/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: teddy at recompile
  • Date: 2020-12-03 20:30:45 UTC
  • Revision ID: teddy@recompile.se-20201203203045-iqd6nq9y5nwalh1x
Minor fix of a test function

In dracut-module/password-agent, the test function
test_send_password_to_socket_EMSGSIZE() (which tests that the
send_password_to_socket() task function aborts properly when getting
EMSGSIZE when writing to the password socket), part of the test code
is supposed to find a message size which definitely does trigger
EMSGSIZE when send()ing to a socket.  Without a "break" in the proper
place, however, the size given is always exactly 1024 bytes too large.

This is very probably not a problem, since a too large message will
still be too large if it is increased by 1024 bytes, and send(2) in
practice checks the size before reading the buffer.  The biggest issue
would be if some version of send(2) would try to look at the last 1024
bytes of the message buffer before checking the message size; this
would then lead to a buffer over-read when running this test function.
(But even then there would be no security implications since the tests
are not run in the normal operation of the program.)

* dracut-module/password-agent.c
  (test_send_password_to_socket_EMSGSIZE): Break out early when ssret
  < 0 and errno == EMSGSIZE; don't allow loop to increase message_size
  again.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
43
43
LANGUAGE:=-std=gnu11
44
44
FEATURES:=-D_FILE_OFFSET_BITS=64
45
45
htmldir:=man
46
 
version:=1.8.7
 
46
version:=1.8.13
47
47
SED:=sed
48
48
PKG_CONFIG?=pkg-config
49
49
 
89
89
                        --variable=systemdsystemunitdir)
90
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
91
                        --variable=tmpfilesdir)
 
92
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
93
                        --variable=sysusersdir)
92
94
 
93
95
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
94
96
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
154
156
 
155
157
objects:=$(addsuffix .o,$(CPROGS))
156
158
 
 
159
.PHONY: all
157
160
all: $(PROGS) mandos.lsm
158
161
 
 
162
.PHONY: doc
159
163
doc: $(DOCS)
160
164
 
 
165
.PHONY: html
161
166
html: $(htmldocs)
162
167
 
163
168
%.5: %.xml common.ent legalnotice.xml
280
285
                $@)
281
286
 
282
287
# Need to add the GnuTLS, Avahi and GPGME libraries
283
 
plugins.d/mandos-client: plugins.d/mandos-client.c
284
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
285
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
286
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
287
 
                ) $(LDLIBS) -o $@
 
288
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
 
289
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
290
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
 
291
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
288
292
 
289
293
# Need to add the libnl-route library
290
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
291
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
292
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
294
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
 
295
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
293
296
 
294
297
# Need to add the GLib and pthread libraries
295
 
dracut-module/password-agent: dracut-module/password-agent.c
296
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
297
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
298
 
 
299
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
300
 
        check run-client run-server install install-html \
301
 
        install-server install-client-nokey install-client uninstall \
302
 
        uninstall-server uninstall-client purge purge-server \
303
 
        purge-client
304
 
 
 
298
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
299
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
 
300
 
 
301
.PHONY: clean
305
302
clean:
306
303
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
307
304
 
 
305
.PHONY: distclean
308
306
distclean: clean
 
307
.PHONY: mostlyclean
309
308
mostlyclean: clean
 
309
.PHONY: maintainer-clean
310
310
maintainer-clean: clean
311
311
        -rm --force --recursive keydir confdir statedir
312
312
 
 
313
.PHONY: check
313
314
check: all
314
315
        ./mandos --check
315
316
        ./mandos-ctl --check
319
320
        ./dracut-module/password-agent --test
320
321
 
321
322
# Run the client with a local config and key
 
323
.PHONY: run-client
322
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
323
325
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
324
326
        @echo '######################################################'
352
354
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
353
355
        install --directory keydir
354
356
        ./mandos-keygen --dir keydir --force
 
357
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
358
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
359
        fi
 
360
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
361
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
362
        fi
355
363
 
356
364
# Run the server with a local config
 
365
.PHONY: run-server
357
366
run-server: confdir/mandos.conf confdir/clients.conf statedir
358
367
        ./mandos --debug --no-dbus --configdir=confdir \
359
368
                --statedir=statedir $(SERVERARGS)
370
379
statedir:
371
380
        install --directory statedir
372
381
 
 
382
.PHONY: install
373
383
install: install-server install-client-nokey
374
384
 
 
385
.PHONY: install-html
375
386
install-html: html
376
387
        install --directory $(htmldir)
377
388
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
378
389
                $(htmldocs)
379
390
 
 
391
.PHONY: install-server
380
392
install-server: doc
381
393
        install --directory $(CONFDIR)
382
394
        if install --directory --mode=u=rwx --owner=$(USER) \
390
402
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
391
403
                        $(TMPFILES)/mandos.conf; \
392
404
        fi
 
405
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
406
                        -a -d "$(SYSUSERS)" ]; then \
 
407
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
408
                        $(SYSUSERS)/mandos.conf; \
 
409
        fi
393
410
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
394
411
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
395
412
                mandos-ctl
424
441
        gzip --best --to-stdout intro.8mandos \
425
442
                > $(MANDIR)/man8/intro.8mandos.gz
426
443
 
 
444
.PHONY: install-client-nokey
427
445
install-client-nokey: all doc
428
446
        install --directory $(LIBDIR)/mandos $(CONFDIR)
429
447
        install --directory --mode=u=rwx $(KEYDIR) \
430
448
                $(LIBDIR)/mandos/plugins.d \
431
449
                $(LIBDIR)/mandos/plugin-helpers
 
450
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
451
                        -a -d "$(SYSUSERS)" ]; then \
 
452
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
453
                        $(SYSUSERS)/mandos-client.conf; \
 
454
        fi
432
455
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
433
456
                install --mode=u=rwx \
434
457
                        --directory "$(CONFDIR)/plugins.d" \
503
526
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
504
527
                > $(MANDIR)/man8/password-agent.8mandos.gz
505
528
 
 
529
.PHONY: install-client
506
530
install-client: install-client-nokey
507
531
# Post-installation stuff
508
532
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
518
542
        fi
519
543
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
520
544
 
 
545
.PHONY: uninstall
521
546
uninstall: uninstall-server uninstall-client
522
547
 
 
548
.PHONY: uninstall-server
523
549
uninstall-server:
524
550
        -rm --force $(PREFIX)/sbin/mandos \
525
551
                $(PREFIX)/sbin/mandos-ctl \
532
558
        update-rc.d -f mandos remove
533
559
        -rmdir $(CONFDIR)
534
560
 
 
561
.PHONY: uninstall-client
535
562
uninstall-client:
536
563
# Refuse to uninstall client if /etc/crypttab is explicitly configured
537
564
# to use it.
573
600
            done; \
574
601
        fi
575
602
 
 
603
.PHONY: purge
576
604
purge: purge-server purge-client
577
605
 
 
606
.PHONY: purge-server
578
607
purge-server: uninstall-server
579
608
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
580
609
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
585
614
                $(DESTDIR)/var/run/mandos.pid
586
615
        -rmdir $(CONFDIR)
587
616
 
 
617
.PHONY: purge-client
588
618
purge-client: uninstall-client
589
619
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
590
620
        -rm --force $(CONFDIR)/plugin-runner.conf \