To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 35
- compare with another revision
- download diff
- download tarball
- view history from revision 35
- Committer: Teddy Hogeborn
- Date: 2008-08-02 10:48:24 UTC
- Revision ID: teddy@fukt.bsnet.se-20080802104824-fx0miwp9o4g9r31e
* plugbasedclient.c (struct process): New fields "eof", "completed",
and "status".
(handle_sigchld): New function.
(main): Initialize "dir" to NULL to only closedir() it if necessary.
Move "process_list" to be a global variable to be accessible
by "handle_sigchld". Make "handle_sigchld" handle SIGCHLD.
Remove redundant check for NULL "dir". Free "filename" when
no longer used. Block SIGCHLD around fork()/exec().
Restore normal signals in child. Only loop while running
processes exist. Print process buffer when the process is
done and it has emitted EOF, not when it only emits EOF.
Remove processes from list which exit non-cleanly. In
cleaning up, closedir() if necessary. Bug fix: set next
pointer correctly when freeing process list.
* plugins.d/passprompt.c (main): Do not ignore SIGQUIT.
and "status".
(handle_sigchld): New function.
(main): Initialize "dir" to NULL to only closedir() it if necessary.
Move "process_list" to be a global variable to be accessible
by "handle_sigchld". Make "handle_sigchld" handle SIGCHLD.
Remove redundant check for NULL "dir". Free "filename" when
no longer used. Block SIGCHLD around fork()/exec().
Restore normal signals in child. Only loop while running
processes exist. Print process buffer when the process is
done and it has emitted EOF, not when it only emits EOF.
Remove processes from list which exit non-cleanly. In
cleaning up, closedir() if necessary. Bug fix: set next
pointer correctly when freeing process list.
* plugins.d/passprompt.c (main): Do not ignore SIGQUIT.
- files modified:
- TODO
added
removed
plugins.d/mandosclient.c
63
63
#include <errno.h> /* perror() */
64
64
#include <gpgme.h>
65
65
66
// getopt_long
66
// getopt long
67
67
#include <getopt.h>
68
68
69
69
#define BUFFER_SIZE 256
70
71
static int dh_bits = 1024;
72
73
static const char *keydir = "/conf/conf.d/mandos";
74
static const char *pubkeyfile = "pubkey.txt";
75
static const char *seckeyfile = "seckey.txt";
70
#define DH_BITS 1024
71
72
const char *certdir = "/conf/conf.d/cryptkeyreq/";
73
const char *certfile = "openpgp-client.txt";
74
const char *certkey = "openpgp-client-key.txt";
76
75
77
76
bool debug = false;
78
77
79
/* Used for */
80
78
typedef struct {
81
79
gnutls_session_t session;
82
80
gnutls_certificate_credentials_t cred;
84
82
} encrypted_session;
85
83
86
84
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
89
const char *homedir){
85
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet, const char *homedir){
90
87
gpgme_data_t dh_crypto, dh_plain;
91
88
gpgme_ctx_t ctx;
92
89
gpgme_error_t rc;
248
245
return ret;
249
246
}
250
247
251
static void debuggnutls(__attribute__((unused)) int level,
252
const char* string){
248
void debuggnutls(__attribute__((unused)) int level,
249
const char* string){
253
250
fprintf(stderr, "%s", string);
254
251
}
255
252
256
static int initgnutls(encrypted_session *es){
253
int initgnutls(encrypted_session *es){
257
254
const char *err;
258
255
int ret;
259
256
282
279
283
280
if(debug){
284
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
286
seckeyfile);
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
287
284
}
288
285
289
286
ret = gnutls_certificate_set_openpgp_key_file
290
(es->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
291
288
if (ret != GNUTLS_E_SUCCESS) {
292
289
fprintf
293
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
291
" '%s')\n",
295
ret, pubkeyfile, seckeyfile);
292
ret, certfile, certkey);
296
293
fprintf(stdout, "The Error is: %s\n",
297
294
safer_gnutls_strerror(ret));
298
295
return -1;
306
303
return -1;
307
304
}
308
305
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, dh_bits))
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
307
!= GNUTLS_E_SUCCESS) {
311
308
fprintf (stderr, "Error in prime generation: %s\n",
312
309
safer_gnutls_strerror(ret));
342
339
gnutls_certificate_server_set_request (es->session,
343
340
GNUTLS_CERT_IGNORE);
344
341
345
gnutls_dh_set_prime_bits (es->session, dh_bits);
