=== modified file 'TODO' --- TODO 2009-01-23 20:09:55 +0000 +++ TODO 2009-01-31 10:33:17 +0000 @@ -2,9 +2,6 @@ * mandos-client ** TODO [#A] Clean up /tmp directory on signal -** TODO [#B] Temporarily lower kernel log level - for less printouts during sucessfull boot. - klogctl(6, NULL, 0); klogctl(7, NULL, 0); ** TODO [#C] IPv4 support * plugin-runner @@ -42,13 +39,11 @@ * mandos-list *** Handle "no D-Bus server" and/or "no Mandos server found" better *** [#B] --dump option -** TODO Disable client -** TODO Enable client -** TODO Reset timer * Curses interface * mandos-keygen +** TODO Loop until passwords match when run interactively ** TODO "--secfile" option Using the "secfile" option instead of "secret" ** TODO [#B] "--test" option === modified file 'mandos-ctl' (properties changed: -x to +x) --- mandos-ctl 2009-01-17 02:12:05 +0000 +++ mandos-ctl 2009-01-31 10:33:17 +0000 @@ -115,29 +115,32 @@ parser.add_option("-a", "--all", action="store_true", help="Print all fields") parser.add_option("-e", "--enable", action="store_true", - help="Enable specified client") + help="Enable client") parser.add_option("-d", "--disable", action="store_true", - help="disable specified client") + help="disable client") parser.add_option("-b", "--bump-timeout", action="store_true", - help="Bump timeout of specified client") + help="Bump timeout for client") parser.add_option("--start-checker", action="store_true", - help="Start checker for specified client") + help="Start checker for client") parser.add_option("--stop-checker", action="store_true", - help="Stop checker for specified client") -parser.add_option("-v", "--is-valid", action="store_true", - help="Stop checker for specified client") + help="Stop checker for client") +parser.add_option("-V", "--is-valid", action="store_true", + help="Check if client is still valid") +parser.add_option("-r", "--remove", action="store_true", + help="Remove client") parser.add_option("-c", "--checker", type="string", - help="Set checker command for specified client") + help="Set checker command for client") parser.add_option("-t", "--timeout", type="string", - help="Set timeout for specified client") + help="Set timeout for client") parser.add_option("-i", "--interval", type="string", - help="Set checker interval for specified client") + help="Set checker interval for client") parser.add_option("-H", "--host", type="string", - help="Set host for specified client") + help="Set host for client") parser.add_option("-s", "--secret", type="string", - help="Set password blob (file) for specified client") + help="Set password blob (file) for client") options, client_names = parser.parse_args() +# Compile list of clients to process clients=[] for name in client_names: for path, client in mandos_clients.iteritems(): @@ -151,15 +154,18 @@ print >> sys.stderr, "Client not found on server: %r" % name sys.exit(1) -if not clients: +if not clients and mandos_clients.values(): keywords = defaultkeywords if options.all: keywords = ('name', 'enabled', 'timeout', 'last_checked_ok', 'created', 'interval', 'host', 'fingerprint', 'checker_running', 'last_enabled', 'checker') print_clients(mandos_clients.values()) - + +# Process each client in the list by all selected options for client in clients: + if options.remove: + mandos_serv.RemoveClient(client.