/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

  • Committer: Teddy Hogeborn
  • Date: 2008-08-09 20:29:39 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080809202939-xn04n8dmrgjt9ftc
* TODO: More notes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
34
34
 
35
35
#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY() */
36
36
 
37
 
#include <stdio.h>
38
 
#include <assert.h>
39
 
#include <stdlib.h>
40
 
#include <time.h>
41
 
#include <net/if.h>             /* if_nametoindex */
42
 
#include <sys/ioctl.h>          /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
43
 
                                   SIOCSIFFLAGS */
 
37
#include <stdio.h>              /* fprintf(), stderr, fwrite(), stdout,
 
38
                                   ferror() */
 
39
#include <stdint.h>             /* uint16_t, uint32_t */
 
40
#include <stddef.h>             /* NULL, size_t, ssize_t */
 
41
#include <stdlib.h>             /* free(), EXIT_SUCCESS, EXIT_FAILURE,
 
42
                                   srand() */
 
43
#include <stdbool.h>            /* bool, true */
 
44
#include <string.h>             /* memset(), strcmp(), strlen(),
 
45
                                   strerror(), memcpy(), strcpy() */
 
46
#include <sys/ioctl.h>          /* ioctl */
 
47
#include <net/if.h>             /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,
 
48
                                   IFF_UP */
 
49
#include <sys/types.h>          /* socket(), inet_pton(), sockaddr,
 
50
                                   sockaddr_in6, PF_INET6,
 
51
                                   SOCK_STREAM, INET6_ADDRSTRLEN,
 
52
                                   uid_t, gid_t */
 
53
#include <sys/socket.h>         /* socket(), struct sockaddr_in6,
 
54
                                   struct in6_addr, inet_pton(),
 
55
                                   connect() */
 
56
#include <assert.h>             /* assert() */
 
57
#include <errno.h>              /* perror(), errno */
 
58
#include <time.h>               /* time() */
44
59
#include <net/if.h>             /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
45
 
                                   SIOCSIFFLAGS */
 
60
                                   SIOCSIFFLAGS, if_indextoname(),
 
61
                                   if_nametoindex(), IF_NAMESIZE */
 
62
#include <unistd.h>             /* close(), SEEK_SET, off_t, write(),
 
63
                                   getuid(), getgid(), setuid(),
 
64
                                   setgid() */
 
65
#include <netinet/in.h>
 
66
#include <arpa/inet.h>          /* inet_pton(), htons */
 
67
#include <iso646.h>             /* not, and */
 
68
#include <argp.h>               /* struct argp_option, error_t, struct
 
69
                                   argp_state, struct argp,
 
70
                                   argp_parse(), ARGP_KEY_ARG,
 
71
                                   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
46
72
 
 
73
/* Avahi */
 
74
/* All Avahi types, constants and functions
 
75
 Avahi*, avahi_*,
 
76
 AVAHI_* */
47
77
#include <avahi-core/core.h>
48
78
#include <avahi-core/lookup.h>
49
79
#include <avahi-core/log.h>
51
81
#include <avahi-common/malloc.h>
52
82
#include <avahi-common/error.h>
53
83
 
