(root)/mandos/release
» Revision
237.2.126
(compared to revision 24.1.11)
: plugins.d/mandos-client.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.2.126
- compare with another revision
- download diff
- download tarball
- view history from revision 237.2.126
- Committer: Teddy Hogeborn
- Date: 2009-09-07 07:48:59 UTC
- mto: (24.1.140 mandos) (237.12.2 mandos-persistent) (299.1.1 release) (300.1.1 release) (301.1.1 release)
- mto: This revision was merged to the branch mainline in revision 264.
- Revision ID: teddy@fukt.bsnet.se-20090907074859-nv2nni1wwib5hi10
* plugin-runner.c: Minor stylistic changes.
* plugins.d/askpass-fifo.c: Changed contact information and did minor
stylistic changes.
* plugins.d/mandos-client.c: Minor stylistic changes.
* plugins.d/password-prompt.c: Changed contact information.
* plugins.d/splashy.c: Changed contact information.
(main): Changed error handling design. Bug fix: Will now be much
more tolerant against signals. Bug fix: Will now re-raise
signal received.
* plugins.d/usplash.c: Changed contact information and did minor
stylistic changes.
* plugins.d/askpass-fifo.c: Changed contact information and did minor
stylistic changes.
* plugins.d/mandos-client.c: Minor stylistic changes.
* plugins.d/password-prompt.c: Changed contact information.
* plugins.d/splashy.c: Changed contact information.
(main): Changed error handling design. Bug fix: Will now be much
more tolerant against signals. Bug fix: Will now re-raise
signal received.
* plugins.d/usplash.c: Changed contact information and did minor
stylistic changes.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
3
* Mandos-client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
13
14
*
14
15
* This program is free software: you can redistribute it and/or
15
16
* modify it under the terms of the GNU General Public License as
29
30
*/
30
31
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
32
34
#define _LARGEFILE_SOURCE
35
#endif
36
#ifndef _FILE_OFFSET_BITS
33
37
#define _FILE_OFFSET_BITS 64
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
43
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
44
38
#endif
39
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
#include <stdint.h> /* uint16_t, uint32_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
47
srand(), strtof() */
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open() */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect() */
59
#include <fcntl.h> /* open() */
60
#include <dirent.h> /* opendir(), struct dirent, readdir()
61
*/
62
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
strtoimax() */
64
#include <assert.h> /* assert() */
65
#include <errno.h> /* perror(), errno */
66
#include <time.h> /* nanosleep(), time() */
67
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
68
SIOCSIFFLAGS, if_indextoname(),
69
if_nametoindex(), IF_NAMESIZE */
70
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
71
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
*/
73
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
74
getuid(), getgid(), setuid(),
75
setgid() */
76
#include <arpa/inet.h> /* inet_pton(), htons */
77
#include <iso646.h> /* not, or, and */
78
#include <argp.h> /* struct argp_option, error_t, struct
79
argp_state, struct argp,
80
argp_parse(), ARGP_KEY_ARG,
81
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
82
#include <signal.h> /* sigemptyset(), sigaddset(),
83
sigaction(), SIGTERM, sig_atomic_t,
84
raise() */
85
86
#ifdef __linux__
87
#include <sys/klog.h> /* klogctl() */
88
#endif /* __linux__ */
89
90
/* Avahi */
91
/* All Avahi types, constants and functions
92
Avahi*, avahi_*,
93
AVAHI_* */
45
94
#include <avahi-core/core.h>
46
95
#include <avahi-core/lookup.h>
47
96
#include <avahi-core/log.h>
49
98
#include <avahi-common/malloc.h>
50
99
#include <avahi-common/error.h>
51
100
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
101
/* GnuTLS */
102
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
103
functions:
104
gnutls_*
105
init_gnutls_session(),
106
GNUTLS_* */
107
#include <gnutls/openpgp.h>
108
/* gnutls_certificate_set_openpgp_key_file(),
109
GNUTLS_OPENPGP_FMT_BASE64 */
110
111
/* GPGME */
112
#include <gpgme.h> /* All GPGME types, constants and
113
functions:
114
gpgme_*
115
GPGME_PROTOCOL_OpenPGP,
116
GPG_ERR_NO_* */
72
117
73
118
#define BUFFER_SIZE 256
74
#define DH_BITS 1024
75
119
76
static const char *certdir = "/conf/conf.d/mandos";
77
static const char *certfile = "openpgp-client.txt";
78
static const char *certkey = "openpgp-client-key.txt";
120
#define PATHDIR "/conf/conf.d/mandos"
121
#define SECKEY "seckey.txt"
122
#define PUBKEY "pubkey.txt"
79
123
80
124
bool debug = false;
81
82
const char mandos_protocol_version[] = "1";
83
125
static const char mandos_protocol_version[] = "1";
126
const char *argp_program_version = "mandos-client " VERSION;
127
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
128
129
/* Used for passing in values through the Avahi callback functions */
84
130
typedef struct {
85
131
AvahiSimplePoll *simple_poll;
86
132
AvahiServer *server;
87
133
gnutls_certificate_credentials_t cred;
88
134
unsigned int dh_bits;
135
gnutls_dh_params_t dh_params;
89
136
const char *priority;
137
gpgme_ctx_t ctx;
90
138
} mandos_context;
91
139
92
size_t adjustbuffer(char *buffer, size_t buffer_length,
140
/* global context so signal handler can reach it*/
141
mandos_context mc = { .simple_poll = NULL, .server = NULL,
142
.dh_bits = 1024, .priority = "SECURE256"
143
":!CTYPE-X.509:+CTYPE-OPENPGP" };
144
145
/*
146
* Make additional room in "buffer" for at least BUFFER_SIZE more
147
* bytes. "buffer_capacity" is how much is currently allocated,
148
* "buffer_length" is how much is already used.
149
*/
150
size_t incbuffer(char **buffer, size_t buffer_length,
93
151
size_t buffer_capacity){
94
if (buffer_length + BUFFER_SIZE > buffer_capacity){
95
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
96
if (buffer == NULL){
152
if(buffer_length + BUFFER_SIZE > buffer_capacity){
153
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
154
if(buffer == NULL){
97
155
return 0;
98
156
}
99
157
buffer_capacity += BUFFER_SIZE;
101
159
return buffer_capacity;
102
160
}
103
161
104
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
105
char **new_packet,
106
const char *homedir){
107
gpgme_data_t dh_crypto, dh_plain;
108
gpgme_ctx_t ctx;
162
/*
163
* Initialize GPGME.
164
*/
165
static bool init_gpgme(const char *seckey,
166
const char *pubkey, const char *tempdir){
109
167
gpgme_error_t rc;
110
ssize_t ret;
111
size_t new_packet_capacity = 0;
112
ssize_t new_packet_length = 0;
113
168
gpgme_engine_info_t engine_info;
114
115
if (debug){
116
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
169
170
171
/*
172
* Helper function to insert pub and seckey to the engine keyring.
