To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.2.19
- compare with another revision
- download diff
- download tarball
- view history from revision 237.2.19
- Committer: Teddy Hogeborn
- Date: 2009-05-17 00:50:09 UTC
- mto: (24.1.170 mandos) (237.4.29 release)
- mto: This revision was merged to the branch mainline in revision 343.
- Revision ID: teddy@fukt.bsnet.se-20090517005009-c0iptxampo6nf177
* initramfs-tools-hook-conf: Security bug fix: Add code to handle
being called by "mkinitramfs-kpkg"
instead of "update-initramfs".
being called by "mkinitramfs-kpkg"
instead of "update-initramfs".
- files modified:
- INSTALL
added
removed
plugins.d/mandos-client.c
30
30
*/
31
31
32
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
33
34
#define _LARGEFILE_SOURCE
35
#endif
36
#ifndef _FILE_OFFSET_BITS
34
37
#define _FILE_OFFSET_BITS 64
38
#endif
35
39
36
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
41
38
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror(), sscanf(),
40
remove() */
43
stdout, ferror(), remove() */
41
44
#include <stdint.h> /* uint16_t, uint32_t */
42
45
#include <stddef.h> /* NULL, size_t, ssize_t */
43
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
44
srand() */
47
srand(), strtof() */
45
48
#include <stdbool.h> /* bool, false, true */
46
49
#include <string.h> /* memset(), strcmp(), strlen(),
47
50
strerror(), asprintf(), strcpy() */
56
59
#include <fcntl.h> /* open() */
57
60
#include <dirent.h> /* opendir(), struct dirent, readdir()
58
61
*/
59
#include <inttypes.h> /* PRIu16, intmax_t, SCNdMAX */
62
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
strtoimax() */
60
64
#include <assert.h> /* assert() */
61
65
#include <errno.h> /* perror(), errno */
62
66
#include <time.h> /* nanosleep(), time() */
75
79
argp_state, struct argp,
76
80
argp_parse(), ARGP_KEY_ARG,
77
81
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
78
#include <signal.h> /* sigemptyset(), sigaddset(), sigaction(), SIGTERM, sigaction */
82
#include <signal.h> /* sigemptyset(), sigaddset(),
83
sigaction(), SIGTERM, sigaction,
84
sig_atomic_t */
85
79
86
#ifdef __linux__
80
87
#include <sys/klog.h> /* klogctl() */
81
#endif
88
#endif /* __linux__ */
82
89
83
90
/* Avahi */
84
91
/* All Avahi types, constants and functions
131
138
} mandos_context;
132
139
133
140
/* global context so signal handler can reach it*/
134
mandos_context mc;
141
mandos_context mc = { .simple_poll = NULL, .server = NULL,
142
.dh_bits = 1024, .priority = "SECURE256"
143
":!CTYPE-X.509:+CTYPE-OPENPGP" };
135
144
136
145
/*
137
* Make additional room in "buffer" for at least BUFFER_SIZE
138
* additional bytes. "buffer_capacity" is how much is currently
139
* allocated, "buffer_length" is how much is already used.
146
* Make additional room in "buffer" for at least BUFFER_SIZE more
147
* bytes. "buffer_capacity" is how much is currently allocated,
148
* "buffer_length" is how much is already used.
