/control 2016-02-28 15:11:35 +0000 +++ debian/control 2016-03-05 21:05:11 +0000 @@ -9,7 +9,7 @@ | gnutls-dev (>= 3.3.0), xsltproc, pkg-config, libnl-route-3-dev Build-Depends-Indep: systemd, python (>= 2.7), python (<< 3), - python-dbus, python-avahi, python-gobject | python-gi + python-dbus, python-avahi, python-gi | python-gobject Standards-Version: 3.9.7 Vcs-Bzr: http://ftp.recompile.se/pub/mandos/trunk Vcs-Browser: http://bzr.recompile.se/loggerhead/mandos/trunk/files @@ -19,7 +19,7 @@ Architecture: all Depends: ${misc:Depends}, python (>= 2.7), python (<< 3), libgnutls28-dev (>= 3.3.0) | libgnutls30 (>= 3.3.0), - python-dbus, python-avahi, python-gobject | python-gi, + python-dbus, python-avahi, python-gi | python-gobject, avahi-daemon, adduser, python-urwid, gnupg Recommends: ssh-client | fping Description: server giving encrypted passwords to Mandos clients === modified file 'initramfs-tools-script' --- initramfs-tools-script 2011-07-16 00:29:19 +0000 +++ initramfs-tools-script 2016-03-02 16:45:38 +0000 @@ -94,7 +94,9 @@ # If we are connecting directly, run "configure_networking" (from # /scripts/functions); it needs IPOPTS and DEVICE if [ "${connect+set}" = set ]; then + set +e # Required by library functions configure_networking + set -e if [ -n "$connect" ]; then cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf === modified file 'intro.xml' --- intro.xml 2016-02-28 14:22:10 +0000 +++ intro.xml 2016-03-05 21:42:56 +0000 @@ -1,7 +1,7 @@ + %common; ]> @@ -379,6 +379,11 @@ + + BUGS + + + SEE ALSO === modified file 'mandos' --- mandos 2016-02-29 21:28:39 +0000 +++ mandos 2016-03-05 21:05:11 +0000 @@ -77,9 +77,9 @@ import dbus import dbus.service try: - import gobject + from gi.repository import GObject except ImportError: - from gi.repository import GObject as gobject + import gobject as GObject import avahi from dbus.mainloop.glib import DBusGMainLoop import ctypes @@ -715,17 +715,17 @@ checker: subprocess.Popen(); a running checker process used to see if the client lives. 'None' if no process is running. - checker_callback_tag: a gobject event source tag, or None + checker_callback_tag: a GObject event source tag, or None checker_command: string; External command which is run to check if client lives. %() expansions are done at runtime with vars(self) as dict, so that for instance %(name)s can be used in the command. - checker_initiator_tag: a gobject event source tag, or None + checker_initiator_tag: a GObject event source tag, or None created: datetime.datetime(); (UTC) object creation client_structure: Object describing what attributes a client has and is used for storing the client at exit current_checker_command: string; current running checker_command - disable_initiator_tag: a gobject event source tag, or None + disable_initiator_tag: a GObject event source tag, or None enabled: bool() fingerprint: string (40 or 32 hexadecimal digits); used to uniquely identify the client @@ -885,17 +885,17 @@ if not quiet: logger.info("Disabling client %s", self.name) if getattr(self, "disable_initiator_tag", None) is not None: - gobject.source_remove(self.disable_initiator_tag) + GObject.source_remove(self.disable_initiator_tag) self.disable_initiator_tag = None self.expires = None if getattr(self, "checker_initiator_tag", None) is not None: - gobject.source_remove(self.checker_initiator_tag) + GObject.source_remove(self.checker_initiator_tag) self.checker_initiator_tag = None self.stop_checker() self.enabled = False if not quiet: self.send_changedstate() - # Do not run this again if called by a gobject.timeout_add + # Do not run this again if called by a GObject.timeout_add return False def __del__(self): @@ -905,14 +905,14 @@ # Schedule a new checker to be started an 'interval' from now, # and every interval from then on. if self.checker_initiator_tag is not None: - gobject.source_remove(self.checker_initiator_tag) - self.checker_initiator_tag = gobject.timeout_add( + GObject.source_remove(self.checker_initiator_tag) + self.checker_initiator_tag = GObject.timeout_add( int(self.interval.total_seconds() * 1000), self.start_checker) # Schedule a disable() when 'timeout' has passed if self.disable_initiator_tag is not None: - gobject.source_remove(self.disable_initiator_tag) - self.disable_initiator_tag = gobject.timeout_add( + GObject.source_remove(self.disable_initiator_tag) + self.disable_initiator_tag = GObject.timeout_add( int(self.timeout.total_seconds() * 1000), self.disable) # Also start a new checker *right now*. self.start_checker() @@ -954,10 +954,10 @@ if timeout is None: timeout = self.timeout if self.disable_initiator_tag is not None: - gobject.source_remove(self.disable_initiator_tag) + GObject.source_remove(self.disable_initiator_tag) self.disable_initiator_tag = None if getattr(self, "enabled", False): - self.disable_initiator_tag = gobject.timeout_add( + self.disable_initiator_tag = GObject.timeout_add( int(timeout.total_seconds() * 1000), self.disable) self.expires = datetime.datetime.utcnow() + timeout @@ -1018,16 +1018,16 @@ args = (pipe[1], subprocess.call, command), kwargs = popen_args) self.checker.start() - self.checker_callback_tag = gobject.io_add_watch( - pipe[0].fileno(), gobject.IO_IN, + self.checker_callback_tag = GObject.io_add_watch( + pipe[0].fileno(), GObject.IO_IN, self.checker_callback, pipe[0], command) - # Re-run this periodically if run by gobject.timeout_add + # Re-run this periodically if run by GObject.timeout_add return True def stop_checker(self): """Force the checker process, if any, to stop.""" if self.checker_callback_tag: - gobject.source_remove(self.checker_callback_tag) + GObject.source_remove(self.checker_callback_tag) self.checker_callback_tag = None if getattr(self, "checker", None) is None: return @@ -1807,7 +1807,7 @@ def approve(self, value=True): self.approved = value - gobject.timeout_add(int(self.approval_duration.total_seconds() + GObject.timeout_add(int(self.approval_duration.total_seconds() * 1000), self._reset_approved) self.send_changedstate() @@ -2024,8 +2024,8 @@ if (getattr(self, "disable_initiator_tag", None) is None): return - gobject.source_remove(self.disable_initiator_tag) - self.disable_initiator_tag = gobject.timeout_add( + GObject.source_remove(self.disable_initiator_tag) + self.disable_initiator_tag = GObject.timeout_add( int((self.expires - now).total_seconds() * 1000), self.disable) @@ -2051,8 +2051,8 @@ return if self.enabled: # Reschedule checker run - gobject.source_remove(self.checker_initiator_tag) - self.checker_initiator_tag = gobject.timeout_add( + GObject.source_remove(self.checker_initiator_tag) + self.checker_initiator_tag = GObject.timeout_add( value, self.start_checker) self.start_checker() # Start one now, too @@ -2462,7 +2462,7 @@ gnutls_priority GnuTLS priority string use_dbus: Boolean; to emit D-Bus signals or not - Assumes a gobject.MainLoop event loop. + Assumes a GObject.MainLoop event loop. """ def __init__(self, server_address, RequestHandlerClass, @@ -2493,9 +2493,9 @@ def add_pipe(self, parent_pipe, proc): # Call "handle_ipc" for both data and EOF events - gobject.io_add_watch( + GObject.io_add_watch( parent_pipe.fileno(), - gobject.IO_IN | gobject.IO_HUP, + GObject.IO_IN | GObject.IO_HUP, functools.partial(self.handle_ipc, parent_pipe = parent_pipe, proc = proc)) @@ -2505,7 +2505,7 @@ proc = None, client_object=None): # error, or the other end of multiprocessing.Pipe has closed - if condition & (gobject.IO_ERR | gobject.IO_HUP): + if condition & (GObject.IO_ERR | GObject.IO_HUP): # Wait for other process to exit proc.join() return False @@ -2532,9 +2532,9 @@ parent_pipe.send(False) return False - gobject.io_add_watch( + GObject.io_add_watch( parent_pipe.fileno(), - gobject.IO_IN | gobject.IO_HUP, + GObject.IO_IN | GObject.IO_HUP, functools.partial(self.handle_ipc, parent_pipe = parent_pipe, proc = proc, @@ -2922,10 +2922,12 @@ logger.error("Could not open file %r", pidfilename, exc_info=e) - for name in ("_mandos", "mandos", "nobody"): + for name, group in (("_mandos", "_mandos"), + ("mandos", "mandos"), + ("nobody", "nogroup")): try: uid = pwd.getpwnam(name).pw_uid - gid = pwd.getpwnam(name).pw_gid + gid = pwd.getpwnam(group).pw_gid break except KeyError: continue @@ -2963,14 +2965,14 @@ # Close all input and output, do double fork, etc. daemon() - # multiprocessing will use threads, so before we use gobject we - # need to inform gobject that threads will be used. - gobject.threads_init() + # multiprocessing will use