/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2014-07-25 22:44:20 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 321.
  • Revision ID: teddy@recompile.se-20140725224420-4a5ct2ptt0hsc92z
Require Python 2.7.

This is in preparation for the eventual move to Python 3, which will
happen as soon as all Python modules required by Mandos are available.
The mandos-ctl and mandos-monitor programs are already portable
between Python 2.6 and Python 3 without changes; this change will
bring the requirement up to Python 2.7.

* INSTALL (Prerequisites/Libraries/Mandos Server): Document
                                                   requirement of
                                                   Python 2.7; remove
                                                   Python-argparse
                                                   which is in the
                                                   Python 2.7 standard
                                                   library.
* debian/control (Source: mandos/Build-Depends-Indep): Depend on
                                                       exactly the
                                                       python2.7
                                                       package and all
                                                       the Python 2.7
                                                       versions of the
                                                       python modules.
  (Package: mandos/Depends): - '' - but still depend on python (<=2.7)
                            and the generic versions of the Python
                            modules; this is for mandos-ctl and
                            mandos-monitor, both of which are
                            compatible with Python 3, and use
                            #!/usr/bin/python.
* mandos: Use #!/usr/bin/python2.7 instead of #!/usr/bin/python.

Show diffs side-by-side

added added

removed removed

Lines of Context:
234
234
                          .af = af };
235
235
  if(new_server->ip == NULL){
236
236
    perror_plus("strdup");
 
237
    free(new_server);
237
238
    return false;
238
239
  }
239
240
  ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
240
241
  if(ret == -1){
241
242
    perror_plus("clock_gettime");
 
243
#ifdef __GNUC__
 
244
#pragma GCC diagnostic push
 
245
#pragma GCC diagnostic ignored "-Wcast-qual"
 
246
#endif
 
247
    free((char *)(new_server->ip));
 
248
#ifdef __GNUC__
 
249
#pragma GCC diagnostic pop
 
250
#endif
 
251
    free(new_server);
242
252
    return false;
243
253
  }
244
254
  /* Special case of first server */
1066
1076
     timed out */
1067
1077
  
1068
1078
  if(quit_now){
 
1079
    avahi_s_service_resolver_free(r);
1069
1080
    return;
1070
1081
  }
1071
1082
  
1458
1469
  error_t ret_errno = 0;
1459
1470
  if(seteuid(0) == -1){
1460
1471
    ret_errno = errno;
1461
 
    perror_plus("seteuid");
1462
1472
  }
1463
1473
  errno = old_errno;
1464
1474
  return ret_errno;
1475
1485
  }
1476
1486
  if(setuid(0) == -1){
1477
1487
    ret_errno = errno;
1478
 
    perror_plus("seteuid");
1479
1488
  }
1480
1489
  errno = old_errno;
1481
1490
  return ret_errno;
1488
1497
  error_t ret_errno = 0;
1489
1498
  if(seteuid(uid) == -1){
1490
1499
    ret_errno = errno;
1491
 
    perror_plus("seteuid");
1492
1500
  }
1493
1501
  errno = old_errno;
1494
1502
  return ret_errno;
1501
1509
  error_t ret_errno = 0;
1502
1510
  if(setuid(uid) == -1){
1503
1511
    ret_errno = errno;
1504
 
    perror_plus("setuid");
1505
1512
  }
1506
1513
  errno = old_errno;
1507
1514
  return ret_errno;
1510
1517
__attribute__((nonnull))
1511
1518
void run_network_hooks(const char *mode, const char *interface,
1512
1519
                       const float delay){
1513
 
  struct dirent **direntries;
 
1520
  struct dirent **direntries = NULL;
1514
1521
  if(hookdir_fd == -1){
1515
1522
    hookdir_fd = open(hookdir, O_RDONLY);
1516
1523
    if(hookdir_fd == -1){
1554
1561
    if(hook_pid == 0){
1555
1562
      /* Child */
1556
1563
      /* Raise privileges */
1557
 
      if(raise_privileges_permanently() != 0){
 
1564
      errno = raise_privileges_permanently();
 
1565
      if(errno != 0){
1558
1566
        perror_plus("Failed to raise privileges");
1559
1567
        _exit(EX_NOPERM);
1560
1568
      }
1645
1653
      int status;
1646
1654
      if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1647
1655
        perror_plus("waitpid");
 