140
149
*/
141
150
size_t incbuffer(char **buffer, size_t buffer_length,
142
151
size_t buffer_capacity){
196
205
}
197
206
198
207
if(debug){
199
fprintf(stderr, "Initialize gpgme\n");
208
fprintf(stderr, "Initializing GPGME\n");
200
209
}
201
210
202
211
/* Init GPGME */
786
795
AVAHI_GCC_UNUSED AvahiStringList *txt,
787
796
AVAHI_GCC_UNUSED AvahiLookupResultFlags
788
797
flags,
789
__attribute__((unused)) void* userdata){
798
AVAHI_GCC_UNUSED void* userdata){
790
799
assert(r);
791
800
792
801
/* Called whenever a service has been resolved successfully or
828
837
const char *domain,
829
838
AVAHI_GCC_UNUSED AvahiLookupResultFlags
830
839
flags,
831
__attribute__((unused)) void* userdata){
840
AVAHI_GCC_UNUSED void* userdata){
832
841
assert(b);
833
842
834
843
/* Called whenever a new services becomes available on the LAN or
849
858
the callback function is called the Avahi server will free the
850
859
resolver for us. */
851
860
852
if(!(avahi_s_service_resolver_new(mc.server, interface,
853
protocol, name, type, domain,
854
AVAHI_PROTO_INET6, 0,
855
resolve_callback, NULL)))
861
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
862
name, type, domain, protocol, 0,
863
resolve_callback, NULL) == NULL)
856
864
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
857
865
name, avahi_strerror(avahi_server_errno(mc.server)));
858
866
break;
869
877
}
870
878
}
871
879
880
sig_atomic_t quit_now = 0;
881
882
/* stop main loop after sigterm has been called */
872
883
static void handle_sigterm(__attribute__((unused)) int sig){
884
if(quit_now){
885
return;
886
}
887
quit_now = 1;
873
888
int old_errno = errno;
874
avahi_simple_poll_quit(mc.simple_poll);
889
if(mc.simple_poll != NULL){
890
avahi_simple_poll_quit(mc.simple_poll);
891
}
875
892
errno = old_errno;
876
893
}
877
894
880
897
int error;
881
898
int ret;
882
899
intmax_t tmpmax;
883
int numchars;
900
char *tmp;
884
901
int exitcode = EXIT_SUCCESS;
885
902
const char *interface = "eth0";
886
903
struct ifreq network;
896
913
897
914
bool gnutls_initialized = false;
898
915
bool gpgme_initialized = false;
899
double delay = 2.5;
900
916
float delay = 2.5f;
917
901
918
struct sigaction old_sigterm_action;
902
919
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
903
904
/* Initialize mandos context */
905
mc = (mandos_context){ .simple_poll = NULL, .server = NULL,
906
.dh_bits = 1024, .priority = "SECURE256"
907
":!CTYPE-X.509:+CTYPE-OPENPGP" };
908
920
909
921
{
910
922
struct argp_option options[] = {
962
974
pubkey = arg;
963
975
break;
964
976
case 129: /* --dh-bits */
965
ret = sscanf(arg, "%" SCNdMAX "%n", &tmpmax, &numchars);
966
if(ret < 1 or tmpmax != (typeof(mc.dh_bits))tmpmax
967
or arg[numchars] != '\0'){
977
errno = 0;
978
tmpmax = strtoimax(arg, &tmp, 10);
979
if(errno != 0 or tmp == arg or *tmp != '\0'
980
or tmpmax != (typeof(mc.dh_bits))tmpmax){
968
981
fprintf(stderr, "Bad number of DH bits\n");
969
982
exit(EXIT_FAILURE);
970
983
}
974
987
mc.priority = arg;
975
988
break;
976
989
case 131: /* --delay */
977
ret = sscanf(arg, "%lf%n", &delay, &numchars);
978
if(ret < 1 or arg[numchars] != '\0'){
990
errno = 0;
991
delay = strtof(arg, &tmp);
992
if(errno != 0 or tmp == arg or *tmp != '\0'){
979
993
fprintf(stderr, "Bad delay\n");
980
994
exit(EXIT_FAILURE);
981
995
}
1002
1016
}
1003
1017
}
1004
1018
1019
if(not debug){
1020
avahi_set_log_function(empty_log);
1021
}
1022
1023
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
1024
from the signal handler */
1025
/* Initialize the pseudo-RNG for Avahi */
1026
srand((unsigned int) time(NULL));
1027
mc.simple_poll = avahi_simple_poll_new();
1028
if(mc.simple_poll == NULL){
1029
fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1030
exitcode = EXIT_FAILURE;
1031
goto end;
1032
}
1033
1034
