(root)/mandos/release
» Revision
110
(compared to revision 237.2.147)
: plugins.d/password-request.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 110
- compare with another revision
- download diff
- download tarball
- view history from revision 110
- Committer: Teddy Hogeborn
- Date: 2008-08-29 05:53:59 UTC
- Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
- files added:
- plugins.d/usplash
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- .bzrignore
added
removed
plugins.d/password-request.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
3
* Mandos client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
13
*
15
14
* This program is free software: you can redistribute it and/or
16
15
* modify it under the terms of the GNU General Public License as
30
29
*/
31
30
32
31
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
34
32
#define _LARGEFILE_SOURCE
35
#endif
36
#ifndef _FILE_OFFSET_BITS
37
33
#define _FILE_OFFSET_BITS 64
38
#endif
39
34
40
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
36
42
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
38
stdout, ferror() */
44
39
#include <stdint.h> /* uint16_t, uint32_t */
45
40
#include <stddef.h> /* NULL, size_t, ssize_t */
46
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
47
srand(), strtof(), abort() */
48
#include <stdbool.h> /* bool, false, true */
42
srand() */
43
#include <stdbool.h> /* bool, true */
49
44
#include <string.h> /* memset(), strcmp(), strlen(),
50
45
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
46
#include <sys/ioctl.h> /* ioctl */
52
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
48
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open() */
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
57
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect() */
59
#include <fcntl.h> /* open() */
60
#include <dirent.h> /* opendir(), struct dirent, readdir()
61
*/
62
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
strtoimax() */
53
struct in6_addr, inet_pton(),
54
connect() */
64
55
#include <assert.h> /* assert() */
65
56
#include <errno.h> /* perror(), errno */
66
#include <time.h> /* nanosleep(), time() */
57
#include <time.h> /* time() */
67
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
68
59
SIOCSIFFLAGS, if_indextoname(),
69
60
if_nametoindex(), IF_NAMESIZE */
70
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
71
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
*/
73
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
74
getuid(), getgid(), seteuid(),
75
setgid(), pause() */
62
getuid(), getgid(), setuid(),
63
setgid() */
64
#include <netinet/in.h>
76
65
#include <arpa/inet.h> /* inet_pton(), htons */
77
#include <iso646.h> /* not, or, and */
66
#include <iso646.h> /* not, and */
78
67
#include <argp.h> /* struct argp_option, error_t, struct
79
68
argp_state, struct argp,
80
69
argp_parse(), ARGP_KEY_ARG,
81
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
82
#include <signal.h> /* sigemptyset(), sigaddset(),
83
sigaction(), SIGTERM, sig_atomic_t,
84
raise() */
85
86
#ifdef __linux__
87
#include <sys/klog.h> /* klogctl() */
88
#endif /* __linux__ */
89
71
90
72
/* Avahi */
91
73
/* All Avahi types, constants and functions
104
86
gnutls_*
105
87
init_gnutls_session(),
106
88
GNUTLS_* */
107
#include <gnutls/openpgp.h>
108
/* gnutls_certificate_set_openpgp_key_file(),
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
109
90
GNUTLS_OPENPGP_FMT_BASE64 */
110
91
111
92
/* GPGME */
117
98
118
99
#define BUFFER_SIZE 256
119
100
120
#define PATHDIR "/conf/conf.d/mandos"
121
#define SECKEY "seckey.txt"
122
#define PUBKEY "pubkey.txt"
123
124
101
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
125
103
static const char mandos_protocol_version[] = "1";
126
const char *argp_program_version = "mandos-client " VERSION;
104
const char *argp_program_version = "password-request 1.0";
127
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
128
106
129
107
/* Used for passing in values through the Avahi callback functions */
134
112
unsigned int dh_bits;
135
113
gnutls_dh_params_t dh_params;
136
114
const char *priority;
137
gpgme_ctx_t ctx;
138
115
} mandos_context;
139
116
140
/* global context so signal handler can reach it*/
141
mandos_context mc = { .simple_poll = NULL, .server = NULL,
142
.dh_bits = 1024, .priority = "SECURE256"
143
":!CTYPE-X.509:+CTYPE-OPENPGP" };
144
145
sig_atomic_t quit_now = 0;
146
int signal_received = 0;
147
148
117
/*
149
* Make additional room in "buffer" for at least BUFFER_SIZE more
150
* bytes. "buffer_capacity" is how much is currently allocated,
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
151
120
* "buffer_length" is how much is already used.
152
121
*/
153
size_t incbuffer(char **buffer, size_t buffer_length,
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
154
123
size_t buffer_capacity){
155
if(buffer_length + BUFFER_SIZE > buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
156
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
157
if(buffer == NULL){
126
if (buffer == NULL){
158
127
return 0;
159
128
}
160
129
buffer_capacity += BUFFER_SIZE;
163
132
}
164
133
165
134
/*
166
* Initialize GPGME.
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
167
137
*/
168
static bool init_gpgme(const char *seckey,
169
const char *pubkey, const char *tempdir){
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
141
const char *homedir){
142
gpgme_data_t dh_crypto, dh_plain;
143
gpgme_ctx_t ctx;
170
144
gpgme_error_t rc;
145
ssize_t ret;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
171
148
gpgme_engine_info_t engine_info;
172
149
173
174
/*
175
* Helper function to insert pub and seckey to the engine keyring.
176
*/
177
bool import_key(const char *filename){
178
int ret;
179
int fd;
180
gpgme_data_t pgp_data;
181
182
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
183
if(fd == -1){
184
perror("open");
185
return false;
186
}
187
188
rc = gpgme_data_new_from_fd(&pgp_data, fd);
189
if(rc != GPG_ERR_NO_ERROR){
190
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
191
gpgme_strsource(rc), gpgme_strerror(rc));
192
return false;
193
}
194
195
rc = gpgme_op_import(mc.ctx, pgp_data);
196
if(rc != GPG_ERR_NO_ERROR){
197
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
198
gpgme_strsource(rc), gpgme_strerror(rc));
199
return false;
200
}
201
202
ret = (int)TEMP_FAILURE_RETRY(close(fd));
203
if(ret == -1){
204
perror("close");
205
}
206
gpgme_data_release(pgp_data);
207
return true;
208
}
209
210
if(debug){
211
fprintf(stderr, "Initializing GPGME\n");
150
if (debug){
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
212
152
}
213
153
214
154
/* Init GPGME */
215
155
gpgme_check_version(NULL);
216
156
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
217
if(rc != GPG_ERR_NO_ERROR){
157
if (rc != GPG_ERR_NO_ERROR){
218
158
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
219
159
gpgme_strsource(rc), gpgme_strerror(rc));
220
return false;
160
return -1;
221
161
}
222
162
223
/* Set GPGME home directory for the OpenPGP engine only */
224
rc = gpgme_get_engine_info(&engine_info);
225
if(rc != GPG_ERR_NO_ERROR){
163
/* Set GPGME home directory for the OpenPGP engine only */
164
rc = gpgme_get_engine_info (&engine_info);
165
if (rc != GPG_ERR_NO_ERROR){
226
166
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
227
167
gpgme_strsource(rc), gpgme_strerror(rc));
228
return false;
168
return -1;
229
169
}
230
170
while(engine_info != NULL){
231
171
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
232
172
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
233
engine_info->file_name, tempdir);
173
engine_info->file_name, homedir);
234
174
break;
235
175
}
236
176
engine_info = engine_info->next;
237
177
}
238
178
if(engine_info == NULL){
239
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
240
return false;
241
}
242
243
/* Create new GPGME "context" */
244
rc = gpgme_new(&(mc.ctx));
245
if(rc != GPG_ERR_NO_ERROR){
246
fprintf(stderr, "bad gpgme_new: %s: %s\n",
247
gpgme_strsource(rc), gpgme_strerror(rc));
248
return false;
249
}
250
251
if(not import_key(pubkey) or not import_key(seckey)){
252
return false;
253
}
254
255
return true;
256
}
257
258
/*
259
* Decrypt OpenPGP data.