__dbus_object_path__) if options.enable: client.Enable() if options.disable: === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2009-01-29 22:22:32 +0000 +++ plugins.d/mandos-client.c 2009-01-31 10:33:17 +0000 @@ -61,7 +61,7 @@ #include /* PRIu16, intmax_t, SCNdMAX */ #include /* assert() */ #include /* perror(), errno */ -#include /* time() */ +#include /* nanosleep(), time() */ #include /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS, if_indextoname(), if_nametoindex(), IF_NAMESIZE */ @@ -75,6 +75,7 @@ argp_state, struct argp, argp_parse(), ARGP_KEY_ARG, ARGP_KEY_END, ARGP_ERR_UNKNOWN */ +#include /* klogctl() */ /* Avahi */ /* All Avahi types, constants and functions @@ -842,6 +843,7 @@ ":!CTYPE-X.509:+CTYPE-OPENPGP" }; bool gnutls_initialized = false; bool gpgme_initialized = false; + double delay = 2.5; { struct argp_option options[] = { @@ -873,6 +875,10 @@ .arg = "STRING", .doc = "GnuTLS priority string for the TLS handshake", .group = 1 }, + { .name = "delay", .key = 131, + .arg = "SECONDS", + .doc = "Maximum delay to wait for interface startup", + .group = 2 }, { .name = NULL } }; @@ -906,6 +912,13 @@ case 130: /* --priority */ mc.priority = arg; break; + case 131: /* --delay */ + ret = sscanf(arg, "%lf%n", &delay, &numchars); + if(ret < 1 or arg[numchars] != '\0'){ + fprintf(stderr, "Bad delay\n"); + exit(EXIT_FAILURE); + } + break; case ARGP_KEY_ARG: argp_usage(state); case ARGP_KEY_END: @@ -930,16 +943,31 @@ /* If the interface is down, bring it up */ { + /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO + messages to mess up the prompt */ + ret = klogctl(8, NULL, 5); + if(ret == -1){ + perror("klogctl"); + } + sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); if(sd < 0) { perror("socket"); exitcode = EXIT_FAILURE; + ret = klogctl(7, NULL, 0); + if(ret == -1){ + perror("klogctl"); + } goto end; } strcpy(network.ifr_name, interface); ret = ioctl(sd, SIOCGIFFLAGS, &network); if(ret == -1){ perror("ioctl SIOCGIFFLAGS"); + ret = klogctl(7, NULL, 0); + if(ret == -1){ + perror("klogctl"); + } exitcode = EXIT_FAILURE; goto end; } @@ -949,13 +977,33 @@ if(ret == -1){ perror("ioctl SIOCSIFFLAGS"); exitcode = EXIT_FAILURE; + ret = klogctl(7, NULL, 0); + if(ret == -1){ + perror("klogctl"); + } goto end; } } + /* sleep checking until interface is running */ + for(int i=0; i < delay * 4; i++){ + ret = ioctl(sd, SIOCGIFFLAGS, &network); + if(ret == -1){ + perror("ioctl SIOCGIFFLAGS"); + } else if(network.ifr_flags & IFF_RUNNING){ + break; + } + struct timespec sleeptime = { .tv_nsec = 250000000 }; + nanosleep(&sleeptime, NULL); + } ret = (int)TEMP_FAILURE_RETRY(close(sd)); if(ret == -1){ perror("close"); } + /* Restores kernel loglevel to default */ + ret = klogctl(7, NULL, 0); + if(ret == -1){ + perror("klogctl"); + } } uid = getuid(); @@ -1089,7 +1137,7 @@ if(debug){ fprintf(stderr, "Starting Avahi loop search\n"); } - + avahi_simple_poll_loop(mc.simple_poll); end: === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2009-01-24 15:26:43 +0000 +++ plugins.d/mandos-client.xml 2009-01-31 10:33:17 +0000 @@ -93,6 +93,10 @@ + + + + @@ -265,6 +269,22 @@ + + + + + + After bringing the network interface up, the program waits + for the interface to arrive in a running + state before proceeding. During this time, the kernel log + level will be lowered to reduce clutter on the system + console, alleviating any other plugins which might be + using the system console. This option sets the upper + limit of seconds to wait. The default is 2.5 seconds. + + + === modified file 'plugins.d/password-prompt.c' --- plugins.d/password-prompt.c 2009-01-13 04:35:19 +0000 +++ plugins.d/password-prompt.c 2009-01-17 12:12:26 +0000 @@ -194,7 +194,7 @@ const char *cryptsource = getenv("cryptsource"); const char *crypttarget = getenv("crypttarget"); const char *const prompt - = "Enter passphrase to unlock the disk"; + = "Enter passphrase to unlock the disk"; if(cryptsource == NULL){ if(crypttarget == NULL){ fprintf(stderr, "%s: ", prompt);