/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

• browse files at revision 24.1.52
• compare with another revision
• compare with revision 237.7.13
• download diff
• download tarball
• view history from revision 24.1.52

Show diffs side-by-side

added

removed

plugins.d/password-request.c

32

32

#define _LARGEFILE_SOURCE

33

33

#define _FILE_OFFSET_BITS 64

34

34

 

35

 

#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY() */

 

35

#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY(), asprintf() */

36

36

 

37

 

#include <stdio.h>              /* fprintf(), stderr, fwrite(), stdout,

38

 

                                   ferror() */

 

37

#include <stdio.h>              /* fprintf(), stderr, fwrite(),

 

38

                                   stdout, ferror() */

39

39

#include <stdint.h>             /* uint16_t, uint32_t */

40

40

#include <stddef.h>             /* NULL, size_t, ssize_t */

41

41

#include <stdlib.h>             /* free(), EXIT_SUCCESS, EXIT_FAILURE,

42

42

                                   srand() */

43

43

#include <stdbool.h>            /* bool, true */

44

44

#include <string.h>             /* memset(), strcmp(), strlen(),

45

 

                                   strerror(), memcpy(), strcpy() */

 

45

                                   strerror(), asprintf(), strcpy() */

46

46

#include <sys/ioctl.h>          /* ioctl */

47

47

#include <sys/types.h>          /* socket(), inet_pton(), sockaddr,

48

48

                                   sockaddr_in6, PF_INET6,

81

81

#include <avahi-common/error.h>

82

82

 

83

83

/* GnuTLS */

84

 

#include <gnutls/gnutls.h>      /* All GnuTLS types, constants and functions

 

84

#include <gnutls/gnutls.h>      /* All GnuTLS types, constants and

 

85

                                   functions:

85

86

                                   gnutls_*

86

87

                                   init_gnutls_session(),

87

88

                                   GNUTLS_* */

89

90

                                   GNUTLS_OPENPGP_FMT_BASE64 */

90

91

 

91

92

/* GPGME */

92

 

#include <gpgme.h>              /* All GPGME types, constants and functions

 

93

#include <gpgme.h>              /* All GPGME types, constants and

 

94

                                   functions:

93

95

                                   gpgme_*

94

96

                                   GPGME_PROTOCOL_OpenPGP,

95

97

                                   GPG_ERR_NO_* */

313

315

}

314

316

 

315

317

static int init_gnutls_global(mandos_context *mc,

316

 

                              const char *pubkeyfile,

317

 

                              const char *seckeyfile){

 

318

                              const char *pubkeyfilename,

 

319

                              const char *seckeyfilename){

318

320

  int ret;

319

321

  

320

322

  if(debug){

347

349

  

348

350

  if(debug){

349

351

    fprintf(stderr, "Attempting to use OpenPGP certificate %s"

350

 

            " and keyfile %s as GnuTLS credentials\n", pubkeyfile,

351

 

            seckeyfile);

 

352

            " and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

 

353

            seckeyfilename);

352

354

  }

353

355

  

354

356

  ret = gnutls_certificate_set_openpgp_key_file

355

 

    (mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

 

357

    (mc->cred, pubkeyfilename, seckeyfilename,

 

358

     GNUTLS_OPENPGP_FMT_BASE64);

356

359

  if (ret != GNUTLS_E_SUCCESS) {

357

360

    fprintf(stderr,

358

361

            "Error[%d] while reading the OpenPGP key pair ('%s',"

359

 

            " '%s')\n", ret, pubkeyfile, seckeyfile);

 

362

            " '%s')\n", ret, pubkeyfilename, seckeyfilename);

360

363

    fprintf(stdout, "The GnuTLS error is: %s\n",

361

364

            safer_gnutls_strerror(ret));

362

365

    goto globalfail;

472

475

    fprintf(stderr, "Binding to interface %s\n", interface);

473

476

  }

474

477

  