260
* Returns -1 on error
261
*/
262
static ssize_t pgp_packet_decrypt(const char *cryptotext,
263
size_t crypto_size,
264
char **plaintext){
265
gpgme_data_t dh_crypto, dh_plain;
266
gpgme_error_t rc;
267
ssize_t ret;
268
size_t plaintext_capacity = 0;
269
ssize_t plaintext_length = 0;
270
271
if(debug){
272
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
180
return -1;
273
181
}
274
182
275
183
/* Create new GPGME data buffer from memory cryptotext */
276
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
277
185
0);
278
if(rc != GPG_ERR_NO_ERROR){
186
if (rc != GPG_ERR_NO_ERROR){
279
187
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
280
188
gpgme_strsource(rc), gpgme_strerror(rc));
281
189
return -1;
283
191
284
192
/* Create new empty GPGME data buffer for the plaintext */
285
193
rc = gpgme_data_new(&dh_plain);
286
if(rc != GPG_ERR_NO_ERROR){
194
if (rc != GPG_ERR_NO_ERROR){
287
195
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
288
196
gpgme_strsource(rc), gpgme_strerror(rc));
289
197
gpgme_data_release(dh_crypto);
290
198
return -1;
291
199
}
292
200
201
/* Create new GPGME "context" */
202
rc = gpgme_new(&ctx);
203
if (rc != GPG_ERR_NO_ERROR){
204
fprintf(stderr, "bad gpgme_new: %s: %s\n",
205
gpgme_strsource(rc), gpgme_strerror(rc));
206
plaintext_length = -1;
207
goto decrypt_end;
208
}
209
293
210
/* Decrypt data from the cryptotext data buffer to the plaintext
294
211
data buffer */
295
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
296
if(rc != GPG_ERR_NO_ERROR){
212
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
213
if (rc != GPG_ERR_NO_ERROR){
297
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
298
215
gpgme_strsource(rc), gpgme_strerror(rc));
299
216
plaintext_length = -1;
300
if(debug){
217
if (debug){
301
218
gpgme_decrypt_result_t result;
302
result = gpgme_op_decrypt_result(mc.ctx);
303
if(result == NULL){
219
result = gpgme_op_decrypt_result(ctx);
220
if (result == NULL){
304
221
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
305
222
} else {
306
223
fprintf(stderr, "Unsupported algorithm: %s\n",
312
229
}
313
230
gpgme_recipient_t recipient;
314
231
recipient = result->recipients;
315
while(recipient != NULL){
316
fprintf(stderr, "Public key algorithm: %s\n",
317
gpgme_pubkey_algo_name(recipient->pubkey_algo));
318
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
319
fprintf(stderr, "Secret key available: %s\n",
320
recipient->status == GPG_ERR_NO_SECKEY
321
? "No" : "Yes");
322
recipient = recipient->next;
232
if(recipient){
233
while(recipient != NULL){
234
fprintf(stderr, "Public key algorithm: %s\n",
235
gpgme_pubkey_algo_name(recipient->pubkey_algo));
236
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
237
fprintf(stderr, "Secret key available: %s\n",
238
recipient->status == GPG_ERR_NO_SECKEY
239
? "No" : "Yes");
240
recipient = recipient->next;
241
}
323
242
}
324
243
}
325
244
}
331
250
}
332
251
333
252
/* Seek back to the beginning of the GPGME plaintext data buffer */
334
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
335
perror("gpgme_data_seek");
253
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
254
perror("pgpme_data_seek");
336
255
plaintext_length = -1;
337
256
goto decrypt_end;
338
257
}
339
258
340
259
*plaintext = NULL;
341
260
while(true){
342
plaintext_capacity = incbuffer(plaintext,
261
plaintext_capacity = adjustbuffer(plaintext,
343
262
(size_t)plaintext_length,
344
263
plaintext_capacity);
345
if(plaintext_capacity == 0){
346
perror("incbuffer");
264
if (plaintext_capacity == 0){
265
perror("adjustbuffer");
347
266
plaintext_length = -1;
348
267
goto decrypt_end;
349
268
}
351
270
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
352
271
BUFFER_SIZE);
353
272
/* Print the data, if any */
354
if(ret == 0){
273
if (ret == 0){
355
274
/* EOF */
356
275
break;
357
276
}
362
281
}
363
282
plaintext_length += ret;
364
283
}
365
284
366
285
if(debug){
367
286
fprintf(stderr, "Decrypted password is: ");
368
287
for(ssize_t i = 0; i < plaintext_length; i++){
381
300
return plaintext_length;
382
301
}
383
302
384
static const char * safer_gnutls_strerror(int value){
385
const char *ret = gnutls_strerror(value); /* Spurious warning from
386
-Wunreachable-code */
387
if(ret == NULL)
303
static const char * safer_gnutls_strerror (int value) {
304
const char *ret = gnutls_strerror (value); /* Spurious warning */
305
if (ret == NULL)
388
306
ret = "(unknown)";
389
307
return ret;
390
308
}
395
313
fprintf(stderr, "GnuTLS: %s", string);
396
314
}
397
315
398
static int init_gnutls_global(const char *pubkeyfilename,
316
static int init_gnutls_global(mandos_context *mc,
317
const char *pubkeyfilename,
399
318
const char *seckeyfilename){
400
319
int ret;
401
320
404
323
}
405
324
406
325
ret = gnutls_global_init();
407
if(ret != GNUTLS_E_SUCCESS){
408
fprintf(stderr, "GnuTLS global_init: %s\n",
409
safer_gnutls_strerror(ret));
326
if (ret != GNUTLS_E_SUCCESS) {
327
fprintf (stderr, "GnuTLS global_init: %s\n",
328
safer_gnutls_strerror(ret));
410
329
return -1;
411
330
}
412
331
413
if(debug){
332
if (debug){
414
333
/* "Use a log level over 10 to enable all debugging options."
415
334
* - GnuTLS manual
416
335
*/
419
338
}
420
339
421
340
/* OpenPGP credentials */
422
gnutls_certificate_allocate_credentials(&mc.cred);
423
if(ret != GNUTLS_E_SUCCESS){
424
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
425
from
426
-Wunreachable-code
427
*/
428
safer_gnutls_strerror(ret));
429
gnutls_global_deinit();
341
gnutls_certificate_allocate_credentials(&mc->cred);
342
if (ret != GNUTLS_E_SUCCESS){
343
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
344
warning */
345
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
430
347
return -1;
431
348
}
432
349
433
350
if(debug){
434
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
435
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
351
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
436
353
seckeyfilename);
437
354
}
438
355
439
356
ret = gnutls_certificate_set_openpgp_key_file
440
(mc.cred, pubkeyfilename, seckeyfilename,
357
(mc->cred, pubkeyfilename, seckeyfilename,
441
358
GNUTLS_OPENPGP_FMT_BASE64);
442
if(ret != GNUTLS_E_SUCCESS){
359
if (ret != GNUTLS_E_SUCCESS) {
443
360
fprintf(stderr,
444
361
"Error[%d] while reading the OpenPGP key pair ('%s',"
445
362
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
446
fprintf(stderr, "The GnuTLS error is: %s\n",
363
fprintf(stdout, "The GnuTLS error is: %s\n",
447
364
safer_gnutls_strerror(ret));
448
365
goto globalfail;
449
366
}
450
367
451
368
/* GnuTLS server initialization */
452
ret = gnutls_dh_params_init(&mc.dh_params);
453
if(ret != GNUTLS_E_SUCCESS){
454
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
455
" %s\n", safer_gnutls_strerror(ret));
456
goto globalfail;
457
}
458
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
459
if(ret != GNUTLS_E_SUCCESS){
460
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
461
safer_gnutls_strerror(ret));
462
goto globalfail;
463
}
464
465
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
466
369
ret = gnutls_dh_params_init(&mc->dh_params);
370
if (ret != GNUTLS_E_SUCCESS) {
371
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
372
" %s\n", safer_gnutls_strerror(ret));
373
goto globalfail;
374
}
375
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
376
if (ret != GNUTLS_E_SUCCESS) {
377
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
378
safer_gnutls_strerror(ret));
379
goto globalfail;
380
}
381
382
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
383
467
384
return 0;
468
385
469
386
globalfail:
470
471
gnutls_certificate_free_credentials(mc.cred);
387
388
gnutls_certificate_free_credentials(mc->cred);
472
389
gnutls_global_deinit();
473
gnutls_dh_params_deinit(mc.dh_params);
474
390
return -1;
391
475
392
}
476
393
477
static int init_gnutls_session(gnutls_session_t *session){
394
static int init_gnutls_session(mandos_context *mc,
395
gnutls_session_t *session){
478
396
int ret;
479
397
/* GnuTLS session creation */
480
do {
481
ret = gnutls_init(session, GNUTLS_SERVER);
482
if(quit_now){
483
return -1;
484
}
485
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
486
if(ret != GNUTLS_E_SUCCESS){
398
ret = gnutls_init(session, GNUTLS_SERVER);
399
if (ret != GNUTLS_E_SUCCESS){
487
400
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
488
401
safer_gnutls_strerror(ret));
489
402
}
490
403
491
404
{
492
405
const char *err;
493
do {
494
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
495
if(quit_now){
496
gnutls_deinit(*session);
497
return -1;
498
}
499
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
500
if(ret != GNUTLS_E_SUCCESS){
406
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
407
if (ret != GNUTLS_E_SUCCESS) {
501
408
fprintf(stderr, "Syntax error at: %s\n", err);
502
409
fprintf(stderr, "GnuTLS error: %s\n",
503
410
safer_gnutls_strerror(ret));
504
gnutls_deinit(*session);
411
gnutls_deinit (*session);
505
412
return -1;
506
413
}
507
414
}
508
415
509
do {
510
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
511
mc.cred);
512
if(quit_now){
513
gnutls_deinit(*session);
514
return -1;
515
}
516
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
517
if(ret != GNUTLS_E_SUCCESS){
416
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
417
mc->cred);
418
if (ret != GNUTLS_E_SUCCESS) {
518
419
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
519
420
safer_gnutls_strerror(ret));
520
gnutls_deinit(*session);
421
gnutls_deinit (*session);
521
422
return -1;
522
423
}
523
424
524
425
/* ignore client certificate if any. */
525
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
426
gnutls_certificate_server_set_request (*session,
427
GNUTLS_CERT_IGNORE);
526
428
527
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
429
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
528
430
529
431
return 0;
530
432
}
536
438
/* Called when a Mandos server is found */
537
439
static int start_mandos_communication(const char *ip, uint16_t port,
538
440
AvahiIfIndex if_index,
539
int af){
540
int ret, tcp_sd = -1;
541
ssize_t sret;
542
union {
543
struct sockaddr_in in;
544
struct sockaddr_in6 in6;
545
} to;
441
mandos_context *mc){
442
int ret, tcp_sd;
443
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
546
444
char *buffer = NULL;
547
char *decrypted_buffer = NULL;
445
char *decrypted_buffer;
548
446
size_t buffer_length = 0;
549
447
size_t buffer_capacity = 0;
448
ssize_t decrypted_buffer_size;
550
449
size_t written;
551
int retval = -1;
450
int retval = 0;
451
char interface[IF_NAMESIZE];
552
452
gnutls_session_t session;
553
int pf; /* Protocol family */
554
555
if(quit_now){
556
return -1;
557
}
558
559
switch(af){
560
case AF_INET6:
561
pf = PF_INET6;
562
break;
563
case AF_INET:
564
pf = PF_INET;
565
break;
566
default:
567
fprintf(stderr, "Bad address family: %d\n", af);
568
return -1;
569
}
570
571
ret = init_gnutls_session(&session);
572
if(ret != 0){
453
454
ret = init_gnutls_session (mc, &session);
455
if (ret != 0){
573
456
return -1;
574
457
}
575
458
576
459
if(debug){
577
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
460
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
578
461
"\n", ip, port);
579
462
}
580
463
581
tcp_sd = socket(pf, SOCK_STREAM, 0);
582
if(tcp_sd < 0){
464
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
465
if(tcp_sd < 0) {
583
466
perror("socket");
584
goto mandos_end;
467
return -1;
585
468
}
586
587
if(quit_now){
588
goto mandos_end;
469
470
if(debug){
471
if(if_indextoname((unsigned int)if_index, interface) == NULL){
472
perror("if_indextoname");
473
return -1;
474
}
475
fprintf(stderr, "Binding to interface %s\n", interface);
589
476
}
590
477
591
478
memset(&to, 0, sizeof(to));
592
if(af == AF_INET6){
593
to.in6.sin6_family = (sa_family_t)af;
594
ret = inet_pton(af, ip, &to.in6.sin6_addr);
595
} else { /* IPv4 */
596
to.in.sin_family = (sa_family_t)af;
597
ret = inet_pton(af, ip, &to.in.sin_addr);
598
}
599
if(ret < 0 ){
479
to.in6.sin6_family = AF_INET6;
480
/* It would be nice to have a way to detect if we were passed an
481
IPv4 address here. Now we assume an IPv6 address. */
