/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

* debian/watch: New file.

* debian/mandos-client.README.Debian (Emergency Escape): New section;
                                                         document the
                                                         "mandos=off"
                                                         kernel
                                                         parameter.
* initramfs-tools-script: Exit if kernel has parameter "mandos=off".

Show diffs side-by-side

added added

removed removed

Lines of Context:
60
60
#include <inttypes.h>           /* PRIu16, intmax_t, SCNdMAX */
61
61
#include <assert.h>             /* assert() */
62
62
#include <errno.h>              /* perror(), errno */
63
 
#include <time.h>               /* time(), nanosleep() */
 
63
#include <time.h>               /* time() */
64
64
#include <net/if.h>             /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
65
65
                                   SIOCSIFFLAGS, if_indextoname(),
66
66
                                   if_nametoindex(), IF_NAMESIZE */
74
74
                                   argp_state, struct argp,
75
75
                                   argp_parse(), ARGP_KEY_ARG,
76
76
                                   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
77
 
#include <sys/klog.h>           /* klogctl() */
78
77
 
79
78
/* Avahi */
80
79
/* All Avahi types, constants and functions
841
840
                          ":!CTYPE-X.509:+CTYPE-OPENPGP" };
842
841
    bool gnutls_initalized = false;
843
842
    bool gpgme_initalized = false;
844
 
    double delay = 2.5;
845
843
    
846
844
    {
847
845
      struct argp_option options[] = {
873
871
          .arg = "STRING",
874
872
          .doc = "GnuTLS priority string for the TLS handshake",
875
873
          .group = 1 },
876
 
        { .name = "delay", .key = 131,
877
 
          .arg = "SECONDS",
878
 
          .doc = "Maximum delay to wait for interface startup",
879
 
          .group = 2 },
880
874
        { .name = NULL }
881
875
      };
882
876
      
910
904
        case 130:               /* --priority */
911
905
          mc.priority = arg;
912
906
          break;
913
 
        case 131:               /* --delay */
914
 
          ret = sscanf(arg, "%lf%n", &delay, &numchars);
915
 
          if(ret < 1 or arg[numchars] != '\0'){
916
 
            fprintf(stderr, "Bad delay\n");
917
 
            exit(EXIT_FAILURE);
918
 
          }
919
 
          break;
920
907
        case ARGP_KEY_ARG:
921
908
          argp_usage(state);
922
909
        case ARGP_KEY_END:
941
928
    
942
929
    /* If the interface is down, bring it up */
943
930
    {
944
 
      // Lower kernel loglevel to KERN_NOTICE to avoid
945
 
      // KERN_INFO messages to mess up the prompt
946
 
      ret = klogctl(8, NULL, 5);
947
 
      if(ret == -1){
948
 
        perror("klogctl");
949
 
      }
950
 
 
951
931
      sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
952
932
      if(sd < 0) {
953
933
        perror("socket");
954
934
        exitcode = EXIT_FAILURE;
955
 
        ret = klogctl(7, NULL, 0);
956
 
        if(ret == -1){
957
 
          perror("klogctl");
958
 
        }
959
935
        goto end;
960
936
      }
961
937
      strcpy(network.ifr_name, interface);
962
938
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
963
939
      if(ret == -1){
964
940
        perror("ioctl SIOCGIFFLAGS");
965
 
        ret = klogctl(7, NULL, 0);
966
 
        if(ret == -1){
967
 
          perror("klogctl");
968
 
        }
969
941
        exitcode = EXIT_FAILURE;
970
942
        goto end;
971
943
      }
975
947
        if(ret == -1){
976
948
          perror("ioctl SIOCSIFFLAGS");
977
949
          exitcode = EXIT_FAILURE;
978
 
          ret = klogctl(7, NULL, 0);
979
 
          if(ret == -1){
980
 
            perror("klogctl");
981
 
          }
982
950
          goto end;
983
951
        }
984
952
      }
985
 
      // sleep checking until interface is running
986
 
      for(int i=0; i < delay * 4; i++){
987
 
        ret = ioctl(sd, SIOCGIFFLAGS, &network);
988
 
        if(ret == -1){
989
 
          perror("ioctl SIOCGIFFLAGS");
990
 
        } else if(network.ifr_flags & IFF_RUNNING){
991
 
          break;
992
 
        }
993
 
        struct timespec sleeptime = { .tv_nsec = 250000000 };
994
 
        nanosleep(&sleeptime, NULL);
995
 
      }
996
953
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
997
954
      if(ret == -1){
998
955
        perror("close");
999
956
      }
1000
 
      // Restores kernel loglevel to default
1001
 
      ret = klogctl(7, NULL, 0);
1002
 
      if(ret == -1){
1003
 
        perror("klogctl");
1004
 
      }
1005
957
    }
1006
958
    
1007
959
    uid = getuid();
1134
1086
    if(debug){
1135
1087
      fprintf(stderr, "Starting Avahi loop search\n");
1136
1088
    }
1137
 
 
 
1089
    
1138
1090
    avahi_simple_poll_loop(mc.simple_poll);
1139
1091
    
1140
1092
 end: