/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
261 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
445 by Teddy Hogeborn
Update copyright year to "2010" wherever appropriate.
12
 * Copyright © 2008-2010 Teddy Hogeborn
13
 * Copyright © 2008-2010 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
29
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
317 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
317 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
317 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
24.1.26 by Björn Påhlsson
tally count of used symbols
44
#include <stdint.h> 		/* uint16_t, uint32_t */
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, srand(),
47
				   strtof(), abort() */
304 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
304 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
304 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
56
#include <sys/stat.h>		/* open() */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
304 by Teddy Hogeborn
Four new interrelated features:
58
				   inet_pton(), connect() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
59
#include <fcntl.h>		/* open() */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
60
#include <dirent.h>		/* opendir(), struct dirent, readdir()
61
				 */
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
62
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
63
				   strtoimax() */
24.1.29 by Björn Påhlsson
Added more header file comments
64
#include <assert.h>		/* assert() */
65
#include <errno.h>		/* perror(), errno */
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
66
#include <time.h>		/* nanosleep(), time(), sleep() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
67
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
68
				   SIOCSIFFLAGS, if_indextoname(),
69
				   if_nametoindex(), IF_NAMESIZE */
304 by Teddy Hogeborn
Four new interrelated features:
70
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
71
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
73
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
74
				   getuid(), getgid(), seteuid(),
374 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
75
				   setgid(), pause() */
24.1.26 by Björn Påhlsson
tally count of used symbols
76
#include <arpa/inet.h>		/* inet_pton(), htons */
304 by Teddy Hogeborn
Four new interrelated features:
77
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
78
#include <argp.h>		/* struct argp_option, error_t, struct
79
				   argp_state, struct argp,
80
				   argp_parse(), ARGP_KEY_ARG,
81
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
307 by Teddy Hogeborn
Merge from Björn:
82
#include <signal.h>		/* sigemptyset(), sigaddset(),
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
83
				   sigaction(), SIGTERM, sig_atomic_t,
84
				   raise() */
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
85
#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
86
				   EX_NOHOST, EX_IOERR, EX_PROTOCOL */
307 by Teddy Hogeborn
Merge from Björn:
87
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
88
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
89
#include <sys/klog.h> 		/* klogctl() */
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
90
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
91
92
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
93
/* All Avahi types, constants and functions
94
 Avahi*, avahi_*,
95
 AVAHI_* */
96
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
97
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
98
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
99
#include <avahi-common/simple-watch.h>
100
#include <avahi-common/malloc.h>
101
#include <avahi-common/error.h>
102
103
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
104
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
105
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
106
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
107
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
108
				   GNUTLS_* */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
109
#include <gnutls/openpgp.h>
110
			  /* gnutls_certificate_set_openpgp_key_file(),
24.1.29 by Björn Påhlsson
Added more header file comments
111
				   GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
112
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
113
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
114
#include <gpgme.h> 		/* All GPGME types, constants and
115
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
116
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
117
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
118
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
119
120
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
121
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
122
#define PATHDIR "/conf/conf.d/mandos"
123
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
124
#define PUBKEY "pubkey.txt"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
125
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
126
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
127
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
128
const char *argp_program_version = "mandos-client " VERSION;
24.1.14 by Björn Påhlsson
mandosclient
129
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
130
static const char sys_class_net[] = "/sys/class/net";
131
char *connect_to = NULL;
24.1.10 by Björn Påhlsson
merge commit
132
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
133
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
134
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
135
  AvahiSimplePoll *simple_poll;
136
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
137
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
138
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
139
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
140
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
141
  gpgme_ctx_t ctx;
24.1.9 by Björn Påhlsson
not working midwork...
142
} mandos_context;
13 by Björn Påhlsson
Added following support:
143
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
144
/* global context so signal handler can reach it*/
24.1.135 by Björn Påhlsson
Earlier signal handling
145
mandos_context mc = { .simple_poll = NULL, .server = NULL,
146
		      .dh_bits = 1024, .priority = "SECURE256"
147
		      ":!CTYPE-X.509:+CTYPE-OPENPGP" };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
148
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
149
sig_atomic_t quit_now = 0;
150
int signal_received = 0;
151
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
152
/*
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
153
 * Make additional room in "buffer" for at least BUFFER_SIZE more
154
 * bytes. "buffer_capacity" is how much is currently allocated,
155
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
156
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
157
size_t incbuffer(char **buffer, size_t buffer_length,
24.1.10 by Björn Påhlsson
merge commit
158
		  size_t buffer_capacity){
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
159
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
160
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
161
    if(buffer == NULL){
24.1.10 by Björn Påhlsson
merge commit
162
      return 0;
163
    }
164
    buffer_capacity += BUFFER_SIZE;
165
  }
166
  return buffer_capacity;
167
}
168
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
169
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
170
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
171
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
172
static bool init_gpgme(const char *seckey,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
173
		       const char *pubkey, const char *tempdir){
13 by Björn Påhlsson
Added following support:
174
  gpgme_error_t rc;
175
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
176
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
177
  
178
  /*
288 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
179
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
180
   */
181
  bool import_key(const char *filename){
361 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
182
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
183
    int fd;
184
    gpgme_data_t pgp_data;
185
    
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
186
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
187
    if(fd == -1){
188
      perror("open");
189
      return false;
190
    }
191
    
192
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
193
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
194
      fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
195
	      gpgme_strsource(rc), gpgme_strerror(rc));
196
      return false;
197
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
198
    
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
199
    rc = gpgme_op_import(mc.ctx, pgp_data);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
200
    if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
201
      fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
202
	      gpgme_strsource(rc), gpgme_strerror(rc));
203
      return false;
204
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
205
    
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
206
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
207
    if(ret == -1){
208
      perror("close");
209
    }
210
    gpgme_data_release(pgp_data);
211
    return true;
212
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
213
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
214
  if(debug){
307 by Teddy Hogeborn
Merge from Björn:
215
    fprintf(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
216
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
217
  
13 by Björn Påhlsson
Added following support:
218
  /* Init GPGME */
219
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
220
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
221
  if(rc != GPG_ERR_NO_ERROR){
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
222
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
223
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
224
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
225
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
226
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
227
    /* Set GPGME home directory for the OpenPGP engine only */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
228
  rc = gpgme_get_engine_info(&engine_info);
229
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
230
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
231
	    gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
232
    return false;
13 by Björn Påhlsson
Added following support:
233
  }
234
  while(engine_info != NULL){
235
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
236
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
237
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
238
      break;
239
    }
240
    engine_info = engine_info->next;
241
  }
242
  if(engine_info == NULL){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
243
    fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
244
    return false;
245
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
246
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
247
  /* Create new GPGME "context" */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
248
  rc = gpgme_new(&(mc.ctx));
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
249
  if(rc != GPG_ERR_NO_ERROR){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
250
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
251
	    gpgme_strsource(rc), gpgme_strerror(rc));
252
    return false;
253
  }
254
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
255
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
256
    return false;
257
  }
258
  
