/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

* mandos (main): Bug fix: Do setgid before setuid.  Add verbose GnuTLS
                 debugging messages.
* plugins.d/mandos-client.c (main): Bug fix: Do setgid before setuid.

Show diffs side-by-side

added added

removed removed

Lines of Context:
36
36
#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY(), asprintf() */
37
37
 
38
38
#include <stdio.h>              /* fprintf(), stderr, fwrite(),
39
 
                                   stdout, ferror(), sscanf */
 
39
                                   stdout, ferror(), sscanf(),
 
40
                                   remove() */
40
41
#include <stdint.h>             /* uint16_t, uint32_t */
41
42
#include <stddef.h>             /* NULL, size_t, ssize_t */
42
43
#include <stdlib.h>             /* free(), EXIT_SUCCESS, EXIT_FAILURE,
153
154
  
154
155
  
155
156
  /*
156
 
   * Helper function to insert pub and seckey to the enigne keyring.
 
157
   * Helper function to insert pub and seckey to the engine keyring.
157
158
   */
158
159
  bool import_key(const char *filename){
159
160
    int fd;
831
832
    gid_t gid;
832
833
    char *connect_to = NULL;
833
834
    char tempdir[] = "/tmp/mandosXXXXXX";
 
835
    bool tempdir_created = false;
834
836
    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
835
837
    const char *seckey = PATHDIR "/" SECKEY;
836
838
    const char *pubkey = PATHDIR "/" PUBKEY;
838
840
    mandos_context mc = { .simple_poll = NULL, .server = NULL,
839
841
                          .dh_bits = 1024, .priority = "SECURE256"
840
842
                          ":!CTYPE-X.509:+CTYPE-OPENPGP" };
841
 
    bool gnutls_initalized = false;
842
 
    bool gpgme_initalized = false;
 
843
    bool gnutls_initialized = false;
 
844
    bool gpgme_initialized = false;
843
845
    
844
846
    {
845
847
      struct argp_option options[] = {
959
961
    uid = getuid();
960
962
    gid = getgid();
961
963
    
 
964
    setgid(gid);
 
965
    if(ret == -1){
 
966
      perror("setgid");
 
967
    }
 
968
    
962
969
    ret = setuid(uid);
963
970
    if(ret == -1){
964
971
      perror("setuid");
965
972
    }
966
973
    
967
 
    setgid(gid);
968
 
    if(ret == -1){
969
 
      perror("setgid");
970
 
    }
971
 
    
972
974
    ret = init_gnutls_global(&mc, pubkey, seckey);
973
975
    if(ret == -1){
974
976
      fprintf(stderr, "init_gnutls_global failed\n");
975
977
      exitcode = EXIT_FAILURE;
976
978
      goto end;
977
979
    } else {
978
 
      gnutls_initalized = true;
 
980
      gnutls_initialized = true;
979
981
    }
980
982
    
981
983
    if(mkdtemp(tempdir) == NULL){
982
984
      perror("mkdtemp");
983
 
      tempdir[0] = '\0';
984
985
      goto end;
985
986
    }
 
987
    tempdir_created = true;
986
988
    
987
989
    if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
988
 
      fprintf(stderr, "gpgme_initalized failed\n");
 
990
      fprintf(stderr, "init_gpgme failed\n");
989
991
      exitcode = EXIT_FAILURE;
990
992
      goto end;
991
993
    } else {
992
 
      gpgme_initalized = true;
 
994
      gpgme_initialized = true;
993
995
    }
994
996
    
995
997
    if_index = (AvahiIfIndex) if_nametoindex(interface);
996
998
    if(if_index == 0){
997
999
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
998
 
      exit(EXIT_FAILURE);
 
1000
      exitcode = EXIT_FAILURE;
 
1001
      goto end;
999
1002
    }
1000
1003
    
1001
1004
    if(connect_to != NULL){
1105
1108
    if(mc.simple_poll != NULL)
1106
1109
        avahi_simple_poll_free(mc.simple_poll);
1107
1110
    
1108
 
    if(gnutls_initalized){
 
1111
    if(gnutls_initialized){
1109
1112
      gnutls_certificate_free_credentials(mc.cred);
1110
1113
      gnutls_global_deinit();
1111
1114
      gnutls_dh_params_deinit(mc.dh_params);
1112
1115
    }
1113
1116
    
1114
 
    if(gpgme_initalized){
 
1117
    if(gpgme_initialized){
1115
1118
      gpgme_release(mc.ctx);
1116
1119
    }
1117
1120
    
1118
1121
    /* Removes the temp directory used by GPGME */
1119
 
    if(tempdir[0] != '\0'){
 
1122
    if(tempdir_created){
1120
1123
      DIR *d;
1121
1124
      struct dirent *direntry;
1122
1125
      d = opendir(tempdir);
1130
1133
          if(direntry == NULL){
1131
1134
            break;
1132
1135
          }
1133
 
          if(direntry->d_type == DT_REG){
1134
 
            char *fullname = NULL;
1135
 
            ret = asprintf(&fullname, "%s/%s", tempdir,
1136
 
                           direntry->d_name);
1137
 
            if(ret < 0){
1138
 
              perror("asprintf");
1139
 
              continue;
1140
 
            }
1141
 
            ret = unlink(fullname);
1142
 
            if(ret == -1){
1143
 
              fprintf(stderr, "unlink(\"%s\"): %s",
1144
 
                      fullname, strerror(errno));
1145
 
            }
1146
 
            free(fullname);
1147
 
          }
 
1136
          /* Skip "." and ".." */
 
1137
          if(direntry->d_name[0] == '.'
 
1138
             and (direntry->d_name[1] == '\0'
 
1139
                  or (direntry->d_name[1] == '.'
 
1140
                      and direntry->d_name[2] == '\0'))){
 
1141
            continue;
 
1142
          }
 
1143
          char *fullname = NULL;
 
1144
          ret = asprintf(&fullname, "%s/%s", tempdir,
 
1145
                         direntry->d_name);
 
1146
          if(ret < 0){
 
1147
            perror("asprintf");
 
1148
            continue;
 
1149
          }
 
1150
          ret = remove(fullname);
 
1151
          if(ret == -1){
 
1152
            fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
 
1153
                    strerror(errno));
 
1154
          }
 
1155
          free(fullname);
1148
1156
        }
1149
1157
        closedir(d);
1150
1158
      }
1153
1161
        perror("rmdir");
1154
1162
      }
1155
1163
    }
1156
 
          
 
1164
    
1157
1165
    return exitcode;
1158
1166
}