475

 

  memset(&to,0,sizeof(to));     /* Spurious warning */

 

478

  memset(&to, 0, sizeof(to));   /* Spurious warning */

476

479

  to.in6.sin6_family = AF_INET6;

477

480

  /* It would be nice to have a way to detect if we were passed an

478

481

     IPv4 address here.   Now we assume an IPv6 address. */

742

745

 

743

746

/* Combines file name and path and returns the malloced new

744

747

   string. some sane checks could/should be added */

745

 

static const char *combinepath(const char *first, const char *second){

746

 

  size_t f_len = strlen(first);

747

 

  size_t s_len = strlen(second);

748

 

  char *tmp = malloc(f_len + s_len + 2);

749

 

  if (tmp == NULL){

 

748

static char *combinepath(const char *first, const char *second){

 

749

  char *tmp;

 

750

  int ret = asprintf(&tmp, "%s/%s", first, second);

 

751

  if(ret < 0){

750

752

    return NULL;

751

753

  }

752

 

  if(f_len > 0){

753

 

    memcpy(tmp, first, f_len);  /* Spurious warning */

754

 

  }

755

 

  tmp[f_len] = '/';

756

 

  if(s_len > 0){

757

 

    memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

758

 

  }

759

 

  tmp[f_len + 1 + s_len] = '\0';

760

754

  return tmp;

761

755

}

762

756

 

773

767

    gid_t gid;

774

768

    char *connect_to = NULL;

775

769

    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

776

 

    const char *pubkeyfile = "pubkey.txt";

777

 

    const char *seckeyfile = "seckey.txt";

 

770

    char *pubkeyfilename = NULL;

 

771

    char *seckeyfilename = NULL;

 

772

    const char *pubkeyname = "pubkey.txt";

 

773

    const char *seckeyname = "seckey.txt";

778

774

    mandos_context mc = { .simple_poll = NULL, .server = NULL,

779

775

                          .dh_bits = 1024, .priority = "SECURE256"};

780

776

    bool gnutls_initalized = false;

832

828

          keydir = arg;

833

829

          break;

834

830

        case 's':

835

 

          seckeyfile = arg;

 

831

          seckeyname = arg;

836

832

          break;

837

833

        case 'p':

838

 

          pubkeyfile = arg;

 

834

          pubkeyname = arg;

839

835

          break;

840

836

        case 129:

841

837

          errno = 0;

870

866

      }

871

867

    }

872

868

      

873

 

    pubkeyfile = combinepath(keydir, pubkeyfile);

874

 

    if (pubkeyfile == NULL){

 

869

    pubkeyfilename = combinepath(keydir, pubkeyname);

 

870

    if (pubkeyfilename == NULL){

875

871

      perror("combinepath");

876

872

      exitcode = EXIT_FAILURE;

877

873

      goto end;

878

874

    }

879

875

    

880

 

    seckeyfile = combinepath(keydir, seckeyfile);

881

 

    if (seckeyfile == NULL){

 

876

    seckeyfilename = combinepath(keydir, seckeyname);

 

877

    if (seckeyfilename == NULL){

882

878

      perror("combinepath");

883

879

      exitcode = EXIT_FAILURE;

884

880

      goto end;

885

881

    }

886

882

 

887

 

    ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

 

883

    ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

888

884

    if (ret == -1){

889

885

      fprintf(stderr, "init_gnutls_global failed\n");

890

886

      exitcode = EXIT_FAILURE;

1043

1039

 

1044

1040

    if (mc.simple_poll != NULL)

1045

1041

        avahi_simple_poll_free(mc.simple_poll);

1046

 

    free(pubkeyfile);

1047

 

    free(seckeyfile);

 

1042

    free(pubkeyfilename);

 

1043

    free(seckeyfilename);

1048

1044

 

1049

1045

    if (gnutls_initalized){

1050

1046

      gnutls_certificate_free_credentials(mc.cred);

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0