sigemptyset(&sigterm_action.sa_mask);
1035
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1036
if(ret == -1){
1037
perror("sigaddset");
1038
exitcode = EXIT_FAILURE;
1039
goto end;
1040
}
1041
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1042
if(ret == -1){
1043
perror("sigaddset");
1044
exitcode = EXIT_FAILURE;
1045
goto end;
1046
}
1047
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1048
if(ret == -1){
1049
perror("sigaddset");
1050
exitcode = EXIT_FAILURE;
1051
goto end;
1052
}
1053
ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);
1054
if(ret == -1){
1055
perror("sigaction");
1056
exitcode = EXIT_FAILURE;
1057
goto end;
1058
}
1059
1005
1060
/* If the interface is down, bring it up */
1006
1061
if(interface[0] != '\0'){
1007
1062
#ifdef __linux__
1013
1068
restore_loglevel = false;
1014
1069
perror("klogctl");
1015
1070
}
1016
#endif
1071
#endif /* __linux__ */
1017
1072
1018
1073
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1019
1074
if(sd < 0){
1026
1081
perror("klogctl");
1027
1082
}
1028
1083
}
1029
#endif
1084
#endif /* __linux__ */
1030
1085
goto end;
1031
1086
}
1032
1087
strcpy(network.ifr_name, interface);
1040
1095
perror("klogctl");
1041
1096
}
1042
1097
}
1043
#endif
1098
#endif /* __linux__ */
1044
1099
exitcode = EXIT_FAILURE;
1045
1100
goto end;
1046
1101
}
1057
1112
perror("klogctl");
1058
1113
}
1059
1114
}
1060
#endif
1115
#endif /* __linux__ */
1061
1116
goto end;
1062
1117
}
1063
1118
}
1087
1142
perror("klogctl");
1088
1143
}
1089
1144
}
1090
#endif
1145
#endif /* __linux__ */
1091
1146
}
1092
1147
1093
1148
uid = getuid();
1146
1201
goto end;
1147
1202
}
1148
1203
uint16_t port;
1149
ret = sscanf(address+1, "%" SCNdMAX "%n", &tmpmax, &numchars);
1150
if(ret < 1 or tmpmax != (uint16_t)tmpmax
1151
or address[numchars+1] != '\0'){
1204
errno = 0;
1205
tmpmax = strtoimax(address+1, &tmp, 10);
1206
if(errno != 0 or tmp == address+1 or *tmp != '\0'
1207
or tmpmax != (uint16_t)tmpmax){
1152
1208
fprintf(stderr, "Bad port number\n");
1153
1209
exitcode = EXIT_FAILURE;
1154
1210
goto end;
1163
1219
} else {
1164
1220
af = AF_INET;
1165
1221
}
1166
ret = start_mandos_communication(address, port, if_index,
1167
af);
1222
ret = start_mandos_communication(address, port, if_index, af);
1168
1223
if(ret < 0){
1169
1224
exitcode = EXIT_FAILURE;
1170
1225
} else {
1172
1227
}
1173
1228
goto end;
1174
1229
}
1175
1176
if(not debug){
1177
avahi_set_log_function(empty_log);
1178
}
1179
1180
/* Initialize the pseudo-RNG for Avahi */
1181
srand((unsigned int) time(NULL));
1182
1183
/* Allocate main Avahi loop object */
1184
mc.simple_poll = avahi_simple_poll_new();
1185
if(mc.simple_poll == NULL){
1186
fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1187
exitcode = EXIT_FAILURE;
1188
goto end;
1189
}
1190
1230
1191
1231
{
1192
1232
AvahiServerConfig config;
1193
1233
/* Do not publish any local Zeroconf records */
1216
1256
1217
1257
/* Create the Avahi service browser */
1218
1258
sb = avahi_s_service_browser_new(mc.server, if_index,
1219
AVAHI_PROTO_INET6, "_mandos._tcp",
1259
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
1220
1260
NULL, 0, browse_callback, NULL);
1221
1261
if(sb == NULL){
1222
1262
fprintf(stderr, "Failed to create service browser: %s\n",
1224
1264
exitcode = EXIT_FAILURE;
1225
1265
goto end;
1226
1266
}
1227
1228
sigemptyset(&sigterm_action.sa_mask);
1229
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1230
if(ret == -1){
1231
perror("sigaddset");
1232
exitcode = EXIT_FAILURE;
1233
goto end;
1234
}
1235
ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);
1236
if(ret == -1){
1237
perror("sigaction");
1238
exitcode = EXIT_FAILURE;
1239
goto end;
1240
}
1241
1267
1242
1268
/* Run the main loop */
1243
1269
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0