355 by Teddy Hogeborn
* mandos: White-space fixes only.
259
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
260
}
261
262
/* 
263
 * Decrypt OpenPGP data.
264
 * Returns -1 on error
265
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
266
static ssize_t pgp_packet_decrypt(const char *cryptotext,
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
267
				  size_t crypto_size,
268
				  char **plaintext){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
269
  gpgme_data_t dh_crypto, dh_plain;
270
  gpgme_error_t rc;
271
  ssize_t ret;
272
  size_t plaintext_capacity = 0;
273
  ssize_t plaintext_length = 0;
274
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
275
  if(debug){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
276
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
277
  }
278
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
279
  /* Create new GPGME data buffer from memory cryptotext */
280
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
281
			       0);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
282
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
283
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
284
	    gpgme_strsource(rc), gpgme_strerror(rc));
285
    return -1;
286
  }
287
  
288
  /* Create new empty GPGME data buffer for the plaintext */
289
  rc = gpgme_data_new(&dh_plain);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
290
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
291
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
292
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
293
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
294
    return -1;
295
  }
296
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
297
  /* Decrypt data from the cryptotext data buffer to the plaintext
298
     data buffer */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
299
  rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
300
  if(rc != GPG_ERR_NO_ERROR){
13 by Björn Påhlsson
Added following support:
301
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
302
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
303
    plaintext_length = -1;
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
304
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
305
      gpgme_decrypt_result_t result;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
306
      result = gpgme_op_decrypt_result(mc.ctx);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
307
      if(result == NULL){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
308
	fprintf(stderr, "gpgme_op_decrypt_result failed\n");
309
      } else {
310
	fprintf(stderr, "Unsupported algorithm: %s\n",
311
		result->unsupported_algorithm);
312
	fprintf(stderr, "Wrong key usage: %u\n",
313
		result->wrong_key_usage);
314
	if(result->file_name != NULL){
315
	  fprintf(stderr, "File name: %s\n", result->file_name);
316
	}
317
	gpgme_recipient_t recipient;
318
	recipient = result->recipients;
349 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
319
	while(recipient != NULL){
320
	  fprintf(stderr, "Public key algorithm: %s\n",
321
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
322
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
323
	  fprintf(stderr, "Secret key available: %s\n",
324
		  recipient->status == GPG_ERR_NO_SECKEY
325
		  ? "No" : "Yes");
326
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
327
	}
328
      }
329
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
330
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
331
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
332
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
333
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
334
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
335
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
336
  
13 by Björn Påhlsson
Added following support:
337
  /* Seek back to the beginning of the GPGME plaintext data buffer */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
338
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.92 by Björn Påhlsson
Several memory leaks detected by valgrind fixed
339
    perror("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
340
    plaintext_length = -1;
341
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
342
  }
343
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
344
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
345
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
346
    plaintext_capacity = incbuffer(plaintext,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
347
				      (size_t)plaintext_length,
24.1.12 by Björn Påhlsson
merge +
348
				      plaintext_capacity);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
349
    if(plaintext_capacity == 0){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
350
	perror("incbuffer");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
351
	plaintext_length = -1;
352
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
353
    }
354
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
355
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
356
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
357
    /* Print the data, if any */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
358
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
359
      /* EOF */
13 by Björn Påhlsson
Added following support:
360
      break;
361
    }
362
    if(ret < 0){
363
      perror("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
364
      plaintext_length = -1;
365
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
366
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
367
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
368
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
369
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
370
  if(debug){
371
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
372
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
373
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
374
    }
375
    fprintf(stderr, "\n");
376
  }
377
  
378
 decrypt_end:
379
  
380
  /* Delete the GPGME cryptotext data buffer */
381
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
382
  
383
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
384
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
385
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
386
}
387
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
388
static const char * safer_gnutls_strerror(int value){
267 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
389
  const char *ret = gnutls_strerror(value); /* Spurious warning from
390
					       -Wunreachable-code */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
391
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
392
    ret = "(unknown)";
393
  return ret;
394
}
395
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
396
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
397
static void debuggnutls(__attribute__((unused)) int level,
398
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
399
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
400
}
401
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
402
static int init_gnutls_global(const char *pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
403
			      const char *seckeyfilename){
13 by Björn Påhlsson
Added following support:
404
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
405
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
406
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
407
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
408
  }
24.1.29 by Björn Påhlsson
Added more header file comments
409
  
410
  ret = gnutls_global_init();
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
411
  if(ret != GNUTLS_E_SUCCESS){
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
412
    fprintf(stderr, "GnuTLS global_init: %s\n",
413
	    safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
414
    return -1;
415
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
416
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
417
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
418
    /* "Use a log level over 10 to enable all debugging options."
419
     * - GnuTLS manual
420
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
421
    gnutls_global_set_log_level(11);
422
    gnutls_global_set_log_function(debuggnutls);
423
  }
424
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
425
  /* OpenPGP credentials */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
426
  gnutls_certificate_allocate_credentials(&mc.cred);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
427
  if(ret != GNUTLS_E_SUCCESS){
267 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
428
    fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
304 by Teddy Hogeborn
Four new interrelated features:
429
						    from
430
						    -Wunreachable-code
431
						 */
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
432
	    safer_gnutls_strerror(ret));
433
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
434
    return -1;
435
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
436
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
437
  if(debug){
147 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Improved wording
438
    fprintf(stderr, "Attempting to use OpenPGP public key %s and"
439
	    " secret key %s as GnuTLS credentials\n", pubkeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
440
	    seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
441
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
442
  
13 by Björn Påhlsson
Added following support:
443
  ret = gnutls_certificate_set_openpgp_key_file
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
444
    (mc.cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
445
     GNUTLS_OPENPGP_FMT_BASE64);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
446
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
447
    fprintf(stderr,
448
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
449
	    " '%s')\n", ret, pubkeyfilename, seckeyfilename);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
450
    fprintf(stderr, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
451
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
452
    goto globalfail;
13 by Björn Påhlsson
Added following support:
453
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
454
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
455
  /* GnuTLS server initialization */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
456
  ret = gnutls_dh_params_init(&mc.dh_params);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
457
  if(ret != GNUTLS_E_SUCCESS){
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
458
    fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
459
	    " %s\n", safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
460
    goto globalfail;
13 by Björn Påhlsson
Added following support:
461
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
462
  ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
463
  if(ret != GNUTLS_E_SUCCESS){
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
464
    fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
465
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
466
    goto globalfail;
13 by Björn Påhlsson
Added following support:
467
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
468
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
469
  gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
470
  
24.1.13 by Björn Påhlsson
mandosclient
471
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
472
  
24.1.20 by Björn Påhlsson
mandosclient
473
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
474
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
475
  gnutls_certificate_free_credentials(mc.cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
476
  gnutls_global_deinit();
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
477
  gnutls_dh_params_deinit(mc.dh_params);
24.1.20 by Björn Påhlsson
mandosclient
478
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
479
}
480
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
481
static int init_gnutls_session(gnutls_session_t *session){
24.1.13 by Björn Påhlsson
mandosclient
482
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
483
  /* GnuTLS session creation */
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
484
  do {
485
    ret = gnutls_init(session, GNUTLS_SERVER);
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
486
    if(quit_now){
487
      return -1;
488
    }
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
489
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
490
  if(ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
491
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
492
	    safer_gnutls_strerror(ret));
493
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
494
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
495
  {
496
    const char *err;
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
497
    do {
498
      ret = gnutls_priority_set_direct(*session, mc.priority, &err);
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
499
      if(quit_now){
500
	gnutls_deinit(*session);
501
	return -1;
502
      }
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
503
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
504
    if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
505
      fprintf(stderr, "Syntax error at: %s\n", err);
506
      fprintf(stderr, "GnuTLS error: %s\n",
507
	      safer_gnutls_strerror(ret));
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
508
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
509
      return -1;
510
    }
13 by Björn Påhlsson
Added following support:
511
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
512
  