482
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
483
if (ret < 0 ){
600
484
perror("inet_pton");
601
goto mandos_end;
485
return -1;
602
486
}
603
487
if(ret == 0){
604
488
fprintf(stderr, "Bad address: %s\n", ip);
605
goto mandos_end;
606
}
607
if(af == AF_INET6){
608
to.in6.sin6_port = htons(port); /* Spurious warnings from
609
-Wconversion and
610
-Wunreachable-code */
611
612
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
613
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
614
-Wunreachable-code*/
615
if(if_index == AVAHI_IF_UNSPEC){
616
fprintf(stderr, "An IPv6 link-local address is incomplete"
617
" without a network interface\n");
618
goto mandos_end;
619
}
620
/* Set the network interface number as scope */
621
to.in6.sin6_scope_id = (uint32_t)if_index;
622
}
623
} else {
624
to.in.sin_port = htons(port); /* Spurious warnings from
625
-Wconversion and
626
-Wunreachable-code */
627
}
489
return -1;
490
}
491
to.in6.sin6_port = htons(port); /* Spurious warning */
628
492
629
if(quit_now){
630
goto mandos_end;
631
}
493
to.in6.sin6_scope_id = (uint32_t)if_index;
632
494
633
495
if(debug){
634
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
635
char interface[IF_NAMESIZE];
636
if(if_indextoname((unsigned int)if_index, interface) == NULL){
637
perror("if_indextoname");
638
} else {
639
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
640
ip, interface, port);
641
}
642
} else {
643
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
644
port);
645
}
646
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
647
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
648
const char *pcret;
649
if(af == AF_INET6){
650
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
651
sizeof(addrstr));
652
} else {
653
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
654
sizeof(addrstr));
655
}
656
if(pcret == NULL){
496
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
497
port);
498
char addrstr[INET6_ADDRSTRLEN] = "";
499
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
500
sizeof(addrstr)) == NULL){
657
501
perror("inet_ntop");
658
502
} else {
659
503
if(strcmp(addrstr, ip) != 0){
662
506
}
663
507
}
664
508
665
if(quit_now){
666
goto mandos_end;
667
}
668
669
if(af == AF_INET6){
670
ret = connect(tcp_sd, &to.in6, sizeof(to));
671
} else {
672
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
673
}
674
if(ret < 0){
509
ret = connect(tcp_sd, &to.in, sizeof(to));
510
if (ret < 0){
675
511
perror("connect");
676
goto mandos_end;
677
}
678
679
if(quit_now){
680
goto mandos_end;
681
}
682
512
return -1;
513
}
514
683
515
const char *out = mandos_protocol_version;
684
516
written = 0;
685
while(true){
517
while (true){
686
518
size_t out_size = strlen(out);
687
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
519
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
688
520
out_size - written));
689
if(ret == -1){
521
if (ret == -1){
690
522
perror("write");
523
retval = -1;
691
524
goto mandos_end;
692
525
}
693
526
written += (size_t)ret;
694
527
if(written < out_size){
695
528
continue;
696
529
} else {
697
if(out == mandos_protocol_version){
530
if (out == mandos_protocol_version){
698
531
written = 0;
699
532
out = "\r\n";
700
533
} else {
701
534
break;
702
535
}
703
536
}
704
705
if(quit_now){
706
goto mandos_end;
707
}
708
537
}
709
538
710
539
if(debug){
711
540
fprintf(stderr, "Establishing TLS session with %s\n", ip);
712
541
}
713
542
714
if(quit_now){
715
goto mandos_end;
716
}
717
718
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
719
720
if(quit_now){
721
goto mandos_end;
722
}
723
724
do {
725
ret = gnutls_handshake(session);
726
if(quit_now){
727
goto mandos_end;
728
}
543
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
544
545
do{
546
ret = gnutls_handshake (session);
729
547
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
730
548
731
if(ret != GNUTLS_E_SUCCESS){
549
if (ret != GNUTLS_E_SUCCESS){
732
550
if(debug){
733
551
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
734
gnutls_perror(ret);
552
gnutls_perror (ret);
735
553
}
554
retval = -1;
736
555
goto mandos_end;
737
556
}
738
557
739
558
/* Read OpenPGP packet that contains the wanted password */
740
559
741
560
if(debug){
742
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
561
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
743
562
ip);
744
563
}
745
564
746
565
while(true){
747
748
if(quit_now){
749
goto mandos_end;
750
}
751
752
buffer_capacity = incbuffer(&buffer, buffer_length,
566
buffer_capacity = adjustbuffer(&buffer, buffer_length,
753
567
buffer_capacity);
754
if(buffer_capacity == 0){
755
perror("incbuffer");
756
goto mandos_end;
757
}
758
759
if(quit_now){
760
goto mandos_end;
761
}
762
763
sret = gnutls_record_recv(session, buffer+buffer_length,
764
BUFFER_SIZE);
765
if(sret == 0){
568
if (buffer_capacity == 0){
569
perror("adjustbuffer");
570
retval = -1;
571
goto mandos_end;
572
}
573
574
ret = gnutls_record_recv(session, buffer+buffer_length,
575
BUFFER_SIZE);
576
if (ret == 0){
766
577
break;
767
578
}
768
if(sret < 0){
769
switch(sret){
579
if (ret < 0){
580
switch(ret){
770
581
case GNUTLS_E_INTERRUPTED:
771
582
case GNUTLS_E_AGAIN:
772
583
break;
773
584
case GNUTLS_E_REHANDSHAKE:
774
do {
775
ret = gnutls_handshake(session);
776
777
if(quit_now){
778
goto mandos_end;
779
}
585
do{
586
ret = gnutls_handshake (session);
780
587
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
781
if(ret < 0){
588
if (ret < 0){
782
589
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
783
gnutls_perror(ret);
590
gnutls_perror (ret);
591
retval = -1;
784
592
goto mandos_end;
785
593
}
786
594
break;
787
595
default:
788
596
fprintf(stderr, "Unknown error while reading data from"
789
597
" encrypted session with Mandos server\n");
790
gnutls_bye(session, GNUTLS_SHUT_RDWR);
598
retval = -1;
599
gnutls_bye (session, GNUTLS_SHUT_RDWR);
791
600
goto mandos_end;
792
601
}
793
602
} else {
794
buffer_length += (size_t) sret;
603
buffer_length += (size_t) ret;
795
604
}
796
605
}
797
606
799
608
fprintf(stderr, "Closing TLS session\n");
800
609
}
801
610
802
if(quit_now){
803
goto mandos_end;
804
}
805
806
do {
807
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
808
if(quit_now){
809
goto mandos_end;
810
}
811
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
812
813
if(buffer_length > 0){
814
ssize_t decrypted_buffer_size;
611
gnutls_bye (session, GNUTLS_SHUT_RDWR);
612
613
if (buffer_length > 0){
815
614
decrypted_buffer_size = pgp_packet_decrypt(buffer,
816
615
buffer_length,
817
&decrypted_buffer);
818
if(decrypted_buffer_size >= 0){
819
616
&decrypted_buffer,
617
keydir);
618
if (decrypted_buffer_size >= 0){
820
619
written = 0;
821
620
while(written < (size_t) decrypted_buffer_size){
822
if(quit_now){
823
goto mandos_end;
824
}
825
826
ret = (int)fwrite(decrypted_buffer + written, 1,
827
(size_t)decrypted_buffer_size - written,
828
stdout);
621
ret = (int)fwrite (decrypted_buffer + written, 1,
622