threads, so before we use GObject we + # need to inform GObject that threads will be used. + GObject.threads_init() global main_loop # From the Avahi example code DBusGMainLoop(set_as_default=True) - main_loop = gobject.MainLoop() + main_loop = GObject.MainLoop() bus = dbus.SystemBus() # End of Avahi example code if use_dbus: @@ -3345,7 +3347,7 @@ sys.exit(1) # End of Avahi example code - gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN, + GObject.io_add_watch(tcp_server.fileno(), GObject.IO_IN, lambda *args, **kwargs: (tcp_server.handle_request (*args[2:], **kwargs) or True)) === modified file 'mandos-clients.conf.xml' --- mandos-clients.conf.xml 2016-02-28 14:22:10 +0000 +++ mandos-clients.conf.xml 2016-03-05 21:42:56 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/clients.conf"> - + %common; ]> @@ -463,6 +463,7 @@ %(foo)s is obscure. + === modified file 'mandos-ctl.xml' --- mandos-ctl.xml 2016-02-28 14:22:10 +0000 +++ mandos-ctl.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -514,11 +514,10 @@ - - - - - + + BUGS + + EXAMPLE === modified file 'mandos-keygen.xml' --- mandos-keygen.xml 2016-02-28 14:22:10 +0000 +++ mandos-keygen.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -450,11 +450,10 @@ - - - - - + + BUGS + + EXAMPLE === modified file 'mandos-monitor' --- mandos-monitor 2016-02-29 21:28:39 +0000 +++ mandos-monitor 2016-03-05 21:05:11 +0000 @@ -40,9 +40,9 @@ from dbus.mainloop.glib import DBusGMainLoop try: - import gobject + from gi.repository import GObject except ImportError: - from gi.repository import GObject as gobject + import gobject as GObject import dbus @@ -172,11 +172,11 @@ """ if flag and self._update_timer_callback_tag is None: # Will update the shown timer value every second - self._update_timer_callback_tag = (gobject.timeout_add + self._update_timer_callback_tag = (GObject.timeout_add (1000, self.update_timer)) elif not (flag or self._update_timer_callback_tag is None): - gobject.source_remove(self._update_timer_callback_tag) + GObject.source_remove(self._update_timer_callback_tag) self._update_timer_callback_tag = None def checker_completed(self, exitstatus, condition, command): @@ -309,14 +309,14 @@ self.update_hook() def update_timer(self): - """called by gobject. Will indefinitely loop until - gobject.source_remove() on tag is called""" + """called by GObject. Will indefinitely loop until + GObject.source_remove() on tag is called""" self.update() return True # Keep calling this def delete(self, **kwargs): if self._update_timer_callback_tag is not None: - gobject.source_remove(self._update_timer_callback_tag) + GObject.source_remove(self._update_timer_callback_tag) self._update_timer_callback_tag = None for match in self.match_objects: match.remove() @@ -465,7 +465,7 @@ "q: Quit ?: Help")) self.busname = domain + '.Mandos' - self.main_loop = gobject.MainLoop() + self.main_loop = GObject.MainLoop() def client_not_found(self, fingerprint, address): self.log_message("Client with address {} and fingerprint {}" @@ -640,13 +640,13 @@ path=path) self.refresh() - self._input_callback_tag = (gobject.io_add_watch + self._input_callback_tag = (GObject.io_add_watch (sys.stdin.fileno(), - gobject.IO_IN, + GObject.IO_IN, self.process_input)) self.main_loop.run() # Main loop has finished, we should close everything now - gobject.source_remove(self._input_callback_tag) + GObject.source_remove(self._input_callback_tag) self.screen.stop() def stop(self): === modified file 'mandos-monitor.xml' --- mandos-monitor.xml 2016-02-28 14:22:10 +0000 +++ mandos-monitor.xml 2016-03-05 21:46:00 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -199,9 +199,10 @@ BUGS This program can currently only be used to monitor and control a - Mandos server with the default D-Bus service name of - Mandos. + Mandos server with the default D-Bus bus name of + se.recompile.Mandos. + === modified file 'mandos.conf.xml' --- mandos.conf.xml 2016-02-28 14:22:10 +0000 +++ mandos.conf.xml 2016-03-05 21:42:56 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/mandos.conf"> - + %common; ]> @@ -204,6 +204,7 @@ built-in module ConfigParser requires it. + === modified file 'mandos.service' --- mandos.service 2015-08-10 16:19:28 +0000 +++ mandos.service 2016-03-04 22:07:35 +0000 @@ -21,6 +21,13 @@ ## bind() on the socket, and also won't announce the ZeroConf service. #ExecStart=/usr/sbin/mandos --foreground --socket=0 #StandardInput=socket +# Restrict what the Mandos daemon can do. Note that this also affects +# "checker" programs! +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +CapabilityBoundingSet=CAP_SETUID CAP_DAC_OVERRIDE CAP_NET_RAW [Install] WantedBy=multi-user.target === modified file 'mandos.xml' --- mandos.xml 2016-02-28 14:22:10 +0000 +++ mandos.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -588,6 +588,7 @@ This server does not check the expire time of clients’ OpenPGP keys. + === modified file 'plugin-runner.xml' --- plugin-runner.xml 2016-02-28 14:22:10 +0000 +++ plugin-runner.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -554,6 +554,7 @@ The option is ignored when specified from within a configuration file. + === modified file 'plugins.d/askpass-fifo.xml' --- plugins.d/askpass-fifo.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/askpass-fifo.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -43,7 +43,6 @@ Teddy Hogeborn Björn Påhlsson - @@ -118,6 +117,11 @@ + + BUGS + + + EXAMPLE === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2016-02-28 20:38:55 +0000 +++ plugins.d/mandos-client.c 2016-03-05 20:11:10 +0000 @@ -817,54 +817,54 @@ /* Set effective uid to 0, return errno */ __attribute__((warn_unused_result)) -error_t raise_privileges(void){ - error_t old_errno = errno; - error_t ret_errno = 0; +int raise_privileges(void){ + int old_errno = errno; + int ret = 0; if(seteuid(0) == -1){ - ret_errno = errno; + ret = errno; } errno = old_errno; - return ret_errno; + return ret; } /* Set effective and real user ID to 0. Return errno. */ __attribute__((warn_unused_result)) -error_t raise_privileges_permanently(void){ - error_t old_errno = errno; - error_t ret_errno = raise_privileges(); - if(ret_errno != 0){ +int raise_privileges_permanently(void){ + int old_errno = errno; + int ret = raise_privileges(); + if(ret != 0){ errno = old_errno; - return ret_errno; + return ret; } if(setuid(0) == -1){ - ret_errno = errno; + ret = errno; } errno = old_errno; - return ret_errno; + return ret; } /* Set effective user ID to unprivileged saved user ID */ __attribute__((warn_unused_result)) -error_t lower_privileges(void){ - error_t old_errno = errno; - error_t ret_errno = 0; +int lower_privileges(void){ + int old_errno = errno; + int ret = 0; if(seteuid(uid) == -1){ - ret_errno = errno; + ret = errno; } errno = old_errno; - return ret_errno; + return ret; } /* Lower privileges permanently */ __attribute__((warn_unused_result)) -error_t lower_privileges_permanently(void){ - error_t old_errno = errno; - error_t ret_errno = 0; +int lower_privileges_permanently(void){ + int old_errno = errno; + int ret = 0; if(setuid(uid) == -1){ - ret_errno = errno; + ret = errno; } errno = old_errno; - return ret_errno; + return ret; } /* Helper function to add_local_route() and delete_local_route() */ @@ -1623,13 +1623,13 @@ __attribute__((nonnull, warn_unused_result)) bool get_flags(const char *ifname, struct ifreq *ifr){ int ret; - error_t ret_errno; + int old_errno; int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); if(s < 0){ - ret_errno = errno; + old_errno = errno; perror_plus("socket"); - errno = ret_errno; + errno = old_errno; return false; } strncpy(ifr->ifr_name, ifname, IF_NAMESIZE); @@ -1637,9 +1637,9 @@ ret = ioctl(s, SIOCGIFFLAGS, ifr); if(ret == -1){ if(debug){ - ret_errno = errno; + old_errno = errno; perror_plus("ioctl SIOCGIFFLAGS"); - errno = ret_errno; + errno = old_errno; } return false; } @@ -2071,9 +2071,9 @@ } __attribute__((nonnull, warn_unused_result)) -error_t bring_up_interface(const char *const interface, - const float delay){ - error_t old_errno = errno; +int bring_up_interface(const char *const interface, + const float delay){ + int old_errno = errno; int ret; struct ifreq network; unsigned int if_index = if_nametoindex(interface); @@ -2089,7 +2089,8 @@ } if(not interface_is_up(interface)){ - error_t ret_errno = 0, ioctl_errno = 0; + int ret_errno = 0; + int ioctl_errno = 0; if(not get_flags(interface, &network)){ ret_errno = errno; fprintf_plus(stderr, "Failed to get flags