=== modified file 'Makefile' --- Makefile 2011-03-08 19:41:59 +0000 +++ Makefile 2011-07-13 01:11:12 +0000 @@ -210,8 +210,8 @@ $@) plugins.d/mandos-client: plugins.d/mandos-client.c - $(LINK.c) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) $(strip\ - ) $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@ + $(LINK.c) $^ $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\ + ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@ .PHONY : all doc html clean distclean run-client run-server install \ install-server install-client uninstall uninstall-server \ === modified file 'TODO' --- TODO 2010-11-16 17:58:49 +0000 +++ TODO 2011-07-13 01:11:12 +0000 @@ -4,6 +4,8 @@ * mandos-applet +* Convert README into intro(8mandos) man page + * mandos-client ** TODO [#B] use scandir(3) instead of readdir(3) ** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name @@ -12,6 +14,10 @@ *** A TCP timeout ** TODO [#B] Use capabilities instead of seteuid(). ** TODO [#A] Retry --connect forever +** TODO [#B] Use struct sockaddr_storage instead of a union +** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton() +** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop() +** TODO [#B] Accept [] around IPv6 address in --connect option; see [[http://tools.ietf.org/html/rfc5952][RFC 5952 - A Recommendation for IPv6 Address Text Representation]] * splashy ** TODO [#B] use scandir(3) instead of readdir(3) @@ -30,6 +36,10 @@ * password-prompt ** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name ** TODO [#B] lock stdin (with flock()?) +** TODO [#A] Free direntries after scandir() + +* plymouth +** TODO [#A] Free direntries after scandir() * TODO [#B] passdev @@ -85,6 +95,7 @@ ** TODO [#B] break the wait on approval_delay if connection dies ** TODO Generate Client.runtime_expansions from client options + extra ** TODO Allow %%(checker)s as a runtime expansion +** TODO Use python-tlslite? * mandos.xml ** Add mandos contact info in manual pages === modified file 'initramfs-tools-script' --- initramfs-tools-script 2009-09-16 23:28:39 +0000 +++ initramfs-tools-script 2011-07-13 01:11:12 +0000 @@ -149,3 +149,24 @@ else rm /conf/conf.d/cryptroot.mandos fi + +## Work around Debian bug #633582: +# First determine the mandos user and group ID +mandos_user="65534" +mandos_group="65534" +while read line; do + line="${line%%#*}" + TEMP=`getopt --quiet --longoptions userid:,groupid: -- $line` + eval set -- "$TEMP" + while true; do + case "$1" in + --userid) mandos_user="$2"; shift 2;; + --groupid) mandos_group="$2"; shift 2;; + --) shift; break;; + esac + done +done < /conf/conf.d/mandos/plugin-runner.conf +chown "${mandos_user}:${mandos_group}" \ + /lib/mandos/plugins.d \ + /conf/conf.d/mandos/pubkey.txt \ + /conf/conf.d/mandos/seckey.txt === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2011-03-21 19:34:39 +0000 +++ plugins.d/mandos-client.c 2011-07-13 01:11:12 +0000 @@ -73,7 +73,7 @@ #include /* close(), SEEK_SET, off_t, write(), getuid(), getgid(), seteuid(), setgid(), pause() */ -#include /* inet_pton(), htons */ +#include /* inet_pton(), htons, inet_ntop() */ #include /* not, or, and */ #include /* struct argp_option, error_t, struct argp_state, struct argp, @@ -423,12 +423,9 @@ } /* OpenPGP credentials */ - gnutls_certificate_allocate_credentials(&mc.cred); + ret = gnutls_certificate_allocate_credentials(&mc.cred); if(ret != GNUTLS_E_SUCCESS){ - fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning - from - -Wunreachable-code - */ + fprintf(stderr, "GnuTLS memory error: %s\n", safer_gnutls_strerror(ret)); gnutls_global_deinit(); return -1; @@ -1050,7 +1047,7 @@ free(flagname); typedef short ifreq_flags; /* ifreq.ifr_flags in netdevice(7) */ /* read line from flags_fd */ - ssize_t to_read = (sizeof(ifreq_flags)*2)+3; /* "0x1003\n" */ + ssize_t to_read = 2+(sizeof(ifreq_flags)*2)+1; /* "0x1003\n" */ char *flagstring = malloc((size_t)to_read+1); /* +1 for final \0 */ flagstring[(size_t)to_read] = '\0'; if(flagstring == NULL){