To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 24.1.131
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.131
- Committer: Björn Påhlsson
- Date: 2009-02-06 01:15:52 UTC
- mfrom: (299 mandos)
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 306.
- Revision ID: belorn@braxen-20090206011552-p07z71hj60jm7ncl
merge
added
removed
plugins.d/mandos-client.c
42
42
#include <stddef.h> /* NULL, size_t, ssize_t */
43
43
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
44
44
srand() */
45
#include <stdbool.h> /* bool, false, true */
45
#include <stdbool.h> /* bool, true */
46
46
#include <string.h> /* memset(), strcmp(), strlen(),
47
47
strerror(), asprintf(), strcpy() */
48
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/ioctl.h> /* ioctl */
49
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, uid_t, gid_t, open(),
52
opendir(), DIR */
51
SOCK_STREAM, INET6_ADDRSTRLEN,
52
uid_t, gid_t, open(), opendir(),
53
DIR */
53
54
#include <sys/stat.h> /* open() */
54
55
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
inet_pton(), connect() */
56
struct in6_addr, inet_pton(),
57
connect() */
56
58
#include <fcntl.h> /* open() */
57
59
#include <dirent.h> /* opendir(), struct dirent, readdir()
58
60
*/
63
65
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
64
66
SIOCSIFFLAGS, if_indextoname(),
65
67
if_nametoindex(), IF_NAMESIZE */
66
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
67
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
68
*/
68
#include <netinet/in.h>
69
69
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
70
70
getuid(), getgid(), setuid(),
71
71
setgid() */
72
72
#include <arpa/inet.h> /* inet_pton(), htons */
73
#include <iso646.h> /* not, or, and */
73
#include <iso646.h> /* not, and, or */
74
74
#include <argp.h> /* struct argp_option, error_t, struct
75
75
argp_state, struct argp,
76
76
argp_parse(), ARGP_KEY_ARG,
77
77
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
78
#include <signal.h> /* sigemptyset(), sigaddset(),
79
sigaction(), SIGTERM, sigaction,
80
sig_atomic_t */
81
82
78
#ifdef __linux__
83
79
#include <sys/klog.h> /* klogctl() */
84
#endif /* __linux__ */
80
#endif
85
81
86
82
/* Avahi */
87
83
/* All Avahi types, constants and functions
133
129
gpgme_ctx_t ctx;
134
130
} mandos_context;
135
131
136
/* global context so signal handler can reach it*/
137
mandos_context mc;
138
139
132
/*
140
* Make additional room in "buffer" for at least BUFFER_SIZE more
141
* bytes. "buffer_capacity" is how much is currently allocated,
133
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
134
* "buffer_capacity" is how much is currently allocated,
142
135
* "buffer_length" is how much is already used.
143
136
*/
144
size_t incbuffer(char **buffer, size_t buffer_length,
137
size_t adjustbuffer(char **buffer, size_t buffer_length,
145
138
size_t buffer_capacity){
146
139
if(buffer_length + BUFFER_SIZE > buffer_capacity){
147
140
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
156
149
/*
157
150
* Initialize GPGME.
158
151
*/
159
static bool init_gpgme(const char *seckey,
152
static bool init_gpgme(mandos_context *mc, const char *seckey,
160
153
const char *pubkey, const char *tempdir){
161
154
int ret;
162
155
gpgme_error_t rc;
183
176
return false;
184
177
}
185
178
186
rc = gpgme_op_import(mc.ctx, pgp_data);
179
rc = gpgme_op_import(mc->ctx, pgp_data);
187
180
if(rc != GPG_ERR_NO_ERROR){
188
181
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
189
182
gpgme_strsource(rc), gpgme_strerror(rc));
199
192
}
200
193
201
194
if(debug){
202
fprintf(stderr, "Initializing GPGME\n");
195
fprintf(stderr, "Initialize gpgme\n");
203
196
}
204
197
205
198
/* Init GPGME */
232
225
}
233
226
234
227
/* Create new GPGME "context" */
235
rc = gpgme_new(&(mc.ctx));
228
rc = gpgme_new(&(mc->ctx));
236
229
if(rc != GPG_ERR_NO_ERROR){
237
230
fprintf(stderr, "bad gpgme_new: %s: %s\n",
238
231
gpgme_strsource(rc), gpgme_strerror(rc));
250
243
* Decrypt OpenPGP data.