173
*/
174
bool import_key(const char *filename){
175
int ret;
176
int fd;
177
gpgme_data_t pgp_data;
178
179
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
180
if(fd == -1){
181
perror("open");
182
return false;
183
}
184
185
rc = gpgme_data_new_from_fd(&pgp_data, fd);
186
if(rc != GPG_ERR_NO_ERROR){
187
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
188
gpgme_strsource(rc), gpgme_strerror(rc));
189
return false;
190
}
191
192
rc = gpgme_op_import(mc.ctx, pgp_data);
193
if(rc != GPG_ERR_NO_ERROR){
194
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
195
gpgme_strsource(rc), gpgme_strerror(rc));
196
return false;
197
}
198
199
ret = (int)TEMP_FAILURE_RETRY(close(fd));
200
if(ret == -1){
201
perror("close");
202
}
203
gpgme_data_release(pgp_data);
204
return true;
205
}
206
207
if(debug){
208
fprintf(stderr, "Initializing GPGME\n");
117
209
}
118
210
119
211
/* Init GPGME */
120
212
gpgme_check_version(NULL);
121
213
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
122
if (rc != GPG_ERR_NO_ERROR){
214
if(rc != GPG_ERR_NO_ERROR){
123
215
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
124
216
gpgme_strsource(rc), gpgme_strerror(rc));
125
return -1;
217
return false;
126
218
}
127
219
128
/* Set GPGME home directory */
129
rc = gpgme_get_engine_info (&engine_info);
130
if (rc != GPG_ERR_NO_ERROR){
220
/* Set GPGME home directory for the OpenPGP engine only */
221
rc = gpgme_get_engine_info(&engine_info);
222
if(rc != GPG_ERR_NO_ERROR){
131
223
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
132
224
gpgme_strsource(rc), gpgme_strerror(rc));
133
return -1;
225
return false;
134
226
}
135
227
while(engine_info != NULL){
136
228
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
137
229
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
138
engine_info->file_name, homedir);
230
engine_info->file_name, tempdir);
139
231
break;
140
232
}
141
233
engine_info = engine_info->next;
142
234
}
143
235
if(engine_info == NULL){
144
fprintf(stderr, "Could not set home dir to %s\n", homedir);
145
return -1;
146
}
147
148
/* Create new GPGME data buffer from packet buffer */
149
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
150
if (rc != GPG_ERR_NO_ERROR){
236
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
237
return false;
238
}
239
240
/* Create new GPGME "context" */
241
rc = gpgme_new(&(mc.ctx));
242
if(rc != GPG_ERR_NO_ERROR){
243
fprintf(stderr, "bad gpgme_new: %s: %s\n",
244
gpgme_strsource(rc), gpgme_strerror(rc));
245
return false;
246
}
247
248
if(not import_key(pubkey) or not import_key(seckey)){
249
return false;
250
}
251
252
return true;
253
}
254
255
/*
256
* Decrypt OpenPGP data.
257
* Returns -1 on error
258
*/
259
static ssize_t pgp_packet_decrypt(const char *cryptotext,
260
size_t crypto_size,
261
char **plaintext){
262
gpgme_data_t dh_crypto, dh_plain;
263
gpgme_error_t rc;
264
ssize_t ret;
265
size_t plaintext_capacity = 0;
266
ssize_t plaintext_length = 0;
267
268
if(debug){
269
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
270
}
271
272
/* Create new GPGME data buffer from memory cryptotext */
273
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
274
0);
275
if(rc != GPG_ERR_NO_ERROR){
151
276
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
152
277
gpgme_strsource(rc), gpgme_strerror(rc));
153
278
return -1;
155
280
156
281
/* Create new empty GPGME data buffer for the plaintext */
157
282
rc = gpgme_data_new(&dh_plain);
158
if (rc != GPG_ERR_NO_ERROR){
283
if(rc != GPG_ERR_NO_ERROR){
159
284
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
160
285
gpgme_strsource(rc), gpgme_strerror(rc));
161
return -1;
162
}
163
164
/* Create new GPGME "context" */
165
rc = gpgme_new(&ctx);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_new: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return -1;
170
}
171
172
/* Decrypt data from the FILE pointer to the plaintext data
173
buffer */
174
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
175
if (rc != GPG_ERR_NO_ERROR){
286
gpgme_data_release(dh_crypto);
287
return -1;
288
}
289
290
/* Decrypt data from the cryptotext data buffer to the plaintext
291
data buffer */
292
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
293
if(rc != GPG_ERR_NO_ERROR){
176
294
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
177
295
gpgme_strsource(rc), gpgme_strerror(rc));
178
return -1;
179
}
180
181
if(debug){
182
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
183
}
184
185
if (debug){
186
gpgme_decrypt_result_t result;
187
result = gpgme_op_decrypt_result(ctx);
188
if (result == NULL){
189
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
190
} else {
191
fprintf(stderr, "Unsupported algorithm: %s\n",
192
result->unsupported_algorithm);
193
fprintf(stderr, "Wrong key usage: %d\n",
194
result->wrong_key_usage);
195
if(result->file_name != NULL){
196
fprintf(stderr, "File name: %s\n", result->file_name);
197
}
198
gpgme_recipient_t recipient;
199
recipient = result->recipients;
200
if(recipient){
296
plaintext_length = -1;
297
if(debug){
298
gpgme_decrypt_result_t result;
299
result = gpgme_op_decrypt_result(mc.ctx);
300
if(result == NULL){
301
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
302
} else {
303
fprintf(stderr, "Unsupported algorithm: %s\n",
304
result->unsupported_algorithm);
305
fprintf(stderr, "Wrong key usage: %u\n",
306
result->wrong_key_usage);
307
if(result->file_name != NULL){
308
fprintf(stderr, "File name: %s\n", result->file_name);
309
}
310
gpgme_recipient_t recipient;
311
recipient = result->recipients;
201
312
while(recipient != NULL){
202
313
fprintf(stderr, "Public key algorithm: %s\n",
203
314
gpgme_pubkey_algo_name(recipient->pubkey_algo));
209
320
}
210
321
}
211
322
}
323
goto decrypt_end;
212
324
}
213
325
214
/* Delete the GPGME FILE pointer cryptotext data buffer */
215
gpgme_data_release(dh_crypto);
326
if(debug){
327
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
328
}
216
329
217
330
/* Seek back to the beginning of the GPGME plaintext data buffer */
218
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
219
perror("pgpme_data_seek");
331
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
332
perror("gpgme_data_seek");
333
plaintext_length = -1;
334
goto decrypt_end;
220
335
}
221
336
222
*new_packet = 0;
337
*plaintext = NULL;
223
338
while(true){
224
new_packet_capacity = adjustbuffer(*new_packet, new_packet_length,
225
new_packet_capacity);
226
if (new_packet_capacity == 0){
227
perror("adjustbuffer");
228
return -1;
229
}
230
new_packet_capacity += BUFFER_SIZE;
339
plaintext_capacity = incbuffer(plaintext,
340
(size_t)plaintext_length,
341
plaintext_capacity);
342
if(plaintext_capacity == 0){
343
perror("incbuffer");
344
plaintext_length = -1;
345
goto decrypt_end;
231
346
}
232
347
233
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
348
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
234
349
BUFFER_SIZE);
235
350
/* Print the data, if any */
236
if (ret == 0){
351
if(ret == 0){
352
/* EOF */
237
353
break;
238
354
}
239
355
if(ret < 0){
240
356
perror("gpgme_data_read");
241
return -1;
242
}
243
new_packet_length += ret;
244
}
245
246
/* FIXME: check characters before printing to screen so to not print
247
terminal control characters */
248
/* if(debug){ */
249
/* fprintf(stderr, "decrypted password is: "); */
250
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
251
/* fprintf(stderr, "\n"); */
252
/* } */
357
plaintext_length = -1;
358
goto decrypt_end;
359
}
360
plaintext_length += ret;
361
}
362
363
if(debug){
364
fprintf(stderr, "Decrypted password is: ");
365
for(ssize_t i = 0; i < plaintext_length; i++){
366
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
367
}
368
fprintf(stderr, "\n");
369
}
370
371
decrypt_end:
372
373
/* Delete the GPGME cryptotext data buffer */
374
gpgme_data_release(dh_crypto);
253
375
254
376
/* Delete the GPGME plaintext data buffer */
255
377
gpgme_data_release(dh_plain);
256
return new_packet_length;
378
return plaintext_length;
257
379
}
258
380
259
static const char * safer_gnutls_strerror (int value) {
260
const char *ret = gnutls_strerror (value);
261
if (ret == NULL)
381
static const char * safer_gnutls_strerror(int value){
382
const char *ret = gnutls_strerror(value); /* Spurious warning from
383
-Wunreachable-code */
384
if(ret == NULL)
262
385
ret = "(unknown)";
263
386
return ret;
264
387
}
265
388
389
/* GnuTLS log function callback */
266
390
static void debuggnutls(__attribute__((unused)) int level,
267
391
const char* string){
268
fprintf(stderr, "%s", string);
392
fprintf(stderr, "GnuTLS: %s", string);
269
393
}
270
394
271
static int initgnutls(mandos_context *mc){
272
const char *err;
395
static int init_gnutls_global(const char *pubkeyfilename,
396
const char *seckeyfilename){
273
397
int ret;
274
398
275
399
if(debug){
276
400
fprintf(stderr, "Initializing GnuTLS\n");
277
401
}
278
279
if ((ret = gnutls_global_init ())
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
402
403
ret = gnutls_global_init();
404
if(ret != GNUTLS_E_SUCCESS){
405
fprintf(stderr, "GnuTLS global_init: %s\n",
406
safer_gnutls_strerror(ret));
282
407
return -1;
283
408
}
284
285
if (debug){
409
410
if(debug){
411
/* "Use a log level over 10 to enable all debugging options."