(size_t)decrypted_buffer_size - written,
623
stdout);
829
624
if(ret == 0 and ferror(stdout)){
830
625
if(debug){
831
626
fprintf(stderr, "Error writing encrypted data: %s\n",
832
627
strerror(errno));
833
628
}
834
goto mandos_end;
629
retval = -1;
630
break;
835
631
}
836
632
written += (size_t)ret;
837
633
}
838
retval = 0;
634
free(decrypted_buffer);
635
} else {
636
retval = -1;
839
637
}
638
} else {
639
retval = -1;
840
640
}
841
641
842
642
/* Shutdown procedure */
843
643
844
644
mandos_end:
845
free(decrypted_buffer);
846
645
free(buffer);
847
if(tcp_sd >= 0){
848
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
849
}
850
if(ret == -1){
851
perror("close");
852
}
853
gnutls_deinit(session);
854
if(quit_now){
855
retval = -1;
856
}
646
close(tcp_sd);
647
gnutls_deinit (session);
857
648
return retval;
858
649
}
859
650
860
651
static void resolve_callback(AvahiSServiceResolver *r,
861
652
AvahiIfIndex interface,
862
AvahiProtocol proto,
653
AVAHI_GCC_UNUSED AvahiProtocol protocol,
863
654
AvahiResolverEvent event,
864
655
const char *name,
865
656
const char *type,
870
661
AVAHI_GCC_UNUSED AvahiStringList *txt,
871
662
AVAHI_GCC_UNUSED AvahiLookupResultFlags
872
663
flags,
873
AVAHI_GCC_UNUSED void* userdata){
664
void* userdata) {
665
mandos_context *mc = userdata;
874
666
assert(r);
875
667
876
668
/* Called whenever a service has been resolved successfully or
877
669
timed out */
878
670
879
if(quit_now){
880
return;
881
}
882
883
switch(event){
671
switch (event) {
884
672
default:
885
673
case AVAHI_RESOLVER_FAILURE:
886
674
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
887
675
" of type '%s' in domain '%s': %s\n", name, type, domain,
888
avahi_strerror(avahi_server_errno(mc.server)));
676
avahi_strerror(avahi_server_errno(mc->server)));
889
677
break;
890
678
891
679
case AVAHI_RESOLVER_FOUND:
894
682
avahi_address_snprint(ip, sizeof(ip), address);
895
683
if(debug){
896
684
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
897
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
898
ip, (intmax_t)interface, port);
685
PRIu16 ") on port %d\n", name, host_name, ip,
686
interface, port);
899
687
}
900
int ret = start_mandos_communication(ip, port, interface,
901
avahi_proto_to_af(proto));
902
if(ret == 0){
903
avahi_simple_poll_quit(mc.simple_poll);
688
int ret = start_mandos_communication(ip, port, interface, mc);
689
if (ret == 0){
690
avahi_simple_poll_quit(mc->simple_poll);
904
691
}
905
692
}
906
693
}
907
694
avahi_s_service_resolver_free(r);
908
695
}
909
696
910
static void browse_callback(AvahiSServiceBrowser *b,
911
AvahiIfIndex interface,
912
AvahiProtocol protocol,
913
AvahiBrowserEvent event,
914
const char *name,
915
const char *type,
916
const char *domain,
917
AVAHI_GCC_UNUSED AvahiLookupResultFlags
918
flags,
919
AVAHI_GCC_UNUSED void* userdata){
697
static void browse_callback( AvahiSServiceBrowser *b,
698
AvahiIfIndex interface,
699
AvahiProtocol protocol,
700
AvahiBrowserEvent event,
701
const char *name,
702
const char *type,
703
const char *domain,
704
AVAHI_GCC_UNUSED AvahiLookupResultFlags
705
flags,
706
void* userdata) {
707
mandos_context *mc = userdata;
920
708
assert(b);
921
709
922
710
/* Called whenever a new services becomes available on the LAN or
923
711
is removed from the LAN */
924
712
925
if(quit_now){
926
return;
927
}
928
929
switch(event){
713
switch (event) {
930
714
default:
931
715
case AVAHI_BROWSER_FAILURE:
932
716
933
717
fprintf(stderr, "(Avahi browser) %s\n",
934
avahi_strerror(avahi_server_errno(mc.server)));
935
avahi_simple_poll_quit(mc.simple_poll);
718
avahi_strerror(avahi_server_errno(mc->server)));
719
avahi_simple_poll_quit(mc->simple_poll);
936
720
return;
937
721
938
722
case AVAHI_BROWSER_NEW:
941
725
the callback function is called the Avahi server will free the
942
726
resolver for us. */
943
727
944
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
945
name, type, domain, protocol, 0,
946
resolve_callback, NULL) == NULL)
728
if (!(avahi_s_service_resolver_new(mc->server, interface,
729
protocol, name, type, domain,
730
AVAHI_PROTO_INET6, 0,
731
resolve_callback, mc)))
947
732
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
948
name, avahi_strerror(avahi_server_errno(mc.server)));
733
name, avahi_strerror(avahi_server_errno(mc->server)));
949
734
break;
950
735
951
736
case AVAHI_BROWSER_REMOVE:
960
745
}
961
746
}
962
747
963
/* stop main loop after sigterm has been called */
964
static void handle_sigterm(int sig){
965
if(quit_now){
966
return;
967
}
968
quit_now = 1;
969
signal_received = sig;
970
int old_errno = errno;
971
if(mc.simple_poll != NULL){
972
avahi_simple_poll_quit(mc.simple_poll);
973
}
974
errno = old_errno;
748
/* Combines file name and path and returns the malloced new
749
string. some sane checks could/should be added */
750
static char *combinepath(const char *first, const char *second){
751
char *tmp;
752
int ret = asprintf(&tmp, "%s/%s", first, second);
753
if(ret < 0){
754
return NULL;
755
}
756
return tmp;
975
757
}
976
758
759
977
760
int main(int argc, char *argv[]){
978
AvahiSServiceBrowser *sb = NULL;
979
int error;
980
int ret;
981
intmax_t tmpmax;
982
char *tmp;
983
int exitcode = EXIT_SUCCESS;
984
const char *interface = "eth0";
985
struct ifreq network;
986
int sd = -1;
987
bool take_down_interface = false;
988
uid_t uid;
989
gid_t gid;
990
char *connect_to = NULL;
991
char tempdir[] = "/tmp/mandosXXXXXX";
992
bool tempdir_created = false;
993
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
994
const char *seckey = PATHDIR "/" SECKEY;
995
const char *pubkey = PATHDIR "/" PUBKEY;
996
997
bool gnutls_initialized = false;
998
bool gpgme_initialized = false;
999
float delay = 2.5f;
1000
1001
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
1002
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
1003
1004
uid = getuid();
1005
gid = getgid();
1006
1007
/* Lower any group privileges we might have, just to be safe */
1008
errno = 0;
1009
ret = setgid(gid);
1010
if(ret == -1){
1011
perror("setgid");
1012
}
1013
1014
/* Lower user privileges (temporarily) */
1015
errno = 0;
1016
ret = seteuid(uid);
1017
if(ret == -1){
1018
perror("seteuid");
1019
}
1020
1021
if(quit_now){
1022
goto end;
1023
}
1024
1025
{
1026
struct argp_option options[] = {
1027
{ .name = "debug", .key = 128,
1028
.doc = "Debug mode", .group = 3 },
1029
{ .name = "connect", .key = 'c',
1030
.arg = "ADDRESS:PORT",
1031
.doc = "Connect directly to a specific Mandos server",
1032
.group = 1 },
1033
{ .name = "interface", .key = 'i',
1034
.arg = "NAME",
1035
.doc = "Network interface that will be used to search for"
1036
" Mandos servers",
1037
.group = 1 },
1038
{ .name = "seckey", .key = 's',
1039
.arg = "FILE",
1040
.doc = "OpenPGP secret key file base name",
1041
.group = 1 },
1042
{ .name = "pubkey", .key = 'p',
1043
.arg = "FILE",
1044
.doc = "OpenPGP public key file base name",
1045
.group = 2 },
1046
{ .name = "dh-bits", .key = 129,
1047
.arg = "BITS",
1048
.doc = "Bit length of the prime number used in the"