251
244
* Returns -1 on error
252
245
*/
253
static ssize_t pgp_packet_decrypt(const char *cryptotext,
246
static ssize_t pgp_packet_decrypt(const mandos_context *mc,
247
const char *cryptotext,
254
248
size_t crypto_size,
255
249
char **plaintext){
256
250
gpgme_data_t dh_crypto, dh_plain;
283
277
284
278
/* Decrypt data from the cryptotext data buffer to the plaintext
285
279
data buffer */
286
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
280
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
287
281
if(rc != GPG_ERR_NO_ERROR){
288
282
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
289
283
gpgme_strsource(rc), gpgme_strerror(rc));
290
284
plaintext_length = -1;
291
285
if(debug){
292
286
gpgme_decrypt_result_t result;
293
result = gpgme_op_decrypt_result(mc.ctx);
287
result = gpgme_op_decrypt_result(mc->ctx);
294
288
if(result == NULL){
295
289
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
296
290
} else {
332
326
333
327
*plaintext = NULL;
334
328
while(true){
335
plaintext_capacity = incbuffer(plaintext,
329
plaintext_capacity = adjustbuffer(plaintext,
336
330
(size_t)plaintext_length,
337
331
plaintext_capacity);
338
332
if(plaintext_capacity == 0){
339
perror("incbuffer");
333
perror("adjustbuffer");
340
334
plaintext_length = -1;
341
335
goto decrypt_end;
342
336
}
388
382
fprintf(stderr, "GnuTLS: %s", string);
389
383
}
390
384
391
static int init_gnutls_global(const char *pubkeyfilename,
385
static int init_gnutls_global(mandos_context *mc,
386
const char *pubkeyfilename,
392
387
const char *seckeyfilename){
393
388
int ret;
394
389
412
407
}
413
408
414
409
/* OpenPGP credentials */
415
gnutls_certificate_allocate_credentials(&mc.cred);
410
gnutls_certificate_allocate_credentials(&mc->cred);
416
411
if(ret != GNUTLS_E_SUCCESS){
417
412
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
418
from
419
-Wunreachable-code
420
*/
413
* from
414
* -Wunreachable-code
415
*/
421
416
safer_gnutls_strerror(ret));
422
417
gnutls_global_deinit();
423
418
return -1;
430
425
}
431
426
432
427
ret = gnutls_certificate_set_openpgp_key_file
433
(mc.cred, pubkeyfilename, seckeyfilename,
428
(mc->cred, pubkeyfilename, seckeyfilename,
434
429
GNUTLS_OPENPGP_FMT_BASE64);
435
430
if(ret != GNUTLS_E_SUCCESS){
436
431
fprintf(stderr,
442
437
}
443
438
444
439
/* GnuTLS server initialization */
445
ret = gnutls_dh_params_init(&mc.dh_params);
440
ret = gnutls_dh_params_init(&mc->dh_params);
446
441
if(ret != GNUTLS_E_SUCCESS){
447
442
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
448
443
" %s\n", safer_gnutls_strerror(ret));
449
444
goto globalfail;
450
445
}
451
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
446
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
452
447
if(ret != GNUTLS_E_SUCCESS){
453
448
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
454
449
safer_gnutls_strerror(ret));
455
450
goto globalfail;
456
451
}
457
452
458
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
453
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
459
454
460
455
return 0;
461
456
462
457
globalfail:
463
458
464
gnutls_certificate_free_credentials(mc.cred);
459
gnutls_certificate_free_credentials(mc->cred);
465
460
gnutls_global_deinit();
466
gnutls_dh_params_deinit(mc.dh_params);
461
gnutls_dh_params_deinit(mc->dh_params);
467
462
return -1;
468
463
}
469
464
470
static int init_gnutls_session(gnutls_session_t *session){
465
static int init_gnutls_session(mandos_context *mc,
466
gnutls_session_t *session){
471
467
int ret;
472
468
/* GnuTLS session creation */
473
469
ret = gnutls_init(session, GNUTLS_SERVER);
478
474
479
475
{
480
476
const char *err;
481
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
477
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
482
478
