/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: teddy at recompile
  • Date: 2020-12-03 20:30:45 UTC
  • Revision ID: teddy@recompile.se-20201203203045-iqd6nq9y5nwalh1x
Minor fix of a test function

In dracut-module/password-agent, the test function
test_send_password_to_socket_EMSGSIZE() (which tests that the
send_password_to_socket() task function aborts properly when getting
EMSGSIZE when writing to the password socket), part of the test code
is supposed to find a message size which definitely does trigger
EMSGSIZE when send()ing to a socket.  Without a "break" in the proper
place, however, the size given is always exactly 1024 bytes too large.

This is very probably not a problem, since a too large message will
still be too large if it is increased by 1024 bytes, and send(2) in
practice checks the size before reading the buffer.  The biggest issue
would be if some version of send(2) would try to look at the last 1024
bytes of the message buffer before checking the message size; this
would then lead to a buffer over-read when running this test function.
(But even then there would be no security implications since the tests
are not run in the normal operation of the program.)

* dracut-module/password-agent.c
  (test_send_password_to_socket_EMSGSIZE): Break out early when ssret
  < 0 and errno == EMSGSIZE; don't allow loop to increase message_size
  again.

Show diffs side-by-side

added added

removed removed

Lines of Context:
43
43
LANGUAGE:=-std=gnu11
44
44
FEATURES:=-D_FILE_OFFSET_BITS=64
45
45
htmldir:=man
46
 
version:=1.8.9
 
46
version:=1.8.13
47
47
SED:=sed
48
48
PKG_CONFIG?=pkg-config
49
49
 
156
156
 
157
157
objects:=$(addsuffix .o,$(CPROGS))
158
158
 
 
159
.PHONY: all
159
160
all: $(PROGS) mandos.lsm
160
161
 
 
162
.PHONY: doc
161
163
doc: $(DOCS)
162
164
 
 
165
.PHONY: html
163
166
html: $(htmldocs)
164
167
 
165
168
%.5: %.xml common.ent legalnotice.xml
282
285
                $@)
283
286
 
284
287
# Need to add the GnuTLS, Avahi and GPGME libraries
285
 
plugins.d/mandos-client: plugins.d/mandos-client.c
286
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
287
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
288
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
289
 
                ) $(LDLIBS) -o $@
 
288
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
 
289
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
290
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
 
291
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
290
292
 
291
293
# Need to add the libnl-route library
292
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
293
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
294
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
294
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
 
295
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
295
296
 
296
297
# Need to add the GLib and pthread libraries
297
 
dracut-module/password-agent: dracut-module/password-agent.c
298
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
299
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
300
 
 
301
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
302
 
        check run-client run-server install install-html \
303
 
        install-server install-client-nokey install-client uninstall \
304
 
        uninstall-server uninstall-client purge purge-server \
305
 
        purge-client
306
 
 
 
298
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
299
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
 
300
 
 
301
.PHONY: clean
307
302
clean:
308
303
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
309
304
 
 
305
.PHONY: distclean
310
306
distclean: clean
 
307
.PHONY: mostlyclean
311
308
mostlyclean: clean
 
309
.PHONY: maintainer-clean
312
310
maintainer-clean: clean
313
311
        -rm --force --recursive keydir confdir statedir
314
312
 
 
313
.PHONY: check
315
314
check: all
316
315
        ./mandos --check
317
316
        ./mandos-ctl --check
321
320
        ./dracut-module/password-agent --test
322
321
 
323
322
# Run the client with a local config and key
 
323
.PHONY: run-client
324
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
325
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
326
        @echo '######################################################'
354
354
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
355
        install --directory keydir
356
356
        ./mandos-keygen --dir keydir --force
 
357
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
358
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
359
        fi
 
360
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
361
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
362
        fi
357
363
 
358
364
# Run the server with a local config
 
365
.PHONY: run-server
359
366
run-server: confdir/mandos.conf confdir/clients.conf statedir
360
367
        ./mandos --debug --no-dbus --configdir=confdir \
361
368
                --statedir=statedir $(SERVERARGS)
372
379
statedir:
373
380
        install --directory statedir
374
381
 
 
382
.PHONY: install
375
383
install: install-server install-client-nokey
376
384
 
 
385
.PHONY: install-html
377
386
install-html: html
378
387
        install --directory $(htmldir)
379
388
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
380
389
                $(htmldocs)
381
390
 
 
391
.PHONY: install-server
382
392
install-server: doc
383
393
        install --directory $(CONFDIR)
384
394
        if install --directory --mode=u=rwx --owner=$(USER) \
431
441
        gzip --best --to-stdout intro.8mandos \
432
442
                > $(MANDIR)/man8/intro.8mandos.gz
433
443
 
 
444
.PHONY: install-client-nokey
434
445
install-client-nokey: all doc
435
446
        install --directory $(LIBDIR)/mandos $(CONFDIR)
436
447
        install --directory --mode=u=rwx $(KEYDIR) \
515
526
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
516
527
                > $(MANDIR)/man8/password-agent.8mandos.gz
517
528
 
 
529
.PHONY: install-client
518
530
install-client: install-client-nokey
519
531
# Post-installation stuff
520
532
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
530
542
        fi
531
543
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
532
544
 
 
545
.PHONY: uninstall
533
546
uninstall: uninstall-server uninstall-client
534
547
 
 
548
.PHONY: uninstall-server
535
549
uninstall-server:
536
550
        -rm --force $(PREFIX)/sbin/mandos \
537
551
                $(PREFIX)/sbin/mandos-ctl \
544
558
        update-rc.d -f mandos remove
545
559
        -rmdir $(CONFDIR)
546
560
 
 
561
.PHONY: uninstall-client
547
562
uninstall-client:
548
563
# Refuse to uninstall client if /etc/crypttab is explicitly configured
549
564
# to use it.
585
600
            done; \
586
601
        fi
587
602
 
 
603
.PHONY: purge
588
604
purge: purge-server purge-client
589
605
 
 
606
.PHONY: purge-server
590
607
purge-server: uninstall-server
591
608
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
592
609
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
597
614
                $(DESTDIR)/var/run/mandos.pid
598
615
        -rmdir $(CONFDIR)
599
616
 
 
617
.PHONY: purge-client
600
618
purge-client: uninstall-client
601
619
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
602
620
        -rm --force $(CONFDIR)/plugin-runner.conf \