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
346
343
347
344
return 0;
348
345
}
349
346
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
__attribute__((unused)) const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
352
349
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
350
int start_mandos_communication(const char *ip, uint16_t port,
351
AvahiIfIndex if_index){
355
352
int ret, tcp_sd;
356
353
struct sockaddr_in6 to;
357
354
encrypted_session es;
403
400
404
401
if(debug){
405
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
char addrstr[INET6_ADDRSTRLEN] = "";
407
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
408
sizeof(addrstr)) == NULL){
409
perror("inet_ntop");
410
} else {
411
if(strcmp(addrstr, ip) != 0){
412
fprintf(stderr, "Canonical address form: %s\n",
413
addrstr, ntohs(to.sin6_port));
414
}
415
}
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
407
/* } else { */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
410
/* } */
416
411
}
417
412
418
413
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
497
492
decrypted_buffer_size = pgp_packet_decrypt(buffer,
498
493
buffer_length,
499
494
&decrypted_buffer,
500
keydir);
495
certdir);
501
496
if (decrypted_buffer_size >= 0){
502
497
while(written < (size_t) decrypted_buffer_size){
503
498
ret = (int)fwrite (decrypted_buffer + written, 1,
632
627
}
633
628
}
634
629
635
/* Combines file name and path and returns the malloced new
636
string. some sane checks could/should be added */
637
static const char *combinepath(const char *first, const char *second){
638
size_t f_len = strlen(first);
639
size_t s_len = strlen(second);
640
char *tmp = malloc(f_len + s_len + 2);
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
632
char *tmp;
633
tmp = malloc(strlen(first) + strlen(second) + 2);
641
634
if (tmp == NULL){
635
perror("malloc");
642
636
return NULL;
643
637
}
644
if(f_len > 0){
645
memcpy(tmp, first, f_len);
646
}
647
tmp[f_len] = '/';
648
if(s_len > 0){
649
memcpy(tmp + f_len + 1, second, s_len);
650
}
651
tmp[f_len + 1 + s_len] = '\0';
638
strcpy(tmp, first);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
640
strcat(tmp, "/");
641
}
642
strcat(tmp, second);
652
643
return tmp;
653
644
}
654
645
658
649
AvahiSServiceBrowser *sb = NULL;
659
650
int error;
660
651
int ret;
661
int debug_int = 0;
662
652
int returncode = EXIT_SUCCESS;
663
653
const char *interface = NULL;
664
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
665
655
char *connect_to = NULL;
666
656
667
debug_int = debug ? 1 : 0;
668
657
while (true){
669
658
static struct option long_options[] = {
670
{"debug", no_argument, &debug_int, 1},
671
{"connect", required_argument, NULL, 'C'},
672
{"interface", required_argument, NULL, 'i'},
673
{"keydir", required_argument, NULL, 'd'},
674
{"seckey", required_argument, NULL, 'c'},
675
{"pubkey", required_argument, NULL, 'k'},
676
{"dh-bits", required_argument, NULL, 'D'},
659
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
661
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
677
665
{0, 0, 0, 0} };
678
666
679
667
int option_index = 0;
694
682
connect_to = optarg;
695
683
break;
696
684
case 'd':
697
keydir = optarg;
685
certdir = optarg;
698
686
break;
699
687
case 'c':
700
pubkeyfile = optarg;
688
certfile = optarg;
701
689
break;
702
690
case 'k':
703
seckeyfile = optarg;
704
break;
705
case 'D':
706
dh_bits = atoi(optarg);
707
break;
708
case '?':
709
break
691
certkey = optarg;
692
break;
710
693
default:
711
694
exit(EXIT_FAILURE);
712
695
}
713
696
}
714
debug = debug_int ? true : false;
715
716
pubkeyfile = combinepath(keydir, pubkeyfile);
717
if (pubkeyfile == NULL){
718
perror("combinepath");
697
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
719
700
goto exit;
720
701
}
721
702
751
732
}
752
733
}
753
734
754
seckeyfile = combinepath(keydir, seckeyfile);
755
if (seckeyfile == NULL){
756
perror("combinepath");
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
757
737
goto exit;
758
738
}
759
739
828
808
829
809
if (simple_poll)
830
810
avahi_simple_poll_free(simple_poll);
831
free(pubkeyfile);
832
free(seckeyfile);
811
free(certfile);
812
free(certkey);
833
813
834
814
return returncode;
835
815
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0