if(ret != GNUTLS_E_SUCCESS){
483
479
fprintf(stderr, "Syntax error at: %s\n", err);
484
480
fprintf(stderr, "GnuTLS error: %s\n",
489
485
}
490
486
491
487
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
492
mc.cred);
488
mc->cred);
493
489
if(ret != GNUTLS_E_SUCCESS){
494
490
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
495
491
safer_gnutls_strerror(ret));
501
497
gnutls_certificate_server_set_request(*session,
502
498
GNUTLS_CERT_IGNORE);
503
499
504
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
500
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
505
501
506
502
return 0;
507
503
}
513
509
/* Called when a Mandos server is found */
514
510
static int start_mandos_communication(const char *ip, uint16_t port,
515
511
AvahiIfIndex if_index,
516
int af){
512
mandos_context *mc){
517
513
int ret, tcp_sd;
518
514
ssize_t sret;
519
union {
520
struct sockaddr_in in;
521
struct sockaddr_in6 in6;
522
} to;
515
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
523
516
char *buffer = NULL;
524
517
char *decrypted_buffer;
525
518
size_t buffer_length = 0;
527
520
ssize_t decrypted_buffer_size;
528
521
size_t written;
529
522
int retval = 0;
523
char interface[IF_NAMESIZE];
530
524
gnutls_session_t session;
531
int pf; /* Protocol family */
532
533
switch(af){
534
case AF_INET6:
535
pf = PF_INET6;
536
break;
537
case AF_INET:
538
pf = PF_INET;
539
break;
540
default:
541
fprintf(stderr, "Bad address family: %d\n", af);
542
return -1;
543
}
544
545
ret = init_gnutls_session(&session);
525
526
ret = init_gnutls_session(mc, &session);
546
527
if(ret != 0){
547
528
return -1;
548
529
}
549
530
550
531
if(debug){
551
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
532
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
552
533
"\n", ip, port);
553
534
}
554
535
555
tcp_sd = socket(pf, SOCK_STREAM, 0);
536
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
556
537
if(tcp_sd < 0){
557
538
perror("socket");
558
539
return -1;
559
540
}
560
541
542
if(debug){
543
if(if_indextoname((unsigned int)if_index, interface) == NULL){
544
perror("if_indextoname");
545
return -1;
546
}
547
fprintf(stderr, "Binding to interface %s\n", interface);
548
}
549
561
550
memset(&to, 0, sizeof(to));
562
if(af == AF_INET6){
563
to.in6.sin6_family = (uint16_t)af;
564
ret = inet_pton(af, ip, &to.in6.sin6_addr);
565
} else { /* IPv4 */
566
to.in.sin_family = (sa_family_t)af;
567
ret = inet_pton(af, ip, &to.in.sin_addr);
568
}
551
to.in6.sin6_family = AF_INET6;
552
/* It would be nice to have a way to detect if we were passed an
553
IPv4 address here. Now we assume an IPv6 address. */
554
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
569
555
if(ret < 0 ){
570
556
perror("inet_pton");
571
557
return -1;
574
560
fprintf(stderr, "Bad address: %s\n", ip);
575
561
return -1;
576
562
}
577
if(af == AF_INET6){
578
to.in6.sin6_port = htons(port); /* Spurious warnings from
579
-Wconversion and
580
-Wunreachable-code */
581
582
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
583
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
584
-Wunreachable-code*/
585
if(if_index == AVAHI_IF_UNSPEC){
586
fprintf(stderr, "An IPv6 link-local address is incomplete"
587
" without a network interface\n");
588
return -1;
589
}
590
/* Set the network interface number as scope */
591
to.in6.sin6_scope_id = (uint32_t)if_index;
592
}
593
} else {
594
to.in.sin_port = htons(port); /* Spurious warnings from
563
to.in6.sin6_port = htons(port); /* Spurious warnings from
595
564
-Wconversion and
596
565
-Wunreachable-code */
597
}
566
567
to.in6.sin6_scope_id = (uint32_t)if_index;
598
568
599
569
if(debug){
600
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
601
char interface[IF_NAMESIZE];
602
if(if_indextoname((unsigned int)if_index, interface) == NULL){
603
perror("if_indextoname");
604
} else {
605
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
606
ip, interface, port);
607
}
608
} else {
609
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
610
port);
611
}
612
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
613
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
614
const char *pcret;
615
if(af == AF_INET6){
616
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
617
sizeof(addrstr));
618
} else {
619
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
620
sizeof(addrstr));
621
}
622
if(pcret == NULL){
570
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
571
port);
572
char addrstr[INET6_ADDRSTRLEN] = "";
573
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
574
sizeof(addrstr)) == NULL){
623
575
perror("inet_ntop");
624
576
} else {
625
577
if(strcmp(addrstr, ip) != 0){
628
580
}
629
581
}
630
582
631
if(af == AF_INET6){
632
ret = connect(tcp_sd, &to.in6, sizeof(to));
633
} else {
634
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
635
}
583
ret = connect(tcp_sd, &to.in, sizeof(to));
636
584
if(ret < 0){
637
585
perror("connect");
638
586
return -1;
684
632
/* Read OpenPGP packet that contains the wanted password */
685
633
686
634
if(debug){
687
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
635
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
688
636
ip);
689
637
}
690
638
691
639
while(true){
692
buffer_capacity = incbuffer(&buffer, buffer_length,
640
buffer_capacity = adjustbuffer(&buffer, buffer_length,
693
641
buffer_capacity);
694
642
if(buffer_capacity == 0){
695
perror("incbuffer");
643
perror("adjustbuffer");
696
644
retval = -1;
697
645
goto mandos_end;
698
646
}
737
685
gnutls_bye(session, GNUTLS_SHUT_RDWR);
738
686
739
687
if(buffer_length > 0){
740
decrypted_buffer_size = pgp_packet_decrypt(buffer,
688
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
741
689
buffer_length,
742
690
&decrypted_buffer);
743
691
if(decrypted_buffer_size >= 0){
778
726
779
727
static void resolve_callback(AvahiSServiceResolver *r,
780
728
AvahiIfIndex interface,
781
AvahiProtocol proto,
729
AVAHI_GCC_UNUSED AvahiProtocol protocol,
782
730
AvahiResolverEvent event,
783
731
const char *name,
784
732
const char *type,
789
737
AVAHI_GCC_UNUSED AvahiStringList *txt,
790
738
AVAHI_GCC_UNUSED AvahiLookupResultFlags
791
739
flags,
792
AVAHI_GCC_UNUSED void* userdata){
740
void* userdata){
741
mandos_context *mc = userdata;
793
742
assert(r);
794
743
795
744
/* Called whenever a service has been resolved successfully or
800
749
case AVAHI_RESOLVER_FAILURE:
801
750
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
802
751
" of type '%s' in domain '%s': %s\n", name, type, domain,
803
avahi_strerror(avahi_server_errno(mc.server)));
752
avahi_strerror(avahi_server_errno(mc->server)));
804
753
break;
805
754
806
755
case AVAHI_RESOLVER_FOUND:
812
761
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
813
762
ip, (intmax_t)interface, port);
814
763
}
815
int ret = start_mandos_communication(ip, port, interface,
816
avahi_proto_to_af(proto));
764
int ret = start_mandos_communication(ip, port, interface, mc);
817
765
if(ret == 0){
818
avahi_simple_poll_quit(mc.simple_poll);
766
avahi_simple_poll_quit(mc->simple_poll);
819
767
}
820
768
}
821
769
}
831
779
const char *domain,
832
780
AVAHI_GCC_UNUSED AvahiLookupResultFlags
833
781
flags,
834
AVAHI_GCC_UNUSED void* userdata){
782
void* userdata){
783
mandos_context *mc = userdata;
835
784
assert(b);
836
785
837
786
/* Called whenever a new services becomes available on the LAN or
842
791
case AVAHI_BROWSER_FAILURE:
843
792
844
793
fprintf(stderr, "(Avahi browser) %s\n",
845
avahi_strerror(avahi_server_errno(mc.server)));
846
avahi_simple_poