=== modified file 'TODO' --- TODO 2008-08-09 04:56:00 +0000 +++ TODO 2008-08-09 15:56:13 +0000 @@ -1,8 +1,8 @@ -*- org -*- -* README file +* [#A] README file -* COPYING file +* [#A] COPYING file [[file:/usr/share/common-licenses/GPL-3][GPLv3]] * Mandos-client @@ -14,9 +14,9 @@ * Password-request ** [#A] Man page: man8/password-request.8mandos -** [#A] check return codes of all system calls -** [#B] header files/symbols tally ** [#B] Fix %d format strings to use [[https://secure.wikimedia.org/wikipedia/en/wiki/Inttypes.h][]] +** start_mandos_communication: loop around gnutls_handshake + [[info:gnutls.info.gz:Core%20functions][gnutls_handshake]] ** IPv4 support ** use strsep instead of strtok? ** Do not depend on GPG key rings on disk @@ -56,6 +56,8 @@ * Installer ** [#A] Change initrd.img file to not be publically readable + /etc/initramfs-tools/conf.d/mandos + UMASK=027 ** [#A] Create /etc/initramfs-tools/hooks/mandos [[file:/usr/share/doc/initramfs-tools/examples/example_hook][Example initramfs-tools hook script]] ** [#A] Create GPG key ring files in initrd === modified file 'mandos-client.c' --- mandos-client.c 2008-08-09 04:42:39 +0000 +++ mandos-client.c 2008-08-09 15:36:06 +0000 @@ -292,7 +292,7 @@ ret = argp_parse (&argp, argc, argv, 0, 0, &plugin_list); if (ret == ARGP_ERR_UNKNOWN){ - perror("argp_parse"); + fprintf(stderr, "Unkown error while parsing arguments\n"); exitstatus = EXIT_FAILURE; goto end; } @@ -329,7 +329,7 @@ } ret = argp_parse (&argp, new_argc, plus_argv, 0, 0, &plugin_list); if (ret == ARGP_ERR_UNKNOWN){ - perror("argp_parse"); + fprintf(stderr, "Unkown error while parsing arguments\n"); exitstatus = EXIT_FAILURE; goto end; } === modified file 'plugins.d/password-prompt.c' --- plugins.d/password-prompt.c 2008-08-09 04:42:39 +0000 +++ plugins.d/password-prompt.c 2008-08-09 15:36:06 +0000 @@ -105,7 +105,7 @@ .doc = "Mandos Passprompt -- Provides a passprompt" }; ret = argp_parse (&argp, argc, argv, 0, 0, NULL); if (ret == ARGP_ERR_UNKNOWN){ - perror("argp_parse"); + fprintf(stderr, "Unkown error while parsing arguments\n"); return EXIT_FAILURE; } } === modified file 'plugins.d/password-request.c' --- plugins.d/password-request.c 2008-08-09 04:42:39 +0000 +++ plugins.d/password-request.c 2008-08-09 15:36:06 +0000 @@ -34,99 +34,66 @@ #define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */ -#include /* fprintf(), stderr, fwrite(), stdout, ferror() */ +#include /* fprintf(), stderr, fwrite(), stdout, + ferror() */ #include /* uint16_t, uint32_t */ #include /* NULL, size_t, ssize_t */ -#include /* free() */ +#include /* free(), EXIT_SUCCESS, EXIT_FAILURE, + srand() */ #include /* bool, true */ -#include /* memset(), strcmp(), strlen, strerror() */ -#include /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, - SIOCSIFFLAGS */ +#include /* memset(), strcmp(), strlen(), + strerror(), memcpy(), strcpy() */ +#include /* ioctl */ +#include /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS, + IFF_UP */ #include /* socket(), inet_pton(), sockaddr, - sockaddr_in6, PF_INET6, SOCK_STREAM, INET6_ADDRSTRLEN */ + sockaddr_in6, PF_INET6, + SOCK_STREAM, INET6_ADDRSTRLEN, + uid_t, gid_t */ #include /* socket(), struct sockaddr_in6, struct in6_addr, inet_pton(), connect() */ -#include -#include /* perror() */ -#include +#include /* assert() */ +#include /* perror(), errno */ +#include /* time() */ #include /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS, if_indextoname(), if_nametoindex(), IF_NAMESIZE */ -#include /* close(), SEEK_SET, off_t, write()*/ +#include /* close(), SEEK_SET, off_t, write(), + getuid(), getgid(), setuid(), + setgid() */ #include #include /* inet_pton(), htons */ -#include /* not */ -#include /* struct argp_option, - struct argp_state, struct argp, - argp_parse() */ +#include /* not, and */ +#include /* struct argp_option, error_t, struct + argp_state, struct argp, + argp_parse(), ARGP_KEY_ARG, + ARGP_KEY_END, ARGP_ERR_UNKNOWN */ /* Avahi */ -#include /* AvahiSimplePoll, AvahiServer, - AvahiIfIndex */ +/* All Avahi types, constants and functions + Avahi*, avahi_*, + AVAHI_* */ +#include #include -#include /* AvahiLogLevel */ +#include #include #include #include /* GnuTLS */ -#include /* gnutls_certificate_credentials_t, - gnutls_dh_params_t, - gnutls_strerror(), - gnutls_global_init(), - gnutls_global_set_log_level(), - gnutls_global_set_log_function(), - gnutls_certificate_allocate_credentials(), - gnutls_global_deinit(), - gnutls_dh_params_init(), - gnutls_dh_params_generate(), - gnutls_certificate_set_dh_params(), - gnutls_certificate_free_credentials(), - gnutls_session_t, gnutls_init(), - gnutls_priority_set_direct(), - gnutls_deinit(), - gnutls_credentials_set(), - gnutls_certificate_server_set_request(), - gnutls_dh_set_prime_bits(), - gnutls_transport_set_ptr(), - gnutls_transport_ptr_t, - gnutls_handshake(), - gnutls_record_recv() - gnutls_perror(), gnutls_bye(), +#include /* All GnuTLS types, constants and functions + gnutls_* init_gnutls_session(), - GNUTLS_E_SUCCESS, - GNUTLS_CRD_CERTIFICATE, - GNUTLS_CERT_IGNORE, - GNUTLS_E_INTERRUPTED, - GNUTLS_E_AGAIN, - GNUTLS_E_REHANDSHAKE, - GNUTLS_SHUT_RDWR, */ -#include /* gnutls_certificate_set_openpgp_key_file(), - GNUTLS_OPENPGP_FMT_BASE64 */ + GNUTLS_* */ +#include /* gnutls_certificate_set_openpgp_key_file(), + GNUTLS_OPENPGP_FMT_BASE64 */ /* GPGME */ -#include /* gpgme_data_t, gpgme_ctx_t, - gpgme_error_t, gpgme_engine_info_t, - gpgme_check_version(), - gpgme_engine_check_version(), - gpgme_strsource(), - gpgme_strerror(), - gpgme_get_engine_info(), - gpgme_set_engine_info(), - gpgme_data_new_from_mem(), - gpgme_data_new(), gpgme_new(), - gpgme_op_decrypt(), - gpgme_decrypt_result_t, - gpgme_op_decrypt_result(), - gpgme_recipient_t, - gpgme_pubkey_algo_name(), - gpgme_data_seek(), - gpgme_data_read(), - gpgme_data_release() +#include /* All GPGME types, constants and functions + gpgme_* GPGME_PROTOCOL_OpenPGP, - GPG_ERR_NO_ERROR, - GPG_ERR_NO_SECKEY, */ + GPG_ERR_NO_* */ #define BUFFER_SIZE 256 @@ -354,9 +321,9 @@ if(debug){ fprintf(stderr, "Initializing GnuTLS\n"); } - - if ((ret = gnutls_global_init ()) - != GNUTLS_E_SUCCESS) { + + ret = gnutls_global_init(); + if (ret != GNUTLS_E_SUCCESS) { fprintf (stderr, "GnuTLS global_init: %s\n", safer_gnutls_strerror(ret)); return -1; @@ -371,8 +338,8 @@ } /* OpenPGP credentials */ - if ((ret = gnutls_certificate_allocate_credentials (&mc->cred)) - != GNUTLS_E_SUCCESS) { + gnutls_certificate_allocate_credentials(&mc->cred); + if (ret != GNUTLS_E_SUCCESS){ fprintf (stderr, "GnuTLS memory error: %s\n", safer_gnutls_strerror(ret)); gnutls_global_deinit (); @@ -571,8 +538,10 @@ } gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd); - - ret = gnutls_handshake (session); + + do{ + ret = gnutls_handshake (session); + } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED); if (ret != GNUTLS_E_SUCCESS){ if(debug){ @@ -610,7 +579,9 @@ case GNUTLS_E_AGAIN: break; case GNUTLS_E_REHANDSHAKE: - ret = gnutls_handshake (session); + do{ + ret = gnutls_handshake (session); + } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED); if (ret < 0){ fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n"); gnutls_perror (ret); @@ -891,7 +862,12 @@ .args_doc = "", .doc = "Mandos client -- Get and decrypt" " passwords from mandos server" }; - argp_parse (&argp, argc, argv, 0, 0, NULL); + ret = argp_parse (&argp, argc, argv, 0, 0, NULL); + if (ret == ARGP_ERR_UNKNOWN){ + fprintf(stderr, "Unkown error while parsing arguments\n"); + exitcode = EXIT_FAILURE; + goto end; + } } pubkeyfile = combinepath(keydir, pubkeyfile); @@ -1069,7 +1045,7 @@ free(seckeyfile); if (gnutls_initalized){ - gnutls_certificate_free_credentials (mc.cred); + gnutls_certificate_free_credentials(mc.cred); gnutls_global_deinit (); }