412
* - GnuTLS manual
413
*/
286
414
gnutls_global_set_log_level(11);
287
415
gnutls_global_set_log_function(debuggnutls);
288
416
}
289
417
290
/* openpgp credentials */
291
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
292
!= GNUTLS_E_SUCCESS) {
293
fprintf (stderr, "memory error: %s\n",
294
safer_gnutls_strerror(ret));
418
/* OpenPGP credentials */
419
gnutls_certificate_allocate_credentials(&mc.cred);
420
if(ret != GNUTLS_E_SUCCESS){
421
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
422
from
423
-Wunreachable-code
424
*/
425
safer_gnutls_strerror(ret));
426
gnutls_global_deinit();
295
427
return -1;
296
428
}
297
429
298
430
if(debug){
299
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
300
" and keyfile %s as GnuTLS credentials\n", certfile,
301
certkey);
431
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
432
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
433
seckeyfilename);
302
434
}
303
435
304
436
ret = gnutls_certificate_set_openpgp_key_file
305
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
306
if (ret != GNUTLS_E_SUCCESS) {
307
fprintf
308
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
309
" '%s')\n",
310
ret, certfile, certkey);
311
fprintf(stdout, "The Error is: %s\n",
312
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
//GnuTLS server initialization
317
if ((ret = gnutls_dh_params_init (&es->dh_params))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf (stderr, "Error in dh parameter initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
return -1;
322
}
323
324
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf (stderr, "Error in prime generation: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
332
333
// GnuTLS session creation
334
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
335
!= GNUTLS_E_SUCCESS){
437
(mc.cred, pubkeyfilename, seckeyfilename,
438
GNUTLS_OPENPGP_FMT_BASE64);
439
if(ret != GNUTLS_E_SUCCESS){
440
fprintf(stderr,
441
"Error[%d] while reading the OpenPGP key pair ('%s',"
442
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
443
fprintf(stderr, "The GnuTLS error is: %s\n",
444
safer_gnutls_strerror(ret));
445
goto globalfail;
446
}
447
448
/* GnuTLS server initialization */
449
ret = gnutls_dh_params_init(&mc.dh_params);
450
if(ret != GNUTLS_E_SUCCESS){
451
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
452
" %s\n", safer_gnutls_strerror(ret));
453
goto globalfail;
454
}
455
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
456
if(ret != GNUTLS_E_SUCCESS){
457
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
458
safer_gnutls_strerror(ret));
459
goto globalfail;
460
}
461
462
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
463
464
return 0;
465
466
globalfail:
467
468
gnutls_certificate_free_credentials(mc.cred);
469
gnutls_global_deinit();
470
gnutls_dh_params_deinit(mc.dh_params);
471
return -1;
472
}
473
474
static int init_gnutls_session(gnutls_session_t *session){
475
int ret;
476
/* GnuTLS session creation */
477
ret = gnutls_init(session, GNUTLS_SERVER);
478
if(ret != GNUTLS_E_SUCCESS){
336
479
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
337
480
safer_gnutls_strerror(ret));
338
481
}
339
482
340
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
341
!= GNUTLS_E_SUCCESS) {
342
fprintf(stderr, "Syntax error at: %s\n", err);
343
fprintf(stderr, "GnuTLS error: %s\n",
344
safer_gnutls_strerror(ret));
345
return -1;
483
{
484
const char *err;
485
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
486
if(ret != GNUTLS_E_SUCCESS){
487
fprintf(stderr, "Syntax error at: %s\n", err);
488
fprintf(stderr, "GnuTLS error: %s\n",
489
safer_gnutls_strerror(ret));
490
gnutls_deinit(*session);
491
return -1;
492
}
346
493
}
347
494
348
if ((ret = gnutls_credentials_set
349
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
350
!= GNUTLS_E_SUCCESS) {
351
fprintf(stderr, "Error setting a credentials set: %s\n",
495
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
496
mc.cred);
497
if(ret != GNUTLS_E_SUCCESS){
498
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
352
499
safer_gnutls_strerror(ret));
500
gnutls_deinit(*session);
353
501
return -1;
354
502
}
355
503
356
504
/* ignore client certificate if any. */
357
gnutls_certificate_server_set_request (es->session,
358
GNUTLS_CERT_IGNORE);
505
gnutls_certificate_server_set_request(*session,
506
GNUTLS_CERT_IGNORE);
359
507
360
gnutls_dh_set_prime_bits (es->session, DH_BITS);
508
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
361
509
362
510
return 0;
363
511
}
364
512
513
/* Avahi log function callback */
365
514
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
366
515
__attribute__((unused)) const char *txt){}
367
516
517
sig_atomic_t quit_now = 0;
518
int signal_received = 0;
519
520
/* Called when a Mandos server is found */
368
521
static int start_mandos_communication(const char *ip, uint16_t port,
369
522
AvahiIfIndex if_index,
370
mandos_context *mc){
371
int ret, tcp_sd;
372
struct sockaddr_in6 to;
373
encrypted_session es;
523
int af){
524
int ret, tcp_sd = -1;
525
ssize_t sret;
526
union {
527
struct sockaddr_in in;
528
struct sockaddr_in6 in6;
529
} to;
374
530
char *buffer = NULL;
375
531
char *decrypted_buffer;
376
532
size_t buffer_length = 0;
377
533
size_t buffer_capacity = 0;
378
ssize_t decrypted_buffer_size;
379
534
size_t written;
380
535
int retval = 0;
381
char interface[IF_NAMESIZE];
536
gnutls_session_t session;
537
int pf; /* Protocol family */
538
539
if(quit_now){
540
return -1;
541
}
542
543
switch(af){
544
case AF_INET6:
545
pf = PF_INET6;
546
break;
547
case AF_INET:
548
pf = PF_INET;
549
break;
550
default:
551
fprintf(stderr, "Bad address family: %d\n", af);
552
return -1;
553
}
554
555
ret = init_gnutls_session(&session);
556
if(ret != 0){
557
return -1;
558
}
382
559
383
560
if(debug){
384
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
385
ip, port);
561
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
562
"\n", ip, port);
386
563
}
387
564
388
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
389
if(tcp_sd < 0) {
565
tcp_sd = socket(pf, SOCK_STREAM, 0);
566
if(tcp_sd < 0){
390
567
perror("socket");
391
return -1;
392
}
393
394
if(debug){
395
if(if_indextoname((unsigned int)if_index, interface) == NULL){
396
if(debug){
397
perror("if_indextoname");
398
}
399
return -1;
400
}
401
402
fprintf(stderr, "Binding to interface %s\n", interface);
403
}
404
405
memset(&to,0,sizeof(to)); /* Spurious warning */
406
to.sin6_family = AF_INET6;
407
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
408
if (ret < 0 ){
568
retval = -1;
569
goto mandos_end;
570
}
571
572
if(quit_now){
573