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
513
  do {
514
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
515
				 mc.cred);
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
516
    if(quit_now){
517
      gnutls_deinit(*session);
518
      return -1;
519
    }
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
520
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
521
  if(ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
522
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
523
	    safer_gnutls_strerror(ret));
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
524
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
525
    return -1;
526
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
527
  
13 by Björn Påhlsson
Added following support:
528
  /* ignore client certificate if any. */
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
529
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
530
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
531
  gnutls_dh_set_prime_bits(*session, mc.dh_bits);
13 by Björn Påhlsson
Added following support:
532
  
533
  return 0;
534
}
535
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
536
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
537
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
538
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
539
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
540
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
541
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
542
				      AvahiIfIndex if_index,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
543
				      int af){
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
544
  int ret, tcp_sd = -1;
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
545
  ssize_t sret;
304 by Teddy Hogeborn
Four new interrelated features:
546
  union {
547
    struct sockaddr_in in;
548
    struct sockaddr_in6 in6;
549
  } to;
13 by Björn Påhlsson
Added following support:
550
  char *buffer = NULL;
372 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
551
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
552
  size_t buffer_length = 0;
553
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
554
  size_t written;
372 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
555
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
556
  gnutls_session_t session;
304 by Teddy Hogeborn
Four new interrelated features:
557
  int pf;			/* Protocol family */
558
  
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
559
  errno = 0;
560
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
561
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
562
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
563
    return -1;
564
  }
565
  
304 by Teddy Hogeborn
Four new interrelated features:
566
  switch(af){
567
  case AF_INET6:
568
    pf = PF_INET6;
569
    break;
570
  case AF_INET:
571
    pf = PF_INET;
572
    break;
573
  default:
574
    fprintf(stderr, "Bad address family: %d\n", af);
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
575
    errno = EINVAL;
304 by Teddy Hogeborn
Four new interrelated features:
576
    return -1;
577
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
578
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
579
  ret = init_gnutls_session(&session);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
580
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
581
    return -1;
582
  }
583
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
584
  if(debug){
304 by Teddy Hogeborn
Four new interrelated features:
585
    fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
586
	    "\n", ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
587
  }
13 by Björn Påhlsson
Added following support:
588
  
304 by Teddy Hogeborn
Four new interrelated features:
589
  tcp_sd = socket(pf, SOCK_STREAM, 0);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
590
  if(tcp_sd < 0){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
591
    int e = errno;
13 by Björn Påhlsson
Added following support:
592
    perror("socket");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
593
    errno = e;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
594
    goto mandos_end;
595
  }
596
  
597
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
598
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
599
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
600
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
601
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
602
  memset(&to, 0, sizeof(to));
304 by Teddy Hogeborn
Four new interrelated features:
603
  if(af == AF_INET6){
325 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): "sin6_family"
604
    to.in6.sin6_family = (sa_family_t)af;
304 by Teddy Hogeborn
Four new interrelated features:
605
    ret = inet_pton(af, ip, &to.in6.sin6_addr);
606
  } else {			/* IPv4 */
607
    to.in.sin_family = (sa_family_t)af;
608
    ret = inet_pton(af, ip, &to.in.sin_addr);
609
  }
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
610
  if(ret < 0 ){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
611
    int e = errno;
13 by Björn Påhlsson
Added following support:
612
    perror("inet_pton");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
613
    errno = e;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
614
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
615
  }
13 by Björn Påhlsson
Added following support:
616
  if(ret == 0){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
617
    int e = errno;
13 by Björn Påhlsson
Added following support:
618
    fprintf(stderr, "Bad address: %s\n", ip);
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
619
    errno = e;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
620
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
621
  }
304 by Teddy Hogeborn
Four new interrelated features:
622
  if(af == AF_INET6){
623
    to.in6.sin6_port = htons(port); /* Spurious warnings from
624
				       -Wconversion and
625
				       -Wunreachable-code */
626
    
627
    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
628
       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
629
			      -Wunreachable-code*/
630
      if(if_index == AVAHI_IF_UNSPEC){
631
	fprintf(stderr, "An IPv6 link-local address is incomplete"
632
		" without a network interface\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
633
	errno = EINVAL;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
634
	goto mandos_end;
304 by Teddy Hogeborn
Four new interrelated features:
635
      }
636
      /* Set the network interface number as scope */
637
      to.in6.sin6_scope_id = (uint32_t)if_index;
638
    }
639
  } else {
640
    to.in.sin_port = htons(port); /* Spurious warnings from
267 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
641
				     -Wconversion and
642
				     -Wunreachable-code */
304 by Teddy Hogeborn
Four new interrelated features:
643
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
644
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
645
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
646
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
647
    goto mandos_end;
648
  }
649
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
650
  if(debug){
304 by Teddy Hogeborn
Four new interrelated features:
651
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
652
      char interface[IF_NAMESIZE];
653
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
654
	perror("if_indextoname");
655
      } else {
656
	fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
657
		ip, interface, port);
658
      }
659
    } else {
660
      fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
661
	      port);
662
    }
663
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
664
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
665
    const char *pcret;
666
    if(af == AF_INET6){
667
      pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
668
			sizeof(addrstr));
669
    } else {
670
      pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
671
			sizeof(addrstr));
672
    }
673
    if(pcret == NULL){
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
674
      perror("inet_ntop");
675
    } else {
676
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
677
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
678
      }
679
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
680
  }
13 by Björn Påhlsson
Added following support:
681
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
682
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
683
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
684
    goto mandos_end;
685
  }
686
  
304 by Teddy Hogeborn
Four new interrelated features:
687
  if(af == AF_INET6){
688
    ret = connect(tcp_sd, &to.in6, sizeof(to));
689
  } else {
690
    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
691
  }
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
692
  if(ret < 0){
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
693
    if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
694
      int e = errno;
695
      perror("connect");
696
      errno = e;
697
    }
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
698
    goto mandos_end;
699
  }
700
  
701
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
702
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
703
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
704
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
705
  
24.1.12 by Björn Påhlsson
merge +
706
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
707
  written = 0;
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
708
  while(true){
24.1.10 by Björn Påhlsson
merge commit
709
    size_t out_size = strlen(out);
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
710
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
24.1.10 by Björn Påhlsson
merge commit
711
				   out_size - written));
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
712
    if(ret == -1){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
713
      int e = errno;
24.1.10 by Björn Påhlsson
merge commit
714
      perror("write");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
715
      errno = e;
24.1.12 by Björn Påhlsson
merge +
716
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
717
    }
24.1.12 by Björn Påhlsson
merge +
718
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
719
    if(written < out_size){
720
      continue;
721
    } else {
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
722
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
723
	written = 0;
724
	out = "\r\n";
725
      } else {
726
	break;
727
      }
728
    }
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
729
  
730
    if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
731
      errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
732
      goto mandos_end;
733
    }
24.1.10 by Björn Påhlsson
merge commit
734
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
735
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
736
  if(debug){
737
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
738
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
739
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
740
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
741
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
742
    goto mandos_end;
743
  }
744
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
745
  gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
746
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
747
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
748
    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
749
    goto mandos_end;
750
  }
751
  