1049
" Diffie-Hellman key exchange",
1050
.group = 2 },
1051
{ .name = "priority", .key = 130,
1052
.arg = "STRING",
1053
.doc = "GnuTLS priority string for the TLS handshake",
1054
.group = 1 },
1055
{ .name = "delay", .key = 131,
1056
.arg = "SECONDS",
1057
.doc = "Maximum delay to wait for interface startup",
1058
.group = 2 },
1059
{ .name = NULL }
1060
};
1061
1062
error_t parse_opt(int key, char *arg,
1063
struct argp_state *state){
1064
switch(key){
1065
case 128: /* --debug */
1066
debug = true;
1067
break;
1068
case 'c': /* --connect */
1069
connect_to = arg;
1070
break;
1071
case 'i': /* --interface */
1072
interface = arg;
1073
break;
1074
case 's': /* --seckey */
1075
seckey = arg;
1076
break;
1077
case 'p': /* --pubkey */
1078
pubkey = arg;
1079
break;
1080
case 129: /* --dh-bits */
1081
errno = 0;
1082
tmpmax = strtoimax(arg, &tmp, 10);
1083
if(errno != 0 or tmp == arg or *tmp != '\0'
1084
or tmpmax != (typeof(mc.dh_bits))tmpmax){
1085
fprintf(stderr, "Bad number of DH bits\n");
1086
exit(EXIT_FAILURE);
1087
}
1088
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1089
break;
1090
case 130: /* --priority */
1091
mc.priority = arg;
1092
break;
1093
case 131: /* --delay */
1094
errno = 0;
1095
delay = strtof(arg, &tmp);
1096
if(errno != 0 or tmp == arg or *tmp != '\0'){
1097
fprintf(stderr, "Bad delay\n");
1098
exit(EXIT_FAILURE);
1099
}
1100
break;
1101
case ARGP_KEY_ARG:
1102
argp_usage(state);
1103
case ARGP_KEY_END:
1104
break;
1105
default:
1106
return ARGP_ERR_UNKNOWN;
1107
}
1108
return 0;
1109
}
1110
1111
struct argp argp = { .options = options, .parser = parse_opt,
1112
.args_doc = "",
1113
.doc = "Mandos client -- Get and decrypt"
1114
" passwords from a Mandos server" };
1115
ret = argp_parse(&argp, argc, argv, 0, 0, NULL);
1116
if(ret == ARGP_ERR_UNKNOWN){
1117
fprintf(stderr, "Unknown error while parsing arguments\n");
1118
exitcode = EXIT_FAILURE;
1119
goto end;
1120
}
1121
}
1122
1123
if(not debug){
1124
avahi_set_log_function(empty_log);
1125
}
1126
1127
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
1128
from the signal handler */
1129
/* Initialize the pseudo-RNG for Avahi */
1130
srand((unsigned int) time(NULL));
1131
mc.simple_poll = avahi_simple_poll_new();
1132
if(mc.simple_poll == NULL){
1133
fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1134
exitcode = EXIT_FAILURE;
1135
goto end;
1136
}
1137
1138
sigemptyset(&sigterm_action.sa_mask);
1139
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1140
if(ret == -1){
1141
perror("sigaddset");
1142
exitcode = EXIT_FAILURE;
1143
goto end;
1144
}
1145
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1146
if(ret == -1){
1147
perror("sigaddset");
1148
exitcode = EXIT_FAILURE;
1149
goto end;
1150
}
1151
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1152
if(ret == -1){
1153
perror("sigaddset");
1154
exitcode = EXIT_FAILURE;
1155
goto end;
1156
}
1157
/* Need to check if the handler is SIG_IGN before handling:
1158
| [[info:libc:Initial Signal Actions]] |
1159
| [[info:libc:Basic Signal Handling]] |
1160
*/
1161
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1162
if(ret == -1){
1163
perror("sigaction");
1164
return EXIT_FAILURE;
1165
}
1166
if(old_sigterm_action.sa_handler != SIG_IGN){
1167
ret = sigaction(SIGINT, &sigterm_action, NULL);
1168
if(ret == -1){
1169
perror("sigaction");
1170
exitcode = EXIT_FAILURE;
1171
goto end;
1172
}
1173
}
1174
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1175
if(ret == -1){
1176
perror("sigaction");
1177
return EXIT_FAILURE;
1178
}
1179
if(old_sigterm_action.sa_handler != SIG_IGN){
1180
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1181
if(ret == -1){
1182
perror("sigaction");
1183
exitcode = EXIT_FAILURE;
1184
goto end;
1185
}
1186
}
1187
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1188
if(ret == -1){
1189
perror("sigaction");
1190
return EXIT_FAILURE;
1191
}
1192
if(old_sigterm_action.sa_handler != SIG_IGN){
1193
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1194
if(ret == -1){
1195
perror("sigaction");
1196
exitcode = EXIT_FAILURE;
1197
goto end;
1198
}
1199
}
1200
1201
/* If the interface is down, bring it up */
1202
if(interface[0] != '\0'){
761
AvahiSServiceBrowser *sb = NULL;
762
int error;
763
int ret;
764
int exitcode = EXIT_SUCCESS;
765
const char *interface = "eth0";
766
struct ifreq network;
767
int sd;
768
uid_t uid;
769
gid_t gid;
770
char *connect_to = NULL;
771
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
772
char *pubkeyfilename = NULL;
773
char *seckeyfilename = NULL;
774
const char *pubkeyname = "pubkey.txt";
775
const char *seckeyname = "seckey.txt";
776
mandos_context mc = { .simple_poll = NULL, .server = NULL,
777
.dh_bits = 1024, .priority = "SECURE256"};
778
bool gnutls_initalized = false;
779
780
{
781
struct argp_option options[] = {
782
{ .name = "debug", .key = 128,
783
.doc = "Debug mode", .group = 3 },
784
{ .name = "connect", .key = 'c',
785
.arg = "IP",
786
.doc = "Connect directly to a sepcified mandos server",
787
.group = 1 },
788
{ .name = "interface", .key = 'i',
789
.arg = "INTERFACE",
790
.doc = "Interface that Avahi will conntect through",
791
.group = 1 },
792
{ .name = "keydir", .key = 'd',
793
.arg = "KEYDIR",
794
.doc = "Directory where the openpgp keyring is",
795
.group = 1 },
796
{ .name = "seckey", .key = 's',
797
.arg = "SECKEY",
798
.doc = "Secret openpgp key for gnutls authentication",
799
.group = 1 },
800
{ .name = "pubkey", .key = 'p',
801
.arg = "PUBKEY",
802
.doc = "Public openpgp key for gnutls authentication",
803
.group = 2 },
804
{ .name = "dh-bits", .key = 129,
805
.arg = "BITS",
806
.doc = "dh-bits to use in gnutls communication",
807
.group = 2 },
808
{ .name = "priority", .key = 130,
809
.arg = "PRIORITY",
810
.doc = "GNUTLS priority", .group = 1 },
811
{ .name = NULL }
812
};
813
814
815
error_t parse_opt (int key, char *arg,
816
struct argp_state *state) {
817
/* Get the INPUT argument from `argp_parse', which we know is
818
a pointer to our plugin list pointer. */
819
switch (key) {
820
case 128:
821
debug = true;
822
break;
823
case 'c':
824
connect_to = arg;
825
break;
826
case 'i':
827
interface = arg;
828
break;
829
case 'd':
830
keydir = arg;
831
break;
832
case 's':
833
seckeyname = arg;
834
break;
835
case 'p':
836
pubkeyname = arg;
837
break;
838
case 129:
839
errno = 0;
840
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
841
if (errno){
842
perror("strtol");
843
exit(EXIT_FAILURE);
844
}
845
break;
846
case 130:
847
mc.priority = arg;
848
break;
849
case ARGP_KEY_ARG:
850
argp_usage (state);
851
case ARGP_KEY_END:
852
break;
853
default:
854
return ARGP_ERR_UNKNOWN;
855
}
856
return 0;
857
}
858
859
struct argp argp = { .options = options, .parser = parse_opt,
860
.args_doc = "",
861
.doc = "Mandos client -- Get and decrypt"
862
" passwords from mandos server" };
863
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
864
if (ret == ARGP_ERR_UNKNOWN){
865
fprintf(stderr, "Unknown error while parsing arguments\n");