goto mandos_end;
574
}
575
576
memset(&to, 0, sizeof(to));
577
if(af == AF_INET6){
578
to.in6.sin6_family = (sa_family_t)af;
579
ret = inet_pton(af, ip, &to.in6.sin6_addr);
580
} else { /* IPv4 */
581
to.in.sin_family = (sa_family_t)af;
582
ret = inet_pton(af, ip, &to.in.sin_addr);
583
}
584
if(ret < 0 ){
409
585
perror("inet_pton");
410
return -1;
411
}
586
retval = -1;
587
goto mandos_end;
588
}
412
589
if(ret == 0){
413
590
fprintf(stderr, "Bad address: %s\n", ip);
414
return -1;
415
}
416
to.sin6_port = htons(port); /* Spurious warning */
591
retval = -1;
592
goto mandos_end;
593
}
594
if(af == AF_INET6){
595
to.in6.sin6_port = htons(port); /* Spurious warnings from
596
-Wconversion and
597
-Wunreachable-code */
598
599
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
600
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
601
-Wunreachable-code*/
602
if(if_index == AVAHI_IF_UNSPEC){
603
fprintf(stderr, "An IPv6 link-local address is incomplete"
604
" without a network interface\n");
605
retval = -1;
606
goto mandos_end;
607
}
608
/* Set the network interface number as scope */
609
to.in6.sin6_scope_id = (uint32_t)if_index;
610
}
611
} else {
612
to.in.sin_port = htons(port); /* Spurious warnings from
613
-Wconversion and
614
-Wunreachable-code */
615
}
417
616
418
to.sin6_scope_id = (uint32_t)if_index;
617
if(quit_now){
618
goto mandos_end;
619
}
419
620
420
621
if(debug){
421
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
422
/* char addrstr[INET6_ADDRSTRLEN]; */
423
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
424
/* sizeof(addrstr)) == NULL){ */
425
/* perror("inet_ntop"); */
426
/* } else { */
427
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
428
/* addrstr, ntohs(to.sin6_port)); */
429
/* } */
430
}
431
432
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
433
if (ret < 0){
622
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
623
char interface[IF_NAMESIZE];
624
if(if_indextoname((unsigned int)if_index, interface) == NULL){
625
perror("if_indextoname");
626
} else {
627
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
628
ip, interface, port);
629
}
630
} else {
631
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
632
port);
633
}
634
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
635
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
636
const char *pcret;
637
if(af == AF_INET6){
638
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
639
sizeof(addrstr));
640
} else {
641
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
642
sizeof(addrstr));
643
}
644
if(pcret == NULL){
645
perror("inet_ntop");
646
} else {
647
if(strcmp(addrstr, ip) != 0){
648
fprintf(stderr, "Canonical address form: %s\n", addrstr);
649
}
650
}
651
}
652
653
if(quit_now){
654
goto mandos_end;
655
}
656
657
if(af == AF_INET6){
658
ret = connect(tcp_sd, &to.in6, sizeof(to));
659
} else {
660
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
661
}
662
if(ret < 0){
434
663
perror("connect");
435
return -1;
436
}
437
438
char *out = mandos_protocol_version;
664
retval = -1;
665
goto mandos_end;
666
}
667
668
if(quit_now){
669
goto mandos_end;
670
}
671
672
const char *out = mandos_protocol_version;
439
673
written = 0;
440
while (true){
674
while(true){
441
675
size_t out_size = strlen(out);
442
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
676
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
443
677
out_size - written));
444
if (ret == -1){
678
if(ret == -1){
445
679
perror("write");
446
680
retval = -1;
447
goto end;
681
goto mandos_end;
448
682
}
449
written += ret;
683
written += (size_t)ret;
450
684
if(written < out_size){
451
685
continue;
452
686
} else {
453
if (out == mandos_protocol_version){
687
if(out == mandos_protocol_version){
454
688
written = 0;
455
689
out = "\r\n";
456
690
} else {
457
691
break;
458
692
}
459
693
}
460
}
461
462
ret = initgnutls (&es);
463
if (ret != 0){
464
retval = -1;
465
return -1;
466
}
467
694
468
gnutls_transport_set_ptr (es.session,
469
(gnutls_transport_ptr_t) tcp_sd);
695
if(quit_now){
696
goto mandos_end;
697
}
698
}
470
699
471
700
if(debug){
472
701
fprintf(stderr, "Establishing TLS session with %s\n", ip);
473
702
}
474
703
475
ret = gnutls_handshake (es.session);
476
477
if (ret != GNUTLS_E_SUCCESS){
704
if(quit_now){
705
goto mandos_end;
706
}
707
708
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
709
710
if(quit_now){
711
goto mandos_end;
712
}
713
714
do {
715
ret = gnutls_handshake(session);
716
if(quit_now){
717
goto mandos_end;
718
}
719
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
720
721
if(ret != GNUTLS_E_SUCCESS){
478
722
if(debug){
479
fprintf(stderr, "\n*** Handshake failed ***\n");
480
gnutls_perror (ret);
723
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
724
gnutls_perror(ret);
481
725
}
482
726
retval = -1;
483
goto exit;
727
goto mandos_end;
484
728
}
485
729
486
//Retrieve OpenPGP packet that contains the wanted password
730
/* Read OpenPGP packet that contains the wanted password */
487
731
488
732
if(debug){
489
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
733
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
490
734
ip);
491
735
}
492
736
493
737
while(true){
494
buffer_capacity = adjustbuffer(buffer, buffer_length, buffer_capacity);
495
if (buffer_capacity == 0){
496
perror("adjustbuffer");
738
739
if(quit_now){
740
goto mandos_end;
741
}
742
743
buffer_capacity = incbuffer(&buffer, buffer_length,
744
buffer_capacity);
745
if(buffer_capacity == 0){
746
perror("incbuffer");
497
747
retval = -1;
498
goto exit;
499
}
500
501
ret = gnutls_record_recv
502
(es.session, buffer+buffer_length, BUFFER_SIZE);
503
if (ret == 0){
748
goto mandos_end;
749
}
750
751
if(quit_now){
752
goto mandos_end;
753
}
754
755
sret = gnutls_record_recv(session, buffer+buffer_length,
756
BUFFER_SIZE);
757
if(sret == 0){
504
758
break;
505
759
}
506
if (ret < 0){
507
switch(ret){
760
if(sret < 0){
761
switch(sret){
508
762
case GNUTLS_E_INTERRUPTED:
509
763
case GNUTLS_E_AGAIN:
510
764
break;
511
765
case GNUTLS_E_REHANDSHAKE:
512
ret = gnutls_handshake (es.session);
513
if (ret < 0){
514
fprintf(stderr, "\n*** Handshake failed ***\n");
515
gnutls_perror (ret);
766
do {
767
ret = gnutls_handshake(session);
768
769
if(quit_now){
770
goto mandos_end;
771
}
772
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
773
if(ret < 0){
774
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
775
gnutls_perror(ret);
516
776
retval = -1;
517
goto exit;
777
goto mandos_end;
518
778
}
519
779
break;
520
780
default:
521
781
fprintf(stderr, "Unknown error while reading data from"
522
" encrypted session with mandos server\n");