54
 
/* Mandos client part */
55
 
#include <sys/types.h>          /* socket(), inet_pton() */
56
 
#include <sys/socket.h>         /* socket(), struct sockaddr_in6,
57
 
                                   struct in6_addr, inet_pton() */
58
 
#include <gnutls/gnutls.h>      /* All GnuTLS stuff */
59
 
#include <gnutls/openpgp.h>     /* GnuTLS with openpgp stuff */
 
84
/* GnuTLS */
 
85
#include <gnutls/gnutls.h>      /* All GnuTLS types, constants and functions
 
86
                                   gnutls_*
 
87
                                   init_gnutls_session(),
 
88
                                   GNUTLS_* */
 
89
#include <gnutls/openpgp.h>     /* gnutls_certificate_set_openpgp_key_file(),
 
90
                                   GNUTLS_OPENPGP_FMT_BASE64 */
60
91
 
61
 
#include <unistd.h>             /* close() */
62
 
#include <netinet/in.h>
63
 
#include <stdbool.h>            /* true */
64
 
#include <string.h>             /* memset */
65
 
#include <arpa/inet.h>          /* inet_pton() */
66
 
#include <iso646.h>             /* not */
67
 
#include <net/if.h>             /* IF_NAMESIZE */
68
 
#include <argp.h>               /* struct argp_option,
69
 
                                   struct argp_state, struct argp,
70
 
                                   argp_parse() */
71
92
/* GPGME */
72
 
#include <errno.h>              /* perror() */
73
 
#include <gpgme.h>
 
93
#include <gpgme.h>              /* All GPGME types, constants and functions
 
94
                                   gpgme_*
 
95
                                   GPGME_PROTOCOL_OpenPGP,
 
96
                                   GPG_ERR_NO_* */
74
97
 
75
98
#define BUFFER_SIZE 256
76
99
 
298
321
  if(debug){
299
322
    fprintf(stderr, "Initializing GnuTLS\n");
300
323
  }
301
 
 
302
 
  if ((ret = gnutls_global_init ())
303
 
      != GNUTLS_E_SUCCESS) {
 
324
  
 
325
  ret = gnutls_global_init();
 
326
  if (ret != GNUTLS_E_SUCCESS) {
304
327
    fprintf (stderr, "GnuTLS global_init: %s\n",
305
328
             safer_gnutls_strerror(ret));
306
329
    return -1;
315
338
  }
316
339
  
317
340
  /* OpenPGP credentials */
318
 
  if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
319
 
      != GNUTLS_E_SUCCESS) {
 
341
  gnutls_certificate_allocate_credentials(&mc->cred);
 
342
  if (ret != GNUTLS_E_SUCCESS){
320
343
    fprintf (stderr, "GnuTLS memory error: %s\n",
321
344
             safer_gnutls_strerror(ret));
322
345
    gnutls_global_deinit ();
360
383
 
361
384
 globalfail:
362
385
 
363
 
  gnutls_certificate_free_credentials (mc->cred);
364
 
  gnutls_global_deinit ();
 
386
  gnutls_certificate_free_credentials(mc->cred);
 
387
  gnutls_global_deinit();
365
388
  return -1;
366
389
 
367
390
}
515
538
  }
516
539
  
517
540
  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
518
 
  
519
 
  ret = gnutls_handshake (session);
 
541
 
 
542
  do{
 
543
    ret = gnutls_handshake (session);
 
544
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
520
545
  
521
546
  if (ret != GNUTLS_E_SUCCESS){
522
547
    if(debug){
554
579
      case GNUTLS_E_AGAIN:
555
580
        break;
556
581
      case GNUTLS_E_REHANDSHAKE:
557
 
        ret = gnutls_handshake (session);
 
582
        do{
 
583
          ret = gnutls_handshake (session);
 
584
        } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
558
585
        if (ret < 0){
559
586
          fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
560
587
          gnutls_perror (ret);
835
862
                           .args_doc = "",
836
863
                           .doc = "Mandos client -- Get and decrypt"
837
864
                           " passwords from mandos server" };
838
 
      argp_parse (&argp, argc, argv, 0, 0, NULL);
 
865
      ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
 
866
      if (ret == ARGP_ERR_UNKNOWN){
 
867
        fprintf(stderr, "Unkown error while parsing arguments\n");
 
868
        exitcode = EXIT_FAILURE;
 
869
        goto end;
 
870
      }
839
871
    }
840
872
      
841
873
    pubkeyfile = combinepath(keydir, pubkeyfile);
1013
1045
    free(seckeyfile);
1014
1046
 
1015
1047
    if (gnutls_initalized){
1016
 
      gnutls_certificate_free_credentials (mc.cred);
 
1048
      gnutls_certificate_free_credentials(mc.cred);
1017
1049
      gnutls_global_deinit ();
1018
1050
    }
1019
1051