363 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
752
  do {
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
753
    ret = gnutls_handshake(session);
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
754
    if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
755
      errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
756
      goto mandos_end;
757
    }
24.1.29 by Björn Påhlsson
Added more header file comments
758
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
759
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
760
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
761
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
762
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
763
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
764
    }
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
765
    errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
766
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
767
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
768
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
769
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
770
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
771
  if(debug){
304 by Teddy Hogeborn
Four new interrelated features:
772
    fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
773
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
774
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
775
  
13 by Björn Påhlsson
Added following support:
776
  while(true){
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
777
    
778
    if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
779
      errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
780
      goto mandos_end;
781
    }
782
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
783
    buffer_capacity = incbuffer(&buffer, buffer_length,
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
784
				   buffer_capacity);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
785
    if(buffer_capacity == 0){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
786
      int e = errno;
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
787
      perror("incbuffer");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
788
      errno = e;
24.1.12 by Björn Påhlsson
merge +
789
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
790
    }
791
    
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
792
    if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
793
      errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
794
      goto mandos_end;
795
    }
796
    
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
797
    sret = gnutls_record_recv(session, buffer+buffer_length,
798
			      BUFFER_SIZE);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
799
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
800
      break;
801
    }
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
802
    if(sret < 0){
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
803
      switch(sret){
13 by Björn Påhlsson
Added following support:
804
      case GNUTLS_E_INTERRUPTED:
805
      case GNUTLS_E_AGAIN:
806
	break;
807
      case GNUTLS_E_REHANDSHAKE:
363 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
808
	do {
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
809
	  ret = gnutls_handshake(session);
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
810
	  
811
	  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
812
	    errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
813
	    goto mandos_end;
814
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
815
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
816
	if(ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
817
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
818
	  gnutls_perror(ret);
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
819
	  errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
820
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
821
	}
822
	break;
823
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
824
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
825
		" encrypted session with Mandos server\n");
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
826
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
827
	errno = EIO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
828
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
829
      }
830
    } else {
257.1.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
831
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
832
    }
833
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
834
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
835
  if(debug){
836
    fprintf(stderr, "Closing TLS session\n");
837
  }
838
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
839
  if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
840
    errno = EINTR;
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
841
    goto mandos_end;
842
  }
843
  
844
  do {
845
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
846
    if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
847
      errno = EINTR;
371 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
848
      goto mandos_end;
849
    }
850
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
851
  
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
852
  if(buffer_length > 0){
362 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
853
    ssize_t decrypted_buffer_size;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
854
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
855
					       buffer_length,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
856
					       &decrypted_buffer);
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
857
    if(decrypted_buffer_size >= 0){
361 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
858
      
24.1.10 by Björn Påhlsson
merge commit
859
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
860
      while(written < (size_t) decrypted_buffer_size){
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
861
	if(quit_now){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
862
	  errno = EINTR;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
863
	  goto mandos_end;
864
	}
865
	
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
866
	ret = (int)fwrite(decrypted_buffer + written, 1,
867
			  (size_t)decrypted_buffer_size - written,
868
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
869
	if(ret == 0 and ferror(stdout)){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
870
	  int e = errno;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
871
	  if(debug){
872
	    fprintf(stderr, "Error writing encrypted data: %s\n",
873
		    strerror(errno));
874
	  }
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
875
	  errno = e;
372 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
876
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
877
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
878
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
879
      }
372 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
880
      retval = 0;
13 by Björn Påhlsson
Added following support:
881
    }
882
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
883
  
884
  /* Shutdown procedure */
885
  
886
 mandos_end:
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
887
  {
888
    int e = errno;
889
    free(decrypted_buffer);
890
    free(buffer);
891
    if(tcp_sd >= 0){
892
      ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
893
    }
894
    if(ret == -1){
895
      if(e == 0){
896
	e = errno;
897
      }
898
      perror("close");
899
    }
900
    gnutls_deinit(session);
901
    if(quit_now){
902
      e = EINTR;
903
      retval = -1;
904
    }
905
    errno = e;
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
906
  }
13 by Björn Påhlsson
Added following support:
907
  return retval;
908
}
909
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
910
static void resolve_callback(AvahiSServiceResolver *r,
911
			     AvahiIfIndex interface,
304 by Teddy Hogeborn
Four new interrelated features:
912
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
913
			     AvahiResolverEvent event,
914
			     const char *name,
915
			     const char *type,
916
			     const char *domain,
917
			     const char *host_name,
918
			     const AvahiAddress *address,
919
			     uint16_t port,
920
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
921
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
922
			     flags,
307 by Teddy Hogeborn
Merge from Björn:
923
			     AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
924
  assert(r);
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
925
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
926
  /* Called whenever a service has been resolved successfully or
927
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
928
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
929
  if(quit_now){
930
    return;
931
  }
932
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
933
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
934
  default:
935
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
936
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
937
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
938
	    avahi_strerror(avahi_server_errno(mc.server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
939
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
940
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
941
  case AVAHI_RESOLVER_FOUND:
942
    {
943
      char ip[AVAHI_ADDRESS_STR_MAX];
944
      avahi_address_snprint(ip, sizeof(ip), address);
945
      if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
946
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
268 by Teddy Hogeborn
Fixes for sscanf usage:
947
		PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
948
		ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
949
      }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
950
      int ret = start_mandos_communication(ip, port, interface,
304 by Teddy Hogeborn
Four new interrelated features:
951
					   avahi_proto_to_af(proto));
266 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
952
      if(ret == 0){
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
953
	avahi_simple_poll_quit(mc.simple_poll);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
954
      }
13 by Björn Påhlsson
Added following support:
955
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
956
  }
957
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
958
}
959
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
960
static void browse_callback(AvahiSServiceBrowser *b,
961
			    AvahiIfIndex interface,
962
			    AvahiProtocol protocol,
963
			    AvahiBrowserEvent event,
964
			    const char *name,
965
			    const char *type,
966
			    const char *domain,
967
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
968
			    flags,
307 by Teddy Hogeborn
Merge from Björn:
969
			    AVAHI_GCC_UNUSED void* userdata){
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
970
  assert(b);
24.1.9 by Björn Påhlsson
not working midwork...
971
  
972
  /* Called whenever a new services becomes available on the LAN or
973
     is removed from the LAN */
974
  
358 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
975
  if(quit_now){
976
    return;
977
  }
978
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
979
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
980
  default:
981
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
982
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
983
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
984
	    avahi_strerror(avahi_server_errno(mc.server)));
985
    avahi_simple_poll_quit(mc.simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
986
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
987
    
24.1.9 by Björn Påhlsson
not working midwork...
988
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
989
    /* We ignore the returned Avahi resolver object. In the callback
990
       function we free it. If the Avahi server is terminated before
991
       the callback function is called the Avahi server will free the
992
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
993
    
313 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
994
    if(avahi_s_service_resolver_new(mc.server, interface, protocol,
995
				    name, type, domain, protocol, 0,
996
				    resolve_callback, NULL) == NULL)
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
997
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
998
	      name, avahi_strerror(avahi_server_errno(mc.server)));
24.1.9 by Björn Påhlsson
not working midwork...
999
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1000
    