782
" encrypted session with Mandos server\n");
523
783
retval = -1;
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
goto exit;
784
gnutls_bye(session, GNUTLS_SHUT_RDWR);
785
goto mandos_end;
526
786
}
527
787
} else {
528
buffer_length += (size_t) ret;
788
buffer_length += (size_t) sret;
529
789
}
530
790
}
531
791
532
if (buffer_length > 0){
792
if(debug){
793
fprintf(stderr, "Closing TLS session\n");
794
}
795
796
if(quit_now){
797
goto mandos_end;
798
}
799
800
gnutls_bye(session, GNUTLS_SHUT_RDWR);
801
802
if(quit_now){
803
goto mandos_end;
804
}
805
806
if(buffer_length > 0){
807
ssize_t decrypted_buffer_size;
533
808
decrypted_buffer_size = pgp_packet_decrypt(buffer,
534
809
buffer_length,
535
&decrypted_buffer,
536
certdir);
537
if (decrypted_buffer_size >= 0){
810
&decrypted_buffer);
811
if(decrypted_buffer_size >= 0){
812
538
813
written = 0;
539
814
while(written < (size_t) decrypted_buffer_size){
540
ret = (int)fwrite (decrypted_buffer + written, 1,
541
(size_t)decrypted_buffer_size - written,
542
stdout);
815
if(quit_now){
816
goto mandos_end;
817
}
818
819
ret = (int)fwrite(decrypted_buffer + written, 1,
820
(size_t)decrypted_buffer_size - written,
821
stdout);
543
822
if(ret == 0 and ferror(stdout)){
544
823
if(debug){
545
824
fprintf(stderr, "Error writing encrypted data: %s\n",
554
833
} else {
555
834
retval = -1;
556
835
}
557
}
558
559
//shutdown procedure
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
836
} else {
837
retval = -1;
838
}
839
840
/* Shutdown procedure */
841
842
mandos_end:
565
843
free(buffer);
566
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
567
exit:
568
close(tcp_sd);
569
gnutls_deinit (es.session);
570
gnutls_certificate_free_credentials (es.cred);
571
gnutls_global_deinit ();
844
if(tcp_sd >= 0){
845
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
846
}
847
if(ret == -1){
848
perror("close");
849
}
850
gnutls_deinit(session);
851
if(quit_now){
852
retval = -1;
853
}
572
854
return retval;
573
855
}
574
856
575
static void resolve_callback( AvahiSServiceResolver *r,
576
AvahiIfIndex interface,
577
AVAHI_GCC_UNUSED AvahiProtocol protocol,
578
AvahiResolverEvent event,
579
const char *name,
580
const char *type,
581
const char *domain,
582
const char *host_name,
583
const AvahiAddress *address,
584
uint16_t port,
585
AVAHI_GCC_UNUSED AvahiStringList *txt,
586
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
587
AVAHI_GCC_UNUSED void* userdata) {
588
mandos_context *mc = userdata;
589
assert(r); /* Spurious warning */
857
static void resolve_callback(AvahiSServiceResolver *r,
858
AvahiIfIndex interface,
859
AvahiProtocol proto,
860
AvahiResolverEvent event,
861
const char *name,
862
const char *type,
863
const char *domain,
864
const char *host_name,
865
const AvahiAddress *address,
866
uint16_t port,
867
AVAHI_GCC_UNUSED AvahiStringList *txt,
868
AVAHI_GCC_UNUSED AvahiLookupResultFlags
869
flags,
870
AVAHI_GCC_UNUSED void* userdata){
871
assert(r);
590
872
591
873
/* Called whenever a service has been resolved successfully or
592
874
timed out */
593
875
594
switch (event) {
876
if(quit_now){
877
return;
878
}
879
880
switch(event){
595
881
default:
596
882
case AVAHI_RESOLVER_FAILURE:
597
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
598
" type '%s' in domain '%s': %s\n", name, type, domain,
599
avahi_strerror(avahi_server_errno(mc->server)));
883
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
884
" of type '%s' in domain '%s': %s\n", name, type, domain,
885
avahi_strerror(avahi_server_errno(mc.server)));
600
886
break;
601
887
602
888
case AVAHI_RESOLVER_FOUND:
604
890
char ip[AVAHI_ADDRESS_STR_MAX];
605
891
avahi_address_snprint(ip, sizeof(ip), address);
606
892
if(debug){
607
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
608
" port %d\n", name, host_name, ip, port);
893
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
894
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
895
ip, (intmax_t)interface, port);
609
896
}
610
int ret = start_mandos_communication(ip, port, interface, mc);
611
if (ret == 0){
612
exit(EXIT_SUCCESS);
897
int ret = start_mandos_communication(ip, port, interface,
898
avahi_proto_to_af(proto));
899
if(ret == 0){
900
avahi_simple_poll_quit(mc.simple_poll);
613
901
}
614
902
}
615
903
}
616
904
avahi_s_service_resolver_free(r);
617
905
}
618
906
619
static void browse_callback( AvahiSServiceBrowser *b,
620
AvahiIfIndex interface,
621
AvahiProtocol protocol,
622
AvahiBrowserEvent event,
623
const char *name,
624
const char *type,
625
const char *domain,
626
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
627
void* userdata) {
628
mandos_context *mc = userdata;
629
assert(b); /* Spurious warning */
907
static void browse_callback(AvahiSServiceBrowser *b,
908
AvahiIfIndex interface,
909
AvahiProtocol protocol,
910
AvahiBrowserEvent event,
911
const char *name,
912
const char *type,
913
const char *domain,
914
AVAHI_GCC_UNUSED AvahiLookupResultFlags
915
flags,
916
AVAHI_GCC_UNUSED void* userdata){
917
assert(b);
630
918
631
919
/* Called whenever a new services becomes available on the LAN or
632
920
is removed from the LAN */
633
921
634
switch (event) {
922
if(quit_now){
923
return;
924
}
925
926
switch(event){
635
927
default:
636
928
case AVAHI_BROWSER_FAILURE:
637
638
fprintf(stderr, "(Browser) %s\n",
639
avahi_strerror(avahi_server_errno(mc->server)));
640
avahi_simple_poll_quit(mc->simple_poll);
929
930
fprintf(stderr, "(Avahi browser) %s\n",
931
avahi_strerror(avahi_server_errno(mc.server)));
932
avahi_simple_poll_quit(mc.simple_poll);
641
933
return;
642
934
643
935
case AVAHI_BROWSER_NEW:
644
/* We ignore the returned resolver object. In the callback
645
function we free it. If the server is terminated before
646
the callback function is called the server will free
647
the resolver for us. */
648
649
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
650
type, domain,
651
AVAHI_PROTO_INET6, 0,
652
resolve_callback, mc)))
653
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
654
avahi_strerror(avahi_server_errno(s)));
936
/* We ignore the returned Avahi resolver object. In the callback
937
function we free it. If the Avahi server is terminated before
938
the callback function is called the Avahi server will free the
939
resolver for us. */
940
941
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
942
name, type, domain, protocol, 0,
943
resolve_callback, NULL) == NULL)
944
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
945
name, avahi_strerror(avahi_server_errno(mc.server)));
655
946
break;
656
947
657
948
case AVAHI_BROWSER_REMOVE:
658
949
break;
659
950
660
951
case AVAHI_BROWSER_ALL_FOR_NOW:
661
952
case AVAHI_BROWSER_CACHE_EXHAUSTED:
953
if(debug){
954
fprintf(stderr, "No Mandos server found, still searching...\n");
955
}
662
956
break;
663
957
}
664
958
}
665
959
666
/* Combines file name and path and returns the malloced new
667
string. some sane checks could/should be added */
668
static const char *combinepath(const char *first, const char *second){
669
size_t f_len = strlen(first);
670
size_t s_len = strlen(second);
671
char *tmp = malloc(f_len + s_len + 2);
672
if (tmp == NULL){
673
return NULL;
674
}
675
if(f_len > 0){
676
memcpy(tmp, first, f_len);
677
}
678
tmp[f_len] = '/';
679
if(s_len > 0){
680
memcpy(tmp + f_len + 1, second, s_len);
681
}
682
tmp[f_len + 1 + s_len] = '\0';
683
return tmp;
960
/* stop main loop after sigterm has been called */
961
static void handle_sigterm(int sig){
962
if(quit_now){
963
return;
964
}
965
quit_now = 1;
966
signal_received = sig;
967
int old_errno = errno;
968
if(mc.simple_poll != NULL){
969
avahi_simple_poll_quit(mc.simple_poll);
970
}
971
errno = old_errno;
684
972
}
685
973
686
687
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
688
AvahiServerConfig config;
689
AvahiSServiceBrowser *sb = NULL;
690
int error;
691
int ret;
692
int returncode = EXIT_SUCCESS;
693
const char *interface = "eth0";
694
struct ifreq network;
695
int sd;
696
char *connect_to = NULL;
697
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
698
mandos_context mc = { .simple_poll = NULL, .server = NULL,
699
.dh_bits = 2048, .priority = "SECURE256"};
974
int main(int argc, char *argv[]){
975
AvahiSServiceBrowser *sb = NULL;
976
int error;
977
int ret;
978
intmax_t tmpmax;
979
char *tmp;
980
int exitcode = EXIT_SUCCESS;
981
const char *interface = "eth0";
982
struct ifreq network;
983
int sd = -1;
984
bool take_down_interface = false;
985
uid_t uid;
986
gid_t gid;
987
char *connect_to = NULL;
988
char tempdir[] = "/tmp/mandosXXXXXX";
989
bool tempdir_created = false;
990
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
991
const char *seckey = PATHDIR "/" SECKEY;
992
const char *pubkey = PATHDIR "/" PUBKEY;
993
994
bool gnutls_initialized = false;
995
bool gpgme_initialized = false;
996
float delay = 2.5f;
997
998
struct sigaction old_sigterm_action;
999
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
1000
1001
{
1002
struct argp_option options[] = {
1003
{ .name = "debug", .key = 128,
1004
.doc = "Debug mode", .group = 3 },
1005
{ .name = "connect", .key = 'c',
1006
.arg = "ADDRESS:PORT",
1007
.doc = "Connect directly to a specific Mandos server",
1008
.group = 1 },
1009
{ .name = "interface", .key = 'i',
1010
.arg = "NAME",
1011
.doc = "Network interface that will be used to search for"
1012
" Mandos servers",
1013
.group = 1 },
1014
{ .name = "seckey", .key = 's',
1015
.arg = "FILE",
1016
.doc = "OpenPGP secret key file base name",
1017
.group = 1 },
1018
{ .name = "pubkey", .key = 'p',
1019
.arg = "FILE",
1020
.doc = "OpenPGP public key file base name",
1021
.group = 2 },
1022
{ .name = "dh-bits", .key = 129,
1023
.arg = "BITS",
1024
.doc = "Bit length of the prime number used in the"
1025
" Diffie-Hellman key exchange",
1026
.group = 2 },
1027
{ .name = "priority", .key = 130,
1028
.arg = "STRING",
1029
.doc = "GnuTLS priority string for the TLS handshake",
1030
.group = 1 },
1031
{ .name = "delay", .key = 131,
1032
.arg = "SECONDS",
1033
.doc = "Maximum delay to wait for interface startup",
1034
.group = 2 },
1035
{ .name = NULL }
1036
};
700
1037
701
while (true){
702
static struct option long_options[] = {
703
{"debug", no_argument, (int *)&debug, 1},
704
{"connect", required_argument, 0, 'C'},
705
{"interface", required_argument, 0, 'i'},
706
{"certdir", required_argument, 0, 'd'},
707
{"certkey", required_argument, 0, 'c'},
708
{"certfile", required_argument, 0, 'k'},
709
{"dh_bits", required_argument, 0, 'D'},
710
{"priority", required_argument, 0, 'p'},
711
{0, 0, 0, 0} };
712
713
int option_index = 0;
714
ret = getopt_long (argc, argv, "i:", long_options,
715
&option_index);
716
717
if (ret == -1){
718
break;
719
}
720
721
switch(ret){
722
case 0:
723
break;
724
case 'i':
725
interface = optarg;
726
break;
727
case 'C':
728
connect_to = optarg;
729
break;
730
case 'd':
731
certdir = optarg;
732
break;
733
case 'c':
734
certfile = optarg;
735
break;
736
case 'k':
737
certkey = optarg;
738
break;
739
case 'D':
740
{
741
long int tmp;
742
errno = 0;
743
tmp = strtol(optarg, NULL, 10);
744
if (errno == ERANGE){
745
perror("strtol");
746
exit(EXIT_FAILURE);
747
}
748
mc.dh_bits = tmp;
749
}
750
break;
751
case 'p':
752
mc.priority = optarg;
1038
error_t parse_opt(int key, char *arg,
1039
struct argp_state *state){
1040
switch(key){
1041
case 128: /* --debug */
1042
debug = true;
1043
break;
1044
case 'c': /* --connect */
1045
connect_to = arg;
1046
break;
1047
case 'i': /* --interface */
1048
interface = arg;
1049
break;
1050
case 's': /* --seckey */
1051
seckey = arg;
1052
break;
1053
case 'p': /* --pubkey */
1054
pubkey = arg;
1055
break;
1056
case 129: /* --dh-bits */
1057
errno = 0;
1058
tmpmax = strtoimax(arg, &tmp, 10);
1059
if(errno != 0 or tmp == arg or *tmp != '\0'
1060
or tmpmax != (typeof(mc.dh_bits))tmpmax){
1061
fprintf(stderr, "Bad number of DH bits\n");
1062
exit(EXIT_FAILURE);
1063
}
1064
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1065
break;
1066
case 130: /* --priority */
1067
mc.priority = arg;
1068
break;
1069
case 131: /* --delay */
1070
errno = 0;
1071
delay = strtof(arg, &tmp);
1072
if(errno != 0 or tmp == arg or *tmp != '\0'){
1073
fprintf(stderr, "Bad delay\n");
1074
exit(EXIT_FAILURE);
1075
}
1076
break;
1077
case ARGP_KEY_ARG:
1078
argp_usage(state);
1079
case ARGP_KEY_END:
753
1080
break;
754
1081
default:
755
exit(EXIT_FAILURE);
1082
return ARGP_ERR_UNKNOWN;
756
1083
}
757
}
758
759
certfile = combinepath(certdir, certfile);
760
if (certfile == NULL){
761
perror("combinepath");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
766
certkey = combinepath(certdir, certkey);
767
if (certkey == NULL){
768
perror("combinepath");
769
returncode = EXIT_FAILURE;
770
goto exit;
771
}
772
1084
return 0;
1085
}
1086
1087
struct argp argp = { .options = options, .parser = parse_opt,
1088
.args_doc = "",
1089
.doc = "Mandos client -- Get and decrypt"
1090
" passwords from a Mandos server" };
1091
ret = argp_parse(&argp, argc, argv, 0, 0, NULL);
1092
if(ret == ARGP_ERR_UNKNOWN){
1093
fprintf(stderr, "Unknown error while parsing arguments\n");
1094
exitcode = EXIT_FAILURE;
1095
goto end;
1096
}
1097
}
1098
1099
if(not debug){
1100
avahi_set_log_function(empty_log);
1101
}
1102
1103
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
1104