866
exitcode = EXIT_FAILURE;
867
goto end;
868
}
869
}
870
871
pubkeyfilename = combinepath(keydir, pubkeyname);
872
if (pubkeyfilename == NULL){
873
perror("combinepath");
874
exitcode = EXIT_FAILURE;
875
goto end;
876
}
877
878
seckeyfilename = combinepath(keydir, seckeyname);
879
if (seckeyfilename == NULL){
880
perror("combinepath");
881
exitcode = EXIT_FAILURE;
882
goto end;
883
}
884
885
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
886
if (ret == -1){
887
fprintf(stderr, "init_gnutls_global failed\n");
888
exitcode = EXIT_FAILURE;
889
goto end;
890
} else {
891
gnutls_initalized = true;
892
}
893
894
/* If the interface is down, bring it up */
895
{
896
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
897
if(sd < 0) {
898
perror("socket");
899
exitcode = EXIT_FAILURE;
900
goto end;
901
}
902
strcpy(network.ifr_name, interface);
903
ret = ioctl(sd, SIOCGIFFLAGS, &network);
904
if(ret == -1){
905
perror("ioctl SIOCGIFFLAGS");
906
exitcode = EXIT_FAILURE;
907
goto end;
908
}
909
if((network.ifr_flags & IFF_UP) == 0){
910
network.ifr_flags |= IFF_UP;
911
ret = ioctl(sd, SIOCSIFFLAGS, &network);
912
if(ret == -1){
913
perror("ioctl SIOCSIFFLAGS");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
close(sd);
919
}
920
921
uid = getuid();
922
gid = getgid();
923
924
ret = setuid(uid);
925
if (ret == -1){
926
perror("setuid");
927
}
928
929
setgid(gid);
930
if (ret == -1){
931
perror("setgid");
932
}
933
1203
934
if_index = (AvahiIfIndex) if_nametoindex(interface);
1204
935
if(if_index == 0){
1205
936
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1206
exitcode = EXIT_FAILURE;
1207
goto end;
1208
}
1209
1210
if(quit_now){
1211
goto end;
1212
}
1213
1214
/* Re-raise priviliges */
1215
errno = 0;
1216
ret = seteuid(0);
1217
if(ret == -1){
1218
perror("seteuid");
1219
}
1220
1221
#ifdef __linux__
1222
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1223
messages to mess up the prompt */
1224
ret = klogctl(8, NULL, 5);
1225
bool restore_loglevel = true;
1226
if(ret == -1){
1227
restore_loglevel = false;
1228
perror("klogctl");
1229
}
1230
#endif /* __linux__ */
1231
1232
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1233
if(sd < 0){
1234
perror("socket");
1235
exitcode = EXIT_FAILURE;
1236
#ifdef __linux__
1237
if(restore_loglevel){
1238
ret = klogctl(7, NULL, 0);
1239
if(ret == -1){
1240
perror("klogctl");
1241
}
1242
}
1243
#endif /* __linux__ */
1244
/* Lower privileges */
1245
errno = 0;
1246
ret = seteuid(uid);
1247
if(ret == -1){
1248
perror("seteuid");
1249
}
1250
goto end;
1251
}
1252
strcpy(network.ifr_name, interface);
1253
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1254
if(ret == -1){
1255
perror("ioctl SIOCGIFFLAGS");
1256
#ifdef __linux__
1257
if(restore_loglevel){
1258
ret = klogctl(7, NULL, 0);
1259
if(ret == -1){
1260
perror("klogctl");
1261
}
1262
}
1263
#endif /* __linux__ */
1264
exitcode = EXIT_FAILURE;
1265
/* Lower privileges */
1266
errno = 0;
1267
ret = seteuid(uid);
1268
if(ret == -1){
1269
perror("seteuid");
1270
}
1271
goto end;
1272
}
1273
if((network.ifr_flags & IFF_UP) == 0){
1274
network.ifr_flags |= IFF_UP;
1275
take_down_interface = true;
1276
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1277
if(ret == -1){
1278
take_down_interface = false;
1279
perror("ioctl SIOCSIFFLAGS");
1280
exitcode = EXIT_FAILURE;
1281
#ifdef __linux__
1282
if(restore_loglevel){
1283
ret = klogctl(7, NULL, 0);
1284
if(ret == -1){
1285
perror("klogctl");
1286
}
1287
}
1288
#endif /* __linux__ */
1289
/* Lower privileges */
1290
errno = 0;
1291
ret = seteuid(uid);
1292
if(ret == -1){
1293
perror("seteuid");
1294
}
1295
goto end;
1296
}
1297
}
1298
/* sleep checking until interface is running */
1299
for(int i=0; i < delay * 4; i++){
1300
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1301
if(ret == -1){
1302
perror("ioctl SIOCGIFFLAGS");
1303
} else if(network.ifr_flags & IFF_RUNNING){
1304
break;
1305
}
1306
struct timespec sleeptime = { .tv_nsec = 250000000 };
1307
ret = nanosleep(&sleeptime, NULL);
1308
if(ret == -1 and errno != EINTR){
1309
perror("nanosleep");
1310
}
1311
}
1312
if(not take_down_interface){
1313
/* We won't need the socket anymore */
1314
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1315
if(ret == -1){
1316
perror("close");
1317
}
1318
}
1319
#ifdef __linux__
1320
if(restore_loglevel){
1321
/* Restores kernel loglevel to default */
1322
ret = klogctl(7, NULL, 0);
1323
if(ret == -1){
1324
perror("klogctl");
1325
}
1326
}
1327
#endif /* __linux__ */
1328
/* Lower privileges */
1329
errno = 0;
1330
if(take_down_interface){
1331
/* Lower privileges */
1332
ret = seteuid(uid);
1333
if(ret == -1){
1334
perror("seteuid");
1335
}
1336
} else {
1337
/* Lower privileges permanently */
1338
ret = setuid(uid);
1339
if(ret == -1){
1340
perror("setuid");
1341
}
1342
}
1343
}
1344
1345
if(quit_now){
1346
goto end;
1347
}
1348
1349
ret = init_gnutls_global(pubkey, seckey);
1350
if(ret == -1){
1351
fprintf(stderr, "init_gnutls_global failed\n");
1352
exitcode = EXIT_FAILURE;
1353
goto end;
1354
} else {
1355
gnutls_initialized = true;
1356
}
1357
1358
if(quit_now){
1359
goto end;
1360
}
1361
1362
tempdir_created = true;
1363
if(mkdtemp(tempdir) == NULL){
1364
tempdir_created = false;
1365
perror("mkdtemp");
1366
goto end;
1367
}
1368
1369
if(quit_now){
1370
goto end;
1371
}
1372
1373
if(not init_gpgme(pubkey, seckey, tempdir)){
1374
fprintf(stderr, "init_gpgme failed\n");
1375
exitcode = EXIT_FAILURE;
1376
goto end;
1377
} else {
1378
gpgme_initialized = true;
1379
}
1380
1381
if(quit_now){
1382
goto end;
1383
}
1384
1385
if(connect_to != NULL){
1386
/* Connect directly, do not use Zeroconf */
1387
/* (Mainly meant for debugging) */
1388
char *address = strrchr(connect_to, ':');
1389
if(address == NULL){
1390
fprintf(stderr, "No colon in address\n");
1391
exitcode = EXIT_FAILURE;
1392
goto end;
1393
}
1394
1395
if(quit_now){
1396
goto end;
1397
}
1398
1399
uint16_t port;
1400
errno = 0;
1401
tmpmax = strtoimax(address+1, &tmp, 10);
1402
if(errno != 0 or tmp == address+1 or *tmp != '\0'
1403
or tmpmax != (uint16_t)tmpmax){
1404
fprintf(stderr, "Bad port number\n");
1405
exitcode = EXIT_FAILURE;
1406
goto end;
1407
}
1408
1409
if(quit_now){
1410
goto end;
1411
}
1412
1413
port = (uint16_t)tmpmax;
1414
*address = '\0';
1415
address = connect_to;
1416
/* Colon in address indicates IPv6 */
1417
int af;
1418
if(strchr(address, ':') != NULL){
1419
af = AF_INET6;
1420
} else {
1421
af = AF_INET;
1422
}
1423
1424
if(quit_now){
1425
goto end;
1426
}
1427
1428
ret = start_mandos_communication(address, port, if_index, af);
1429
if(ret < 0){
1430
exitcode = EXIT_FAILURE;
1431
} else {
1432
exitcode = EXIT_SUCCESS;
1433
}
1434
goto end;
1435
}
1436
1437
if(quit_now){
1438
goto end;
1439
}
1440
1441
{
1442
AvahiServerConfig config;
1443
/* Do not publish any local Zeroconf records */
1444
avahi_server_config_init(&config);
1445
config.publish_hinfo = 0;
1446
config.publish_addresses = 0;
1447
config.publish_workstation = 0;
1448