1656
        free(direntry);
1648
1657
        continue;
1649
1658
      }
1650
1659
      if(WIFEXITED(status)){
1652
1661
          fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1653
1662
                       " with status %d\n", direntry->d_name,
1654
1663
                       WEXITSTATUS(status));
 
1664
          free(direntry);
1655
1665
          continue;
1656
1666
        }
1657
1667
      } else if(WIFSIGNALED(status)){
1658
1668
        fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1659
1669
                     " signal %d\n", direntry->d_name,
1660
1670
                     WTERMSIG(status));
 
1671
        free(direntry);
1661
1672
        continue;
1662
1673
      } else {
1663
1674
        fprintf_plus(stderr, "Warning: network hook \"%s\""
1664
1675
                     " crashed\n", direntry->d_name);
 
1676
        free(direntry);
1665
1677
        continue;
1666
1678
      }
1667
1679
    }
1669
1681
      fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1670
1682
                   direntry->d_name);
1671
1683
    }
 
1684
    free(direntry);
1672
1685
  }
 
1686
  free(direntries);
1673
1687
  if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1674
1688
    perror_plus("close");
1675
1689
  } else {
1732
1746
    /* Raise privileges */
1733
1747
    ret_errno = raise_privileges();
1734
1748
    if(ret_errno != 0){
 
1749
      errno = ret_errno;
1735
1750
      perror_plus("Failed to raise privileges");
1736
1751
    }
1737
1752
    
1841
1856
    /* Raise privileges */
1842
1857
    ret_errno = raise_privileges();
1843
1858
    if(ret_errno != 0){
 
1859
      errno = ret_errno;
1844
1860
      perror_plus("Failed to raise privileges");
1845
1861
    }
1846
1862
    
2265
2281
        if(ret_errno != 0){
2266
2282
          errno = ret_errno;
2267
2283
          perror_plus("argz_add");
 
2284
          free(direntries[i]);
2268
2285
          continue;
2269
2286
        }
2270
2287
        if(debug){
2271
2288
          fprintf_plus(stderr, "Will use interface \"%s\"\n",
2272
2289
                       direntries[i]->d_name);
2273
2290
        }
 
2291
        free(direntries[i]);
2274
2292
      }
2275
2293
      free(direntries);
2276
2294
    } else {
2277
 
      free(direntries);
 
2295
      if(ret == 0){
 
2296
        free(direntries);
 
2297
      }
2278
2298
      fprintf_plus(stderr, "Could not find a network interface\n");
2279
2299
      exitcode = EXIT_FAILURE;
2280
2300
      goto end;
2544
2564
    mc.current_server->prev->next = NULL;
2545
2565
    while(mc.current_server != NULL){
2546
2566
      server *next = mc.current_server->next;
 
2567
#ifdef __GNUC__
 
2568
#pragma GCC diagnostic push
 
2569
#pragma GCC diagnostic ignored "-Wcast-qual"
 
2570
#endif
 
2571
      free((char *)(mc.current_server->ip));
 
2572
#ifdef __GNUC__
 
2573
#pragma GCC diagnostic pop
 
2574
#endif
2547
2575
      free(mc.current_server);
2548
2576
      mc.current_server = next;
2549
2577
    }
2553
2581
  {
2554
2582
    ret_errno = raise_privileges();
2555
2583
    if(ret_errno != 0){
 
2584
      errno = ret_errno;
2556
2585
      perror_plus("Failed to raise privileges");
2557
2586
    } else {
2558
2587
      
2581
2610
    
2582
2611
    ret_errno = lower_privileges_permanently();
2583
2612
    if(ret_errno != 0){
 
2613
      errno = ret_errno;
2584
2614
      perror_plus("Failed to lower privileges permanently");
2585
2615
    }
2586
2616
  }
2608
2638
      int numentries = scandir(tempdir, &direntries, notdotentries,
2609
2639
                               alphasort);
2610
2640
#endif  /* not __GLIBC__ */
2611
 
      if(numentries > 0){
 
2641
      if(numentries >= 0){
2612
2642
        for(int i = 0; i < numentries; i++){
2613
2643
          ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2614
2644
          if(ret == -1){
2616
2646
                         " \"%s\", 0): %s\n", tempdir,
2617
2647
                         direntries[i]->d_name, strerror(errno));
2618
2648
          }
 
2649
          free(direntries[i]);
2619
2650
        }
2620
2651
        
2621
2652
        /* need to clean even if 0 because man page doesn't specify */