24.1.9 by Björn Påhlsson
not working midwork...
1001
  case AVAHI_BROWSER_REMOVE:
1002
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1003
    
24.1.9 by Björn Påhlsson
not working midwork...
1004
  case AVAHI_BROWSER_ALL_FOR_NOW:
1005
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1006
    if(debug){
1007
      fprintf(stderr, "No Mandos server found, still searching...\n");
1008
    }
24.1.9 by Björn Påhlsson
not working midwork...
1009
    break;
1010
  }
13 by Björn Påhlsson
Added following support:
1011
}
1012
24.1.135 by Björn Påhlsson
Earlier signal handling
1013
/* stop main loop after sigterm has been called */
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1014
static void handle_sigterm(int sig){
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1015
  if(quit_now){
1016
    return;
1017
  }
1018
  quit_now = 1;
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1019
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1020
  int old_errno = errno;
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1021
  if(mc.simple_poll != NULL){
1022
    avahi_simple_poll_quit(mc.simple_poll);
1023
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1024
  errno = old_errno;
1025
}
1026
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1027
/* 
1028
 * This function determines if a directory entry in /sys/class/net
1029
 * corresponds to an acceptable network device.
1030
 * (This function is passed to scandir(3) as a filter function.)
1031
 */
1032
int good_interface(const struct dirent *if_entry){
1033
  ssize_t ssret;
1034
  char *flagname = NULL;
1035
  int ret = asprintf(&flagname, "%s/%s/flags", sys_class_net,
1036
		     if_entry->d_name);
1037
  if(ret < 0){
1038
    perror("asprintf");
1039
    return 0;
1040
  }
1041
  if(if_entry->d_name[0] == '.'){
1042
    return 0;
1043
  }
1044
  int flags_fd = (int)TEMP_FAILURE_RETRY(open(flagname, O_RDONLY));
1045
  if(flags_fd == -1){
1046
    perror("open");
1047
    return 0;
1048
  }
1049
  typedef short ifreq_flags;	/* ifreq.ifr_flags in netdevice(7) */
1050
  /* read line from flags_fd */
1051
  ssize_t to_read = (sizeof(ifreq_flags)*2)+3; /* "0x1003\n" */
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1052
  char *flagstring = malloc((size_t)to_read+1); /* +1 for final \0 */
1053
  flagstring[(size_t)to_read] = '\0';
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1054
  if(flagstring == NULL){
1055
    perror("malloc");
1056
    close(flags_fd);
1057
    return 0;
1058
  }
1059
  while(to_read > 0){
1060
    ssret = (ssize_t)TEMP_FAILURE_RETRY(read(flags_fd, flagstring,
1061
					     (size_t)to_read));
1062
    if(ssret == -1){
1063
      perror("read");
1064
      free(flagstring);
1065
      close(flags_fd);
1066
      return 0;
1067
    }
1068
    to_read -= ssret;
1069
    if(ssret == 0){
1070
      break;
1071
    }
1072
  }
1073
  close(flags_fd);
1074
  intmax_t tmpmax;
1075
  char *tmp;
1076
  errno = 0;
1077
  tmpmax = strtoimax(flagstring, &tmp, 0);
1078
  if(errno != 0 or tmp == flagstring or (*tmp != '\0'
1079
					 and not (isspace(*tmp)))
1080
     or tmpmax != (ifreq_flags)tmpmax){
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1081
    if(debug){
1082
      fprintf(stderr, "Invalid flags \"%s\" for interface \"%s\"\n",
1083
	      flagstring, if_entry->d_name);
1084
    }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1085
    free(flagstring);
1086
    return 0;
1087
  }
1088
  free(flagstring);
1089
  ifreq_flags flags = (ifreq_flags)tmpmax;
1090
  /* Reject the loopback device */
1091
  if(flags & IFF_LOOPBACK){
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1092
    if(debug){
1093
      fprintf(stderr, "Rejecting loopback interface \"%s\"\n",
1094
	      if_entry->d_name);
1095
    }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1096
    return 0;
1097
  }
1098
  /* Accept point-to-point devices only if connect_to is specified */
1099
  if(connect_to != NULL and (flags & IFF_POINTOPOINT)){
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1100
    if(debug){
1101
      fprintf(stderr, "Accepting point-to-point interface \"%s\"\n",
1102
	      if_entry->d_name);
1103
    }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1104
    return 1;
1105
  }
1106
  /* Otherwise, reject non-broadcast-capable devices */
1107
  if(not (flags & IFF_BROADCAST)){
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1108
    if(debug){
1109
      fprintf(stderr, "Rejecting non-broadcast interface \"%s\"\n",
1110
	      if_entry->d_name);
1111
    }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1112
    return 0;
1113
  }
1114
  /* Accept this device */
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1115
  if(debug){
1116
    fprintf(stderr, "Interface \"%s\" is acceptable\n",
1117
	    if_entry->d_name);
1118
  }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1119
  return 1;
1120
}
1121
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1122
int main(int argc, char *argv[]){
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1123
  AvahiSServiceBrowser *sb = NULL;
1124
  int error;
1125
  int ret;
1126
  intmax_t tmpmax;
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1127
  char *tmp;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1128
  int exitcode = EXIT_SUCCESS;
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1129
  const char *interface = "";
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1130
  struct ifreq network;
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1131
  int sd = -1;
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1132
  bool take_down_interface = false;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1133
  uid_t uid;
1134
  gid_t gid;
1135
  char tempdir[] = "/tmp/mandosXXXXXX";
1136
  bool tempdir_created = false;
1137
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1138
  const char *seckey = PATHDIR "/" SECKEY;
1139
  const char *pubkey = PATHDIR "/" PUBKEY;
1140
  
1141
  bool gnutls_initialized = false;
1142
  bool gpgme_initialized = false;
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1143
  float delay = 2.5f;
1144
  
369 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1145
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1146
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1147
  
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1148
  uid = getuid();
1149
  gid = getgid();
1150
  
1151
  /* Lower any group privileges we might have, just to be safe */
1152
  errno = 0;
1153
  ret = setgid(gid);
1154
  if(ret == -1){
1155
    perror("setgid");
1156
  }
1157
  
1158
  /* Lower user privileges (temporarily) */
1159
  errno = 0;
1160
  ret = seteuid(uid);
1161
  if(ret == -1){
1162
    perror("seteuid");
1163
  }
1164
  
1165
  if(quit_now){
1166
    goto end;
1167
  }
1168
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1169
  {
1170
    struct argp_option options[] = {
1171
      { .name = "debug", .key = 128,
1172
	.doc = "Debug mode", .group = 3 },
1173
      { .name = "connect", .key = 'c',
1174
	.arg = "ADDRESS:PORT",
1175
	.doc = "Connect directly to a specific Mandos server",
1176
	.group = 1 },
1177
      { .name = "interface", .key = 'i',
1178
	.arg = "NAME",
304 by Teddy Hogeborn
Four new interrelated features:
1179
	.doc = "Network interface that will be used to search for"
1180
	" Mandos servers",
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1181
	.group = 1 },
1182
      { .name = "seckey", .key = 's',
1183
	.arg = "FILE",
1184
	.doc = "OpenPGP secret key file base name",
1185
	.group = 1 },
1186
      { .name = "pubkey", .key = 'p',
1187
	.arg = "FILE",
1188
	.doc = "OpenPGP public key file base name",
1189
	.group = 2 },
1190
      { .name = "dh-bits", .key = 129,
1191
	.arg = "BITS",
1192
	.doc = "Bit length of the prime number used in the"
1193
	" Diffie-Hellman key exchange",
1194
	.group = 2 },
1195
      { .name = "priority", .key = 130,
1196
	.arg = "STRING",
1197
	.doc = "GnuTLS priority string for the TLS handshake",
1198
	.group = 1 },
1199
      { .name = "delay", .key = 131,
1200
	.arg = "SECONDS",
1201
	.doc = "Maximum delay to wait for interface startup",
1202
	.group = 2 },
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1203
      /*
1204
       * These reproduce what we would get without ARGP_NO_HELP
1205
       */
1206
      { .name = "help", .key = '?',
1207
	.doc = "Give this help list", .group = -1 },
1208
      { .name = "usage", .key = -3,
1209
	.doc = "Give a short usage message", .group = -1 },
1210
      { .name = "version", .key = 'V',
1211
	.doc = "Print program version", .group = -1 },
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1212
      { .name = NULL }
1213
    };
1214
    
1215
    error_t parse_opt(int key, char *arg,
1216
		      struct argp_state *state){
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1217
      errno = 0;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1218
      switch(key){
1219
      case 128:			/* --debug */
1220
	debug = true;
1221
	break;
1222
      case 'c':			/* --connect */
1223
	connect_to = arg;
1224
	break;
1225
      case 'i':			/* --interface */
1226
	interface = arg;
1227
	break;
1228
      case 's':			/* --seckey */
1229
	seckey = arg;
1230
	break;
1231
      case 'p':			/* --pubkey */
1232
	pubkey = arg;
1233
	break;
1234
      case 129:			/* --dh-bits */
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1235
	errno = 0;
1236
	tmpmax = strtoimax(arg, &tmp, 10);
1237
	if(errno != 0 or tmp == arg or *tmp != '\0'
1238
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1239
	  argp_error(state, "Bad number of DH bits");
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1240
	}
1241
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1242
	break;
1243
      case 130:			/* --priority */
1244
	mc.priority = arg;
1245
	break;
1246
      case 131:			/* --delay */
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1247
	errno = 0;
1248
	delay = strtof(arg, &tmp);
1249
	if(errno != 0 or tmp == arg or *tmp != '\0'){
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1250
	  argp_error(state, "Bad delay");
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1251
	}
1252
	break;
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1253
	/*
1254
	 * These reproduce what we would get without ARGP_NO_HELP
1255
	 */
1256
      case '?':			/* --help */
1257
	argp_state_help(state, state->out_stream,
1258
			(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1259
			& ~(unsigned int)ARGP_HELP_EXIT_OK);
1260
      case -3:			/* --usage */
1261
	argp_state_help(state, state->out_stream,
1262
			ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1263
      case 'V':			/* --version */
1264
	fprintf(state->out_stream, "%s\n", argp_program_version);
1265
	exit(argp_err_exit_status);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1266
	break;
1267
      default:
1268
	return ARGP_ERR_UNKNOWN;
1269
      }
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1270
      return errno;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1271
    }
1272
    
1273
    struct argp argp = { .options = options, .parser = parse_opt,
1274
			 .args_doc = "",
1275
			 .doc = "Mandos client -- Get and decrypt"
1276
			 " passwords from a Mandos server" };
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1277
    ret = argp_parse(&argp, argc, argv,
1278
		     ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1279
    switch(ret){
1280
    case 0:
1281
      break;
1282
    case ENOMEM:
1283
    default:
1284
      errno = ret;
1285
      perror("argp_parse");
1286
      exitcode = EX_OSERR;
1287
      goto end;
1288
    case EINVAL:
1289
      exitcode = EX_USAGE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1290
      goto end;
1291
    }
1292
  }
1293
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1294
  if(not debug){
1295
    avahi_set_log_function(empty_log);
1296
  }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1297
1298
  if(interface[0] == '\0'){
1299
    struct dirent **direntries;
1300
    ret = scandir(sys_class_net, &direntries, good_interface,
1301
		  alphasort);
1302
    if(ret >= 1){
1303
      /* Pick the first good interface */
1304
      interface = strdup(direntries[0]->d_name);
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1305
      if(debug){
1306
	fprintf(stderr, "Using interface \"%s\"\n", interface);
1307
      }
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1308
      if(interface == NULL){
1309
	perror("malloc");
1310
	free(direntries);
1311
	exitcode = EXIT_FAILURE;
1312
	goto end;
1313
      }
1314
      free(direntries);
1315
    } else {
1316
      free(direntries);
1317
      fprintf(stderr, "Could not find a network interface\n");
1318
      exitcode = EXIT_FAILURE;
1319
      goto end;
1320
    }
1321
  }
309 by Teddy Hogeborn
Merge from Björn:
1322
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1323
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
1324
     from the signal handler */
1325
  /* Initialize the pseudo-RNG for Avahi */
1326
  srand((unsigned int) time(NULL));
1327
  mc.simple_poll = avahi_simple_poll_new();
1328
  if(mc.simple_poll == NULL){
1329
    fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1330
    exitcode = EX_UNAVAILABLE;
24.1.135 by Björn Påhlsson
Earlier signal handling
1331
    goto end;
1332
  }
309 by Teddy Hogeborn
Merge from Björn:
1333
  
24.1.135 by Björn Påhlsson
Earlier signal handling
1334
  sigemptyset(&sigterm_action.sa_mask);
309 by Teddy Hogeborn
Merge from Björn:
1335
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1336
  if(ret == -1){
1337
    perror("sigaddset");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1338
    exitcode = EX_OSERR;
309 by Teddy Hogeborn
Merge from Björn:
1339
    goto end;
1340
  }
1341
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1342
  if(ret == -1){
1343
    perror("sigaddset");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1344
    exitcode = EX_OSERR;
309 by Teddy Hogeborn
Merge from Björn:
1345
    goto end;
1346
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
1347
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1348
  if(ret == -1){
1349
    perror("sigaddset");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1350
    exitcode = EX_OSERR;
24.1.135 by Björn Påhlsson
Earlier signal handling
1351
    goto end;
1352
  }
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1353
  /* Need to check if the handler is SIG_IGN before handling:
1354
     | [[info:libc:Initial Signal Actions]] |
1355
     | [[info:libc:Basic Signal Handling]]  |
1356
  */
1357
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1358
  if(ret == -1){
1359
    perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1360
    return EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1361
  }
1362
  if(old_sigterm_action.sa_handler != SIG_IGN){
1363
    ret = sigaction(SIGINT, &sigterm_action, NULL);
1364
    if(ret == -1){
1365
      perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1366
      exitcode = EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1367
      goto end;
1368
    }
1369
  }
1370
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1371
  if(ret == -1){
1372
    perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1373
    return EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1374
  }
1375
  if(old_sigterm_action.sa_handler != SIG_IGN){
1376
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
1377
    if(ret == -1){
1378
      perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1379
      exitcode = EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1380
      goto end;
1381
    }
1382
  }
1383
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1384
  if(ret == -1){
1385
    perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1386
    return EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1387
  }
1388
  if(old_sigterm_action.sa_handler != SIG_IGN){
1389
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
1390
    if(ret == -1){
1391
      perror("sigaction");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1392
      exitcode = EX_OSERR;
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1393
      goto end;
1394
    }
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1395
  }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1396
  
1397
  /* If the interface is down, bring it up */
237.2.33 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1398
  if(strcmp(interface, "none") != 0){
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1399
    if_index = (AvahiIfIndex) if_nametoindex(interface);
1400
    if(if_index == 0){
1401
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1402
      exitcode = EX_UNAVAILABLE;
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1403
      goto end;
1404
    }
1405
    
1406
    if(quit_now){
1407
      goto end;
1408
    }
1409
    
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1410
    /* Re-raise priviliges */
1411
    errno = 0;
1412
    ret = seteuid(0);
1413
    if(ret == -1){
1414
      perror("seteuid");
1415
    }
1416
    
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1417
#ifdef __linux__
1418
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1419
       messages about the network interface to mess up the prompt */
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1420
    ret = klogctl(8, NULL, 5);
304 by Teddy Hogeborn
Four new interrelated features:
1421
    bool restore_loglevel = true;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1422
    if(ret == -1){
304 by Teddy Hogeborn
Four new interrelated features:
1423
      restore_loglevel = false;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1424
      perror("klogctl");
1425
    }
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1426
#endif	/* __linux__ */
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1427
    
1428
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1429
    if(sd < 0){
1430
      perror("socket");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1431
      exitcode = EX_OSERR;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1432
#ifdef __linux__
304 by Teddy Hogeborn
Four new interrelated features:
1433
      if(restore_loglevel){
1434
	ret = klogctl(7, NULL, 0);
1435
	if(ret == -1){
1436
	  perror("klogctl");
1437
	}
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1438
      }
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1439
#endif	/* __linux__ */
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1440
      /* Lower privileges */
1441
      errno = 0;
1442
      ret = seteuid(uid);
1443
      if(ret == -1){
1444
	perror("seteuid");
1445
      }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1446
      goto end;
1447
    }
1448
    strcpy(network.ifr_name, interface);
1449
    ret = ioctl(sd, SIOCGIFFLAGS, &network);
1450
    if(ret == -1){
1451
      perror("ioctl SIOCGIFFLAGS");
1452
#ifdef __linux__
304 by Teddy Hogeborn
Four new interrelated features:
1453
      if(restore_loglevel){
1454
	ret = klogctl(7, NULL, 0);
1455
	if(ret == -1){
1456
	  perror("klogctl");
1457
	}
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1458
      }
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1459
#endif	/* __linux__ */
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1460
      exitcode = EX_OSERR;
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1461
      /* Lower privileges */
1462
      errno = 0;
1463
      ret = seteuid(uid);
1464
      if(ret == -1){
1465
	perror("seteuid");
1466
      }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1467
      goto end;
1468
    }
1469
    if((network.ifr_flags & IFF_UP) == 0){
1470
      network.ifr_flags |= IFF_UP;
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1471
      take_down_interface = true;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1472
      ret = ioctl(sd, SIOCSIFFLAGS, &network);
1473
      if(ret == -1){
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1474
	take_down_interface = false;
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1475
	perror("ioctl SIOCSIFFLAGS +IFF_UP");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1476
	exitcode = EX_OSERR;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1477
#ifdef __linux__
304 by Teddy Hogeborn
Four new interrelated features:
1478
	if(restore_loglevel){
1479
	  ret = klogctl(7, NULL, 0);
1480
	  if(ret == -1){
1481
	    perror("klogctl");
1482
	  }
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
1483
	}
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1484
#endif	/* __linux__ */
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1485
	/* Lower privileges */
1486
	errno = 0;
1487
	ret = seteuid(uid);
1488
	if(ret == -1){
1489
	  perror("seteuid");
1490
	}
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1491
	goto end;
1492
      }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1493
    }
1494
    /* sleep checking until interface is running */
1495
    for(int i=0; i < delay * 4; i++){
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
1496
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1497
      if(ret == -1){
1498
	perror("ioctl SIOCGIFFLAGS");
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1499
      } else if(network.ifr_flags & IFF_RUNNING){
1500
	break;
1501
      }
1502
      struct timespec sleeptime = { .tv_nsec = 250000000 };
1503
      ret = nanosleep(&sleeptime, NULL);
1504
      if(ret == -1 and errno != EINTR){
1505
	perror("nanosleep");
1506
      }
1507
    }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1508
    if(not take_down_interface){
1509
      /* We won't need the socket anymore */
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1510
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1511
      if(ret == -1){
1512
	perror("close");
1513
      }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1514
    }
1515
#ifdef __linux__
304 by Teddy Hogeborn
Four new interrelated features:
1516
    if(restore_loglevel){
1517
      /* Restores kernel loglevel to default */
1518
      ret = klogctl(7, NULL, 0);
1519
      if(ret == -1){
1520
	perror("klogctl");
1521
      }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1522
    }
308 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1523
#endif	/* __linux__ */
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1524
    /* Lower privileges */
1525
    errno = 0;
1526
    if(take_down_interface){
1527
      /* Lower privileges */
1528
      ret = seteuid(uid);
1529
      if(ret == -1){
1530
	perror("seteuid");
1531
      }
1532
    } else {
1533
      /* Lower privileges permanently */
1534
      ret = setuid(uid);
1535
      if(ret == -1){
1536
	perror("setuid");
1537
      }
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1538
    }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1539
  }
1540
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1541
  if(quit_now){
1542
    goto end;
1543
  }
1544
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1545
  ret = init_gnutls_global(pubkey, seckey);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1546
  if(ret == -1){
1547
    fprintf(stderr, "init_gnutls_global failed\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1548
    exitcode = EX_UNAVAILABLE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1549
    goto end;
1550
  } else {
1551
    gnutls_initialized = true;
1552
  }
1553
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1554
  if(quit_now){
1555
    goto end;
1556
  }
1557
  
1558
  tempdir_created = true;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1559
  if(mkdtemp(tempdir) == NULL){
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1560
    tempdir_created = false;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1561
    perror("mkdtemp");
1562
    goto end;
1563
  }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1564
  
1565
  if(quit_now){
1566
    goto end;
1567
  }
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1568
  
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1569
  if(not init_gpgme(pubkey, seckey, tempdir)){
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1570
    fprintf(stderr, "init_gpgme failed\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1571
    exitcode = EX_UNAVAILABLE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1572
    goto end;
1573
  } else {
1574
    gpgme_initialized = true;
1575
  }
1576
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1577
  if(quit_now){
1578
    goto end;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1579
  }
1580
  
1581
  if(connect_to != NULL){
1582
    /* Connect directly, do not use Zeroconf */
1583
    /* (Mainly meant for debugging) */
1584
    char *address = strrchr(connect_to, ':');
1585
    if(address == NULL){
1586
      fprintf(stderr, "No colon in address\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1587
      exitcode = EX_USAGE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1588
      goto end;
1589
    }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1590
    
1591
    if(quit_now){
1592
      goto end;
1593
    }
1594
    
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1595
    uint16_t port;
311 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1596
    errno = 0;
1597
    tmpmax = strtoimax(address+1, &tmp, 10);
1598
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
1599
       or tmpmax != (uint16_t)tmpmax){
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1600
      fprintf(stderr, "Bad port number\n");
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1601
      exitcode = EX_USAGE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1602
      goto end;
1603
    }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1604
  