from the signal handler */
1105
/* Initialize the pseudo-RNG for Avahi */
1106
srand((unsigned int) time(NULL));
1107
mc.simple_poll = avahi_simple_poll_new();
1108
if(mc.simple_poll == NULL){
1109
fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1110
exitcode = EXIT_FAILURE;
1111
goto end;
1112
}
1113
1114
sigemptyset(&sigterm_action.sa_mask);
1115
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1116
if(ret == -1){
1117
perror("sigaddset");
1118
exitcode = EXIT_FAILURE;
1119
goto end;
1120
}
1121
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1122
if(ret == -1){
1123
perror("sigaddset");
1124
exitcode = EXIT_FAILURE;
1125
goto end;
1126
}
1127
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1128
if(ret == -1){
1129
perror("sigaddset");
1130
exitcode = EXIT_FAILURE;
1131
goto end;
1132
}
1133
/* Need to check if the handler is SIG_IGN before handling:
1134
| [[info:libc:Initial Signal Actions]] |
1135
| [[info:libc:Basic Signal Handling]] |
1136
*/
1137
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1138
if(ret == -1){
1139
perror("sigaction");
1140
return EXIT_FAILURE;
1141
}
1142
if(old_sigterm_action.sa_handler != SIG_IGN){
1143
ret = sigaction(SIGINT, &sigterm_action, NULL);
1144
if(ret == -1){
1145
perror("sigaction");
1146
exitcode = EXIT_FAILURE;
1147
goto end;
1148
}
1149
}
1150
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1151
if(ret == -1){
1152
perror("sigaction");
1153
return EXIT_FAILURE;
1154
}
1155
if(old_sigterm_action.sa_handler != SIG_IGN){
1156
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1157
if(ret == -1){
1158
perror("sigaction");
1159
exitcode = EXIT_FAILURE;
1160
goto end;
1161
}
1162
}
1163
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1164
if(ret == -1){
1165
perror("sigaction");
1166
return EXIT_FAILURE;
1167
}
1168
if(old_sigterm_action.sa_handler != SIG_IGN){
1169
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1170
if(ret == -1){
1171
perror("sigaction");
1172
exitcode = EXIT_FAILURE;
1173
goto end;
1174
}
1175
}
1176
1177
/* If the interface is down, bring it up */
1178
if(interface[0] != '\0'){
773
1179
if_index = (AvahiIfIndex) if_nametoindex(interface);
774
1180
if(if_index == 0){
775
1181
fprintf(stderr, "No such interface: \"%s\"\n", interface);
776
exit(EXIT_FAILURE);
777
}
778
779
if(connect_to != NULL){
780
/* Connect directly, do not use Zeroconf */
781
/* (Mainly meant for debugging) */
782
char *address = strrchr(connect_to, ':');
783
if(address == NULL){
784
fprintf(stderr, "No colon in address\n");
785
exit(EXIT_FAILURE);
786
}
787
errno = 0;
788
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
789
if(errno){
790
perror("Bad port number");
791
exit(EXIT_FAILURE);
792
}
793
*address = '\0';
794
address = connect_to;
795
ret = start_mandos_communication(address, port, if_index);
796
if(ret < 0){
797
exit(EXIT_FAILURE);
798
} else {
799
exit(EXIT_SUCCESS);
800
}
801
}
1182
exitcode = EXIT_FAILURE;
1183
goto end;
1184
}
1185
1186
if(quit_now){
1187
goto end;
1188
}
1189
1190
#ifdef __linux__
1191
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1192
messages to mess up the prompt */
1193
ret = klogctl(8, NULL, 5);
1194
bool restore_loglevel = true;
1195
if(ret == -1){
1196
restore_loglevel = false;
1197
perror("klogctl");
1198
}
1199
#endif /* __linux__ */
802
1200
803
1201
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
804
if(sd < 0) {
1202
if(sd < 0){
805
1203
perror("socket");
806
returncode = EXIT_FAILURE;
807
goto exit;
1204
exitcode = EXIT_FAILURE;
1205
#ifdef __linux__
1206
if(restore_loglevel){
1207
ret = klogctl(7, NULL, 0);
1208
if(ret == -1){
1209
perror("klogctl");
1210
}
1211
}
1212
#endif /* __linux__ */
1213
goto end;
808
1214
}
809
strcpy(network.ifr_name, interface);
1215
strcpy(network.ifr_name, interface);
810
1216
ret = ioctl(sd, SIOCGIFFLAGS, &network);
811
1217
if(ret == -1){
812
813
1218
perror("ioctl SIOCGIFFLAGS");
814
returncode = EXIT_FAILURE;
815
goto exit;
1219
#ifdef __linux__
1220
if(restore_loglevel){
1221
ret = klogctl(7, NULL, 0);
1222
if(ret == -1){
1223
perror("klogctl");
1224
}
1225
}
1226
#endif /* __linux__ */
1227
exitcode = EXIT_FAILURE;
1228
goto end;
816
1229
}
817
1230
if((network.ifr_flags & IFF_UP) == 0){
818
1231
network.ifr_flags |= IFF_UP;
1232
take_down_interface = true;
819
1233
ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
1234
if(ret == -1){
1235
take_down_interface = false;
821
1236
perror("ioctl SIOCSIFFLAGS");
822
returncode = EXIT_FAILURE;
823
goto exit;
824
}
825
}
826
close(sd);
827
828
if (not debug){
829
avahi_set_log_function(empty_log);
830
}
831
832
/* Initialize the psuedo-RNG */
833
srand((unsigned int) time(NULL));
834
835
/* Allocate main loop object */
836
if (!(mc.simple_poll = avahi_simple_poll_new())) {
837
fprintf(stderr, "Failed to create simple poll object.\n");
838
returncode = EXIT_FAILURE;
839
goto exit;
840
}
841
842
/* Do not publish any local records */
1237
exitcode = EXIT_FAILURE;
1238
#ifdef __linux__
1239
if(restore_loglevel){
1240
ret = klogctl(7, NULL, 0);
1241
if(ret == -1){
1242
perror("klogctl");
1243
}
1244
}
1245
#endif /* __linux__ */
1246
goto end;
1247
}
1248
}
1249
/* sleep checking until interface is running */
1250
for(int i=0; i < delay * 4; i++){
1251
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1252
if(ret == -1){
1253
perror("ioctl SIOCGIFFLAGS");
1254
} else if(network.ifr_flags & IFF_RUNNING){
1255
break;
1256
}
1257
struct timespec sleeptime = { .tv_nsec = 250000000 };
1258
ret = nanosleep(&sleeptime, NULL);
1259
if(ret == -1 and errno != EINTR){
1260
perror("nanosleep");
1261
}
1262
}
1263
if(not take_down_interface){
1264
/* We won't need the socket anymore */
1265
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1266
if(ret == -1){
1267
perror("close");
1268
}
1269
}
1270
#ifdef __linux__
1271
if(restore_loglevel){
1272
/* Restores kernel loglevel to default */
1273
ret = klogctl(7, NULL, 0);
1274
if(ret == -1){
1275
perror("klogctl");
1276
}
1277
}
1278
#endif /* __linux__ */
1279
}
1280
1281
if(quit_now){
1282
goto end;
1283
}
1284
1285
uid = getuid();
1286
gid = getgid();
1287
1288
errno = 0;
1289
setgid(gid);
1290
if(ret == -1){
1291
perror("setgid");
1292
}
1293
1294
ret = setuid(uid);
1295
if(ret == -1){
1296
perror("setuid");
1297
}
1298
1299
if(quit_now){
1300
goto end;
1301
}
1302
1303
ret = init_gnutls_global(pubkey, seckey);
1304
if(ret == -1){
1305
fprintf(stderr, "init_gnutls_global failed\n");
1306
exitcode = EXIT_FAILURE;
1307
goto end;
1308
} else {
1309
gnutls_initialized = true;
1310
}
1311
1312
if(quit_now){
1313
goto end;
1314
}
1315
1316
tempdir_created = true;
1317
if(mkdtemp(tempdir) == NULL){