config.publish_domain = 0;
1449
1450
/* Allocate a new server */
1451
mc.server = avahi_server_new(avahi_simple_poll_get
1452
(mc.simple_poll), &config, NULL,
1453
NULL, &error);
1454
1455
/* Free the Avahi configuration data */
1456
avahi_server_config_free(&config);
1457
}
1458
1459
/* Check if creating the Avahi server object succeeded */
1460
if(mc.server == NULL){
1461
fprintf(stderr, "Failed to create Avahi server: %s\n",
1462
avahi_strerror(error));
1463
exitcode = EXIT_FAILURE;
1464
goto end;
1465
}
1466
1467
if(quit_now){
1468
goto end;
1469
}
1470
1471
/* Create the Avahi service browser */
1472
sb = avahi_s_service_browser_new(mc.server, if_index,
1473
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
1474
NULL, 0, browse_callback, NULL);
1475
if(sb == NULL){
1476
fprintf(stderr, "Failed to create service browser: %s\n",
1477
avahi_strerror(avahi_server_errno(mc.server)));
1478
exitcode = EXIT_FAILURE;
1479
goto end;
1480
}
1481
1482
if(quit_now){
1483
goto end;
1484
}
1485
1486
/* Run the main loop */
1487
1488
if(debug){
1489
fprintf(stderr, "Starting Avahi loop search\n");
1490
}
1491
1492
avahi_simple_poll_loop(mc.simple_poll);
1493
937
exit(EXIT_FAILURE);
938
}
939
940
if(connect_to != NULL){
941
/* Connect directly, do not use Zeroconf */
942
/* (Mainly meant for debugging) */
943
char *address = strrchr(connect_to, ':');
944
if(address == NULL){
945
fprintf(stderr, "No colon in address\n");
946
exitcode = EXIT_FAILURE;
947
goto end;
948
}
949
errno = 0;
950
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
951
if(errno){
952
perror("Bad port number");
953
exitcode = EXIT_FAILURE;
954
goto end;
955
}
956
*address = '\0';
957
address = connect_to;
958
ret = start_mandos_communication(address, port, if_index, &mc);
959
if(ret < 0){
960
exitcode = EXIT_FAILURE;
961
} else {
962
exitcode = EXIT_SUCCESS;
963
}
964
goto end;
965
}
966
967
if (not debug){
968
avahi_set_log_function(empty_log);
969
}
970
971
/* Initialize the pseudo-RNG for Avahi */
972
srand((unsigned int) time(NULL));
973
974
/* Allocate main Avahi loop object */
975
mc.simple_poll = avahi_simple_poll_new();
976
if (mc.simple_poll == NULL) {
977
fprintf(stderr, "Avahi: Failed to create simple poll"
978
" object.\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
}
982
983
{
984
AvahiServerConfig config;
985
/* Do not publish any local Zeroconf records */
986
avahi_server_config_init(&config);
987
config.publish_hinfo = 0;
988
config.publish_addresses = 0;
989
config.publish_workstation = 0;
990
config.publish_domain = 0;
991
992
/* Allocate a new server */
993
mc.server = avahi_server_new(avahi_simple_poll_get
994
(mc.simple_poll), &config, NULL,
995
NULL, &error);
996
997
/* Free the Avahi configuration data */
998
avahi_server_config_free(&config);
999
}
1000
1001
/* Check if creating the Avahi server object succeeded */
1002
if (mc.server == NULL) {
1003
fprintf(stderr, "Failed to create Avahi server: %s\n",
1004
avahi_strerror(error));
1005
exitcode = EXIT_FAILURE;
1006
goto end;
1007
}
1008
1009
/* Create the Avahi service browser */
1010
sb = avahi_s_service_browser_new(mc.server, if_index,
1011
AVAHI_PROTO_INET6,
1012
"_mandos._tcp", NULL, 0,
1013
browse_callback, &mc);
1014
if (sb == NULL) {
1015
fprintf(stderr, "Failed to create service browser: %s\n",
1016
avahi_strerror(avahi_server_errno(mc.server)));
1017
exitcode = EXIT_FAILURE;
1018
goto end;
1019
}
1020
1021
/* Run the main loop */
1022
1023
if (debug){
1024
fprintf(stderr, "Starting Avahi loop search\n");
1025
}
1026
1027
avahi_simple_poll_loop(mc.simple_poll);
1028
1494
1029
end:
1495
1496
if(debug){
1497
fprintf(stderr, "%s exiting\n", argv[0]);
1498
}
1499
1500
/* Cleanup things */
1501
if(sb != NULL)
1502
avahi_s_service_browser_free(sb);
1503
1504
if(mc.server != NULL)
1505
avahi_server_free(mc.server);
1506
1507
if(mc.simple_poll != NULL)
1508
avahi_simple_poll_free(mc.simple_poll);
1509
1510
if(gnutls_initialized){
1511
gnutls_certificate_free_credentials(mc.cred);
1512
gnutls_global_deinit();
1513
gnutls_dh_params_deinit(mc.dh_params);
1514
}
1515
1516
if(gpgme_initialized){
1517
gpgme_release(mc.ctx);
1518
}
1519
1520
/* Take down the network interface */
1521
if(take_down_interface){
1522
/* Re-raise priviliges */
1523
errno = 0;
1524
ret = seteuid(0);
1525
if(ret == -1){
1526
perror("seteuid");
1527
}
1528
if(geteuid() == 0){
1529
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1530
if(ret == -1){
1531
perror("ioctl SIOCGIFFLAGS");
1532
} else if(network.ifr_flags & IFF_UP) {
1533
network.ifr_flags &= ~IFF_UP; /* clear flag */
1534
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1535
if(ret == -1){
1536
perror("ioctl SIOCSIFFLAGS");
1537
}
1538
}
1539
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1540
if(ret == -1){
1541
perror("close");
1542
}
1543
/* Lower privileges permanently */
1544
errno = 0;
1545
ret = setuid(uid);
1546
if(ret == -1){
1547
perror("setuid");
1548
}
1549
}
1550
}
1551
1552
/* Removes the temp directory used by GPGME */
1553
if(tempdir_created){
1554
DIR *d;
1555
struct dirent *direntry;
1556
d = opendir(tempdir);
1557
if(d == NULL){
1558
if(errno != ENOENT){
1559
perror("opendir");
1560
}
1561
} else {
1562
while(true){
1563
direntry = readdir(d);
1564
if(direntry == NULL){
1565
break;
1566
}
1567
/* Skip "." and ".." */
1568
if(direntry->d_name[0] == '.'
1569
and (direntry->d_name[1] == '\0'
1570
or (direntry->d_name[1] == '.'
1571
and direntry->d_name[2] == '\0'))){
1572
continue;
1573
}
1574
char *fullname = NULL;
1575
ret = asprintf(&fullname, "%s/%s", tempdir,
1576
direntry->d_name);
1577
if(ret < 0){
1578
perror("asprintf");
1579
continue;
1580
}
1581
ret = remove(fullname);
1582
if(ret == -1){
1583
fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1584
strerror(errno));
1585
}
1586
free(fullname);
1587
}
1588
closedir(d);
1589
}
1590
ret = rmdir(tempdir);
1591
if(ret == -1 and errno != ENOENT){
1592
perror("rmdir");
1593
}
1594
}
1595
1596
if(quit_now){
1597
sigemptyset(&old_sigterm_action.sa_mask);
1598
old_sigterm_action.sa_handler = SIG_DFL;
1599
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
1600
&old_sigterm_action,
1601
NULL));
1602
if(ret == -1){
1603
perror("sigaction");
1604
}
1605
do {
1606
ret = raise(signal_received);
1607
} while(ret != 0 and errno == EINTR);
1608
if(ret != 0){
1609
perror("raise");
1610
abort();
1611
}
1612
TEMP_FAILURE_RETRY(pause());
1613
}
1614
1615
return exitcode;
1030
1031
if (debug){
1032
fprintf(stderr, "%s exiting\n", argv[0]);
1033
}
1034
1035
/* Cleanup things */
1036
if (sb != NULL)
1037
avahi_s_service_browser_free(sb);
1038
1039
if (mc.server != NULL)
1040
avahi_server_free(mc.server);
1041
1042
if (mc.simple_poll != NULL)
1043
avahi_simple_poll_free(mc.simple_poll);
1044
free(pubkeyfilename);
1045
free(seckeyfilename);
1046
1047
if (gnutls_initalized){
1048
gnutls_certificate_free_credentials(mc.cred);
1049
gnutls_global_deinit ();
1050
}
1051
1052
return exitcode;
1616
1053
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0