/mandos/release : revision 59

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-10 02:01:04 UTC
mfrom: (24.1.38 mandos)
Revision ID: teddy@fukt.bsnet.se-20080810020104-s49hp25rfx8gmw2e

* mandos (main): Use program name in --version output.

files added:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
server.py => mandos

plugbasedclient.c => mandos-client.c

server.conf => mandos.conf

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* Mandos client part */

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

#include <net/if.h> /* IF_NAMESIZE */

#include <argp.h> /* struct argp_option,

struct argp_state, struct argp,

argp_parse() */

/* GPGME */

#include <errno.h> /* perror() */

#include <gpgme.h>

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

100

bool debug = false;

101

static const char *keydir = "/conf/conf.d/mandos";

const char *argp_program_version = "mandosclient 0.9";

102

static const char mandos_protocol_version[] = "1";

103

const char *argp_program_version = "password-request 1.0";

104

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

static const char mandos_protocol_version[] = "1";

105

106

/* Used for passing in values through the Avahi callback functions */

107

typedef struct {

113

const char *priority;

114

} mandos_context;

115

/* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

116

117

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

118

* "buffer_capacity" is how much is currently allocated,

* "buffer_length" is how much is already used. */

119

* "buffer_length" is how much is already used.

120

121

size_t adjustbuffer(char **buffer, size_t buffer_length,

122

size_t buffer_capacity){

123

if (buffer_length + BUFFER_SIZE > buffer_capacity){

296

321

if(debug){

297

322

fprintf(stderr, "Initializing GnuTLS\n");

298

323

}

299

300

if ((ret = gnutls_global_init ())

301

!= GNUTLS_E_SUCCESS) {

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

302

327

fprintf (stderr, "GnuTLS global_init: %s\n",

303

328

safer_gnutls_strerror(ret));

304

329

return -1;

313

338

}

314

339

315

340

/* OpenPGP credentials */

316

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

317

!= GNUTLS_E_SUCCESS) {

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

318

343

fprintf (stderr, "GnuTLS memory error: %s\n",

319

344

safer_gnutls_strerror(ret));

345

gnutls_global_deinit ();

320

346

return -1;

321

347

}

322

348

334

360

" '%s')\n", ret, pubkeyfile, seckeyfile);

335

361

fprintf(stdout, "The GnuTLS error is: %s\n",

336

362

safer_gnutls_strerror(ret));

337

return -1;

363

goto globalfail;

338

364

}

339

365

340

366

/* GnuTLS server initialization */

342

368

if (ret != GNUTLS_E_SUCCESS) {

343

369

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

344

370

" %s\n", safer_gnutls_strerror(ret));

345

return -1;

371

goto globalfail;

346

372

}

347

373

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

348

374

if (ret != GNUTLS_E_SUCCESS) {

349

375

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

350

376

safer_gnutls_strerror(ret));

351

return -1;

377

goto globalfail;

352

378

}

353

379

354

380

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

355

381

356

382

return 0;

383

384

globalfail:

385

386

gnutls_certificate_free_credentials(mc->cred);

387

gnutls_global_deinit();

388

return -1;

389

357

390

}

358

391

359

392

static int init_gnutls_session(mandos_context *mc,

373

406

fprintf(stderr, "Syntax error at: %s\n", err);

374

407

fprintf(stderr, "GnuTLS error: %s\n",

375

408

safer_gnutls_strerror(ret));

409

gnutls_deinit (*session);

376

410

return -1;

377

411

}

378

412

}

382

416

if (ret != GNUTLS_E_SUCCESS) {

383

417

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

384

418

safer_gnutls_strerror(ret));

419

gnutls_deinit (*session);

385

420

return -1;

386

421

}

387

422

503

538

}

504

539

505

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

506

507

ret = gnutls_handshake (session);

541

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

508

545

509

546

if (ret != GNUTLS_E_SUCCESS){

510

547

if(debug){

542

579

case GNUTLS_E_AGAIN:

543

580

break;

544

581

case GNUTLS_E_REHANDSHAKE:

545

ret = gnutls_handshake (session);

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

546

585

if (ret < 0){

547

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

548

587

gnutls_perror (ret);

601

640

free(buffer);

602

641

close(tcp_sd);

603

642

gnutls_deinit (session);

604

gnutls_certificate_free_credentials (mc->cred);

605

gnutls_global_deinit ();

606

643

return retval;

607

644

}

608

645

739

776

const char *seckeyfile = "seckey.txt";

740

777

mandos_context mc = { .simple_poll = NULL, .server = NULL,

741

778

.dh_bits = 1024, .priority = "SECURE256"};

779

bool gnutls_initalized = false;

742

780

743

781

{

744

782

struct argp_option options[] = {

824

862

.args_doc = "",

825

863

.doc = "Mandos client -- Get and decrypt"

826

864

" passwords from mandos server" };

827

argp_parse (&argp, argc, argv, 0, 0, NULL);

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unkown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

828

871

}

829

872

830

873

pubkeyfile = combinepath(keydir, pubkeyfile);

844

887

if (ret == -1){

845

888

fprintf(stderr, "init_gnutls_global\n");

846

889

goto end;

890

} else {

891

gnutls_initalized = true;

847

892

}

848

893

849

894

uid = getuid();

998

1043

avahi_simple_poll_free(mc.simple_poll);

999

1044

free(pubkeyfile);

1000

1045

free(seckeyfile);

1046

1047

if (gnutls_initalized){

1048

gnutls_certificate_free_credentials(mc.cred);

1049

gnutls_global_deinit ();

1050

}

1001

1051

1002

1052

return exitcode;

1003

1053

}

Older »