1605
    if(quit_now){
1606
      goto end;
1607
    }
1608
    
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1609
    port = (uint16_t)tmpmax;
1610
    *address = '\0';
1611
    address = connect_to;
304 by Teddy Hogeborn
Four new interrelated features:
1612
    /* Colon in address indicates IPv6 */
1613
    int af;
1614
    if(strchr(address, ':') != NULL){
1615
      af = AF_INET6;
1616
    } else {
1617
      af = AF_INET;
1618
    }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1619
    
1620
    if(quit_now){
1621
      goto end;
1622
    }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1623
1624
    while(not quit_now){
1625
      ret = start_mandos_communication(address, port, if_index, af);
1626
      if(quit_now or ret == 0){
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1627
	break;
1628
      }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1629
      sleep(15);
1630
    };
1631
1632
    if (not quit_now){
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1633
      exitcode = EXIT_SUCCESS;
1634
    }
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
1635
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1636
    goto end;
1637
  }
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1638
  
1639
  if(quit_now){
1640
    goto end;
1641
  }
1642
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1643
  {
1644
    AvahiServerConfig config;
1645
    /* Do not publish any local Zeroconf records */
1646
    avahi_server_config_init(&config);
1647
    config.publish_hinfo = 0;
1648
    config.publish_addresses = 0;
1649
    config.publish_workstation = 0;
1650
    config.publish_domain = 0;
1651
    
1652
    /* Allocate a new server */
1653
    mc.server = avahi_server_new(avahi_simple_poll_get
1654
				 (mc.simple_poll), &config, NULL,
1655
				 NULL, &error);
1656
    
1657
    /* Free the Avahi configuration data */
1658
    avahi_server_config_free(&config);
1659
  }
1660
  
1661
  /* Check if creating the Avahi server object succeeded */
1662
  if(mc.server == NULL){
1663
    fprintf(stderr, "Failed to create Avahi server: %s\n",
1664
	    avahi_strerror(error));
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1665
    exitcode = EX_UNAVAILABLE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1666
    goto end;
1667
  }
1668
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1669
  if(quit_now){
1670
    goto end;
1671
  }
1672
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1673
  /* Create the Avahi service browser */
1674
  sb = avahi_s_service_browser_new(mc.server, if_index,
313 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
1675
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1676
				   NULL, 0, browse_callback, NULL);
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1677
  if(sb == NULL){
1678
    fprintf(stderr, "Failed to create service browser: %s\n",
1679
	    avahi_strerror(avahi_server_errno(mc.server)));
399 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1680
    exitcode = EX_UNAVAILABLE;
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1681
    goto end;
1682
  }
307 by Teddy Hogeborn
Merge from Björn:
1683
  
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1684
  if(quit_now){
1685
    goto end;
1686
  }
1687
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1688
  /* Run the main loop */
1689
  
1690
  if(debug){
1691
    fprintf(stderr, "Starting Avahi loop search\n");
1692
  }
1693
  
1694
  avahi_simple_poll_loop(mc.simple_poll);
1695
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1696
 end:
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1697
  
1698
  if(debug){
1699
    fprintf(stderr, "%s exiting\n", argv[0]);
1700
  }
1701
  
1702
  /* Cleanup things */
1703
  if(sb != NULL)
1704
    avahi_s_service_browser_free(sb);
1705
  
1706
  if(mc.server != NULL)
1707
    avahi_server_free(mc.server);
1708
  
1709
  if(mc.simple_poll != NULL)
1710
    avahi_simple_poll_free(mc.simple_poll);
1711
  
1712
  if(gnutls_initialized){
1713
    gnutls_certificate_free_credentials(mc.cred);
1714
    gnutls_global_deinit();
1715
    gnutls_dh_params_deinit(mc.dh_params);
1716
  }
1717
  
1718
  if(gpgme_initialized){
1719
    gpgme_release(mc.ctx);
1720
  }
1721
  
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1722
  /* Take down the network interface */
353 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1723
  if(take_down_interface){
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1724
    /* Re-raise priviliges */
1725
    errno = 0;
1726
    ret = seteuid(0);
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1727
    if(ret == -1){
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1728
      perror("seteuid");
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1729
    }
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1730
    if(geteuid() == 0){
1731
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
1732
      if(ret == -1){
1733
	perror("ioctl SIOCGIFFLAGS");
1734
      } else if(network.ifr_flags & IFF_UP) {
394 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1735
	network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1736
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
1737
	if(ret == -1){
237.2.34 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1738
	  perror("ioctl SIOCSIFFLAGS -IFF_UP");
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1739
	}
1740
      }
1741
      ret = (int)TEMP_FAILURE_RETRY(close(sd));
1742
      if(ret == -1){
1743
	perror("close");
1744
      }
368 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1745
      /* Lower privileges permanently */
365 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
1746
      errno = 0;
1747
      ret = setuid(uid);
1748
      if(ret == -1){
1749
	perror("setuid");
1750
      }
350 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
1751
    }
1752
  }
1753
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1754
  /* Removes the temp directory used by GPGME */
1755
  if(tempdir_created){
1756
    DIR *d;
1757
    struct dirent *direntry;
1758
    d = opendir(tempdir);
1759
    if(d == NULL){
1760
      if(errno != ENOENT){
1761
	perror("opendir");
1762
      }
1763
    } else {
1764
      while(true){
1765
	direntry = readdir(d);
1766
	if(direntry == NULL){
1767
	  break;
1768
	}
1769
	/* Skip "." and ".." */
1770
	if(direntry->d_name[0] == '.'
1771
	   and (direntry->d_name[1] == '\0'
1772
		or (direntry->d_name[1] == '.'
1773
		    and direntry->d_name[2] == '\0'))){
1774
	  continue;
1775
	}
1776
	char *fullname = NULL;
1777
	ret = asprintf(&fullname, "%s/%s", tempdir,
1778
		       direntry->d_name);
1779
	if(ret < 0){
1780
	  perror("asprintf");
1781
	  continue;
1782
	}
1783
	ret = remove(fullname);
1784
	if(ret == -1){
1785
	  fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1786
		  strerror(errno));
1787
	}
1788
	free(fullname);
1789
      }
1790
      closedir(d);
1791
    }
1792
    ret = rmdir(tempdir);
1793
    if(ret == -1 and errno != ENOENT){
1794
      perror("rmdir");
1795
    }
1796
  }
1797
  
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1798
  if(quit_now){
357 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
1799
    sigemptyset(&old_sigterm_action.sa_mask);
1800
    old_sigterm_action.sa_handler = SIG_DFL;
374 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1801
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
1802
					    &old_sigterm_action,
1803
					    NULL));
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1804
    if(ret == -1){
1805
      perror("sigaction");
1806
    }
374 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
1807
    do {
1808
      ret = raise(signal_received);
1809
    } while(ret != 0 and errno == EINTR);
1810
    if(ret != 0){
1811
      perror("raise");
1812
      abort();
1813
    }
1814
    TEMP_FAILURE_RETRY(pause());
354 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1815
  }
1816
  
293 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1817
  return exitcode;
13 by Björn Påhlsson
Added following support:
1818
}