47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy(), strsignal()
50
asprintf(), strncpy() */
52
51
#include <sys/ioctl.h> /* ioctl */
53
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
54
53
sockaddr_in6, PF_INET6,
58
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
59
58
inet_pton(), connect(),
61
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
62
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
67
EAI_SYSTEM, ENETUNREACH,
68
EHOSTUNREACH, ECONNREFUSED, EPROTO,
69
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
65
#include <errno.h> /* perror(), errno,
71
66
program_invocation_short_name */
72
67
#include <time.h> /* nanosleep(), time(), sleep() */
73
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
518
513
fprintf_plus(stderr, "GnuTLS: %s", string);
521
__attribute__((nonnull(1, 2, 4), warn_unused_result))
516
__attribute__((nonnull, warn_unused_result))
522
517
static int init_gnutls_global(const char *pubkeyfilename,
523
518
const char *seckeyfilename,
524
519
const char *dhparamsfilename,
530
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
528
ret = gnutls_global_init();
529
if(ret != GNUTLS_E_SUCCESS){
530
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
531
safer_gnutls_strerror(ret));
534
536
/* "Use a log level over 10 to enable all debugging options."
535
537
* - GnuTLS manual
820
823
/* Set effective uid to 0, return errno */
821
824
__attribute__((warn_unused_result))
822
int raise_privileges(void){
823
int old_errno = errno;
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
825
828
if(seteuid(0) == -1){
828
831
errno = old_errno;
832
835
/* Set effective and real user ID to 0. Return errno. */
833
836
__attribute__((warn_unused_result))
834
int raise_privileges_permanently(void){
835
int old_errno = errno;
836
int ret = raise_privileges();
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
838
841
errno = old_errno;
841
844
if(setuid(0) == -1){
844
847
errno = old_errno;
848
851
/* Set effective user ID to unprivileged saved user ID */
849
852
__attribute__((warn_unused_result))
850
int lower_privileges(void){
851
int old_errno = errno;
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
853
856
if(seteuid(uid) == -1){
856
859
errno = old_errno;
860
863
/* Lower privileges permanently */
861
864
__attribute__((warn_unused_result))
862
int lower_privileges_permanently(void){
863
int old_errno = errno;
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
865
868
if(setuid(uid) == -1){
868
871
errno = old_errno;
872
875
/* Helper function to add_local_route() and delete_local_route() */
2479
2469
.args_doc = "",
2480
2470
.doc = "Mandos client -- Get and decrypt"
2481
2471
" passwords from a Mandos server" };
2482
ret_errno = argp_parse(&argp, argc, argv,
2483
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2472
ret = argp_parse(&argp, argc, argv,
2473
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2490
2480
perror_plus("argp_parse");
2491
2481
exitcode = EX_OSERR;
2910
2900
/* Allocate a new server */
2911
2901
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2912
&config, NULL, NULL, &ret);
2902
&config, NULL, NULL, &ret_errno);
2914
2904
/* Free the Avahi configuration data */
2915
2905
avahi_server_config_free(&config);
2962
if(signal_received){
2963
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2964
argv[0], signal_received,
2965
strsignal(signal_received));
2967
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2952
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2971
2955
/* Cleanup things */
3049
3034
free(interfaces_to_take_down);
3050
3035
free(interfaces_hooks);
3052
void clean_dir_at(int base, const char * const dirname,
3054
struct dirent **direntries = NULL;
3056
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3062
perror_plus("open");
3064
int numentries = scandirat(dir_fd, ".", &direntries,
3065
notdotentries, alphasort);
3066
if(numentries >= 0){
3067
for(int i = 0; i < numentries; i++){
3069
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3070
dirname, direntries[i]->d_name);
3072
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3074
if(errno == EISDIR){
3075
dret = unlinkat(dir_fd, direntries[i]->d_name,
3078
if((dret == -1) and (errno == ENOTEMPTY)
3079
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3080
== 0) and (level == 0)){
3081
/* Recurse only in this special case */
3082
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3086
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3087
direntries[i]->d_name, strerror(errno));
3090
free(direntries[i]);
3093
/* need to clean even if 0 because man page doesn't specify */
3095
if(numentries == -1){
3096
perror_plus("scandirat");
3098
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3099
if(dret == -1 and errno != ENOENT){
3100
perror_plus("rmdir");
3103
perror_plus("scandirat");
3108
3037
/* Removes the GPGME temp directory and all files inside */
3109
3038
if(tempdir != NULL){
3110
clean_dir_at(-1, tempdir, 0);
3039
struct dirent **direntries = NULL;
3040
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3044
if(tempdir_fd == -1){
3045
perror_plus("open");
3047
int numentries = scandirat(tempdir_fd, ".", &direntries,
3048
notdotentries, alphasort);
3049
if(numentries >= 0){
3050
for(int i = 0; i < numentries; i++){
3051
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
3053
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
3054
" \"%s\", 0): %s\n", tempdir,
3055
direntries[i]->d_name, strerror(errno));
3057
free(direntries[i]);
3060
/* need to clean even if 0 because man page doesn't specify */
3062
if(numentries == -1){
3063
perror_plus("scandir");
3065
ret = rmdir(tempdir);
3066
if(ret == -1 and errno != ENOENT){
3067
perror_plus("rmdir");