1318
tempdir_created = false;
1319
perror("mkdtemp");
1320
goto end;
1321
}
1322
1323
if(quit_now){
1324
goto end;
1325
}
1326
1327
if(not init_gpgme(pubkey, seckey, tempdir)){
1328
fprintf(stderr, "init_gpgme failed\n");
1329
exitcode = EXIT_FAILURE;
1330
goto end;
1331
} else {
1332
gpgme_initialized = true;
1333
}
1334
1335
if(quit_now){
1336
goto end;
1337
}
1338
1339
if(connect_to != NULL){
1340
/* Connect directly, do not use Zeroconf */
1341
/* (Mainly meant for debugging) */
1342
char *address = strrchr(connect_to, ':');
1343
if(address == NULL){
1344
fprintf(stderr, "No colon in address\n");
1345
exitcode = EXIT_FAILURE;
1346
goto end;
1347
}
1348
1349
if(quit_now){
1350
goto end;
1351
}
1352
1353
uint16_t port;
1354
errno = 0;
1355
tmpmax = strtoimax(address+1, &tmp, 10);
1356
if(errno != 0 or tmp == address+1 or *tmp != '\0'
1357
or tmpmax != (uint16_t)tmpmax){
1358
fprintf(stderr, "Bad port number\n");
1359
exitcode = EXIT_FAILURE;
1360
goto end;
1361
}
1362
1363
if(quit_now){
1364
goto end;
1365
}
1366
1367
port = (uint16_t)tmpmax;
1368
*address = '\0';
1369
address = connect_to;
1370
/* Colon in address indicates IPv6 */
1371
int af;
1372
if(strchr(address, ':') != NULL){
1373
af = AF_INET6;
1374
} else {
1375
af = AF_INET;
1376
}
1377
1378
if(quit_now){
1379
goto end;
1380
}
1381
1382
ret = start_mandos_communication(address, port, if_index, af);
1383
if(ret < 0){
1384
exitcode = EXIT_FAILURE;
1385
} else {
1386
exitcode = EXIT_SUCCESS;
1387
}
1388
goto end;
1389
}
1390
1391
if(quit_now){
1392
goto end;
1393
}
1394
1395
{
1396
AvahiServerConfig config;
1397
/* Do not publish any local Zeroconf records */
843
1398
avahi_server_config_init(&config);
844
1399
config.publish_hinfo = 0;
845
1400
config.publish_addresses = 0;
846
1401
config.publish_workstation = 0;
847
1402
config.publish_domain = 0;
848
1403
849
1404
/* Allocate a new server */
850
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
851
&config, NULL, NULL, &error);
852
853
/* Free the configuration data */
1405
mc.server = avahi_server_new(avahi_simple_poll_get
1406
(mc.simple_poll), &config, NULL,
1407
NULL, &error);
1408
1409
/* Free the Avahi configuration data */
854
1410
avahi_server_config_free(&config);
855
856
/* Check if creating the server object succeeded */
857
if (!mc.server) {
858
fprintf(stderr, "Failed to create server: %s\n",
859
avahi_strerror(error));
860
returncode = EXIT_FAILURE;
861
goto exit;
862
}
863
864
/* Create the service browser */
865
sb = avahi_s_service_browser_new(mc.server, if_index,
866
AVAHI_PROTO_INET6,
867
"_mandos._tcp", NULL, 0,
868
browse_callback, &mc);
869
if (!sb) {
870
fprintf(stderr, "Failed to create service browser: %s\n",
871
avahi_strerror(avahi_server_errno(mc.server)));
872
returncode = EXIT_FAILURE;
873
goto exit;
874
}
875
876
/* Run the main loop */
877
878
if (debug){
879
fprintf(stderr, "Starting avahi loop search\n");
880
}
881
882
avahi_simple_poll_loop(simple_poll);
883
884
exit:
885
886
if (debug){
887
fprintf(stderr, "%s exiting\n", argv[0]);
888
}
889
890
/* Cleanup things */
891
if (sb)
892
avahi_s_service_browser_free(sb);
893
894
if (mc.server)
895
avahi_server_free(mc.server);
896
897
if (simple_poll)
898
avahi_simple_poll_free(simple_poll);
899
free(certfile);
900
free(certkey);
901
902
return returncode;
1411
}
1412
1413
/* Check if creating the Avahi server object succeeded */
1414
if(mc.server == NULL){
1415
fprintf(stderr, "Failed to create Avahi server: %s\n",
1416
avahi_strerror(error));
1417
exitcode = EXIT_FAILURE;
1418
goto end;
1419
}
1420
1421
if(quit_now){
1422
goto end;
1423
}
1424
1425
/* Create the Avahi service browser */
1426
sb = avahi_s_service_browser_new(mc.server, if_index,
1427
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
1428
NULL, 0, browse_callback, NULL);
1429
if(sb == NULL){
1430
fprintf(stderr, "Failed to create service browser: %s\n",
1431
avahi_strerror(avahi_server_errno(mc.server)));
1432
exitcode = EXIT_FAILURE;
1433
goto end;
1434
}
1435
1436
if(quit_now){
1437
goto end;
1438
}
1439
1440
/* Run the main loop */
1441
1442
if(debug){
1443
fprintf(stderr, "Starting Avahi loop search\n");
1444
}
1445
1446
avahi_simple_poll_loop(mc.simple_poll);
1447
1448
end:
1449
1450
if(debug){
1451
fprintf(stderr, "%s exiting\n", argv[0]);
1452
}
1453
1454
/* Cleanup things */
1455
if(sb != NULL)
1456
avahi_s_service_browser_free(sb);
1457
1458
if(mc.server != NULL)
1459
avahi_server_free(mc.server);
1460
1461
if(mc.simple_poll != NULL)
1462
avahi_simple_poll_free(mc.simple_poll);
1463
1464
if(gnutls_initialized){
1465
gnutls_certificate_free_credentials(mc.cred);
1466
gnutls_global_deinit();
1467
gnutls_dh_params_deinit(mc.dh_params);
1468
}
1469
1470
if(gpgme_initialized){
1471
gpgme_release(mc.ctx);
1472
}
1473
1474
/* Take down the network interface */
1475
if(take_down_interface){
1476
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1477
if(ret == -1){
1478
perror("ioctl SIOCGIFFLAGS");
1479
} else if(network.ifr_flags & IFF_UP) {
1480
network.ifr_flags &= ~IFF_UP; /* clear flag */
1481
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1482
if(ret == -1){
1483
perror("ioctl SIOCSIFFLAGS");
1484
}
1485
}
1486
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1487
if(ret == -1){
1488
perror("close");
1489
}
1490
}
1491
1492
/* Removes the temp directory used by GPGME */
1493
if(tempdir_created){
1494
DIR *d;
1495
struct dirent *direntry;
1496
d = opendir(tempdir);
1497
if(d == NULL){
1498
if(errno != ENOENT){
1499
perror("opendir");
1500
}
1501
} else {
1502
while(true){
1503
direntry = readdir(d);
1504
if(direntry == NULL){
1505
break;
1506
}
1507
/* Skip "." and ".." */
1508
if(direntry->d_name[0] == '.'
1509
and (direntry->d_name[1] == '\0'
1510
or (direntry->d_name[1] == '.'
1511
and direntry->d_name[2] == '\0'))){
1512
continue;
1513
}
1514
char *fullname = NULL;
1515
ret = asprintf(&fullname, "%s/%s", tempdir,
1516
direntry->d_name);
1517
if(ret < 0){
1518
perror("asprintf");
1519
continue;
1520
}
1521
ret = remove(fullname);
1522
if(ret == -1){
1523
fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1524
strerror(errno));
1525
}
1526
free(fullname);
1527
}
1528
closedir(d);
1529
}
1530
ret = rmdir(tempdir);
1531
if(ret == -1 and errno != ENOENT){
1532
perror("rmdir");
1533
}
1534
}
1535
1536
if(quit_now){
1537
sigemptyset(&old_sigterm_action.sa_mask);
1538
old_sigterm_action.sa_handler = SIG_DFL;
1539
ret = sigaction(signal_received, &old_sigterm_action, NULL);
1540
if(ret == -1){
1541
perror("sigaction");
1542
}
1543
raise(signal_received);
1544
}
1545
1546
return exitcode;
903
1547
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0