for interface " @@ -2198,8 +2199,8 @@ } __attribute__((nonnull, warn_unused_result)) -error_t take_down_interface(const char *const interface){ - error_t old_errno = errno; +int take_down_interface(const char *const interface){ + int old_errno = errno; struct ifreq network; unsigned int if_index = if_nametoindex(interface); if(if_index == 0){ @@ -2208,7 +2209,8 @@ return ENXIO; } if(interface_is_up(interface)){ - error_t ret_errno = 0, ioctl_errno = 0; + int ret_errno = 0; + int ioctl_errno = 0; if(not get_flags(interface, &network) and debug){ ret_errno = errno; fprintf_plus(stderr, "Failed to get flags for interface " @@ -2464,14 +2466,14 @@ .args_doc = "", .doc = "Mandos client -- Get and decrypt" " passwords from a Mandos server" }; - ret = argp_parse(&argp, argc, argv, - ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL); - switch(ret){ + ret_errno = argp_parse(&argp, argc, argv, + ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL); + switch(ret_errno){ case 0: break; case ENOMEM: default: - errno = ret; + errno = ret_errno; perror_plus("argp_parse"); exitcode = EX_OSERR; goto end; @@ -2486,9 +2488,9 @@ */ /* Re-raise privileges */ - ret_errno = raise_privileges(); - if(ret_errno != 0){ - errno = ret_errno; + ret = raise_privileges(); + if(ret != 0){ + errno = ret; perror_plus("Failed to raise privileges"); } else { struct stat st; @@ -2558,9 +2560,9 @@ } /* Lower privileges */ - ret_errno = lower_privileges(); - if(ret_errno != 0){ - errno = ret_errno; + ret = lower_privileges(); + if(ret != 0){ + errno = ret; perror_plus("Failed to lower privileges"); } } @@ -2894,7 +2896,7 @@ /* Allocate a new server */ mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll), - &config, NULL, NULL, &ret_errno); + &config, NULL, NULL, &ret); /* Free the Avahi configuration data */ avahi_server_config_free(&config); @@ -2903,7 +2905,7 @@ /* Check if creating the Avahi server object succeeded */ if(mc.server == NULL){ fprintf_plus(stderr, "Failed to create Avahi server: %s\n", - avahi_strerror(ret_errno)); + avahi_strerror(ret)); exitcode = EX_UNAVAILABLE; goto end; } @@ -2989,9 +2991,9 @@ /* Re-raise privileges */ { - ret_errno = raise_privileges(); - if(ret_errno != 0){ - errno = ret_errno; + ret = raise_privileges(); + if(ret != 0){ + errno = ret; perror_plus("Failed to raise privileges"); } else { @@ -3005,9 +3007,9 @@ while((interface=argz_next(interfaces_to_take_down, interfaces_to_take_down_size, interface))){ - ret_errno = take_down_interface(interface); - if(ret_errno != 0){ - errno = ret_errno; + ret = take_down_interface(interface); + if(ret != 0){ + errno = ret; perror_plus("Failed to take down interface"); } } @@ -3018,9 +3020,9 @@ } } - ret_errno = lower_privileges_permanently(); - if(ret_errno != 0){ - errno = ret_errno; + ret = lower_privileges_permanently(); + if(ret != 0){ + errno = ret; perror_plus("Failed to lower privileges permanently"); } } === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/mandos-client.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -693,11 +693,10 @@ - - - - - + + BUGS + + EXAMPLE === modified file 'plugins.d/password-prompt.xml' --- plugins.d/password-prompt.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/password-prompt.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -226,9 +226,7 @@ BUGS - - None are known at this time. - + === modified file 'plugins.d/plymouth.xml' --- plugins.d/plymouth.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/plymouth.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -205,6 +205,7 @@ daemon and starting a new one is ugly, but necessary as long as it does not support aborting a password request. + === modified file 'plugins.d/splashy.xml' --- plugins.d/splashy.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/splashy.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -209,6 +209,7 @@ is ugly, but necessary as long as it does not support aborting a password request. + === modified file 'plugins.d/usplash.xml' --- plugins.d/usplash.xml 2016-02-28 14:22:10 +0000 +++ plugins.d/usplash.xml 2016-03-05 21:42:56 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -223,6 +223,7 @@ is ugly, but necessary as long as it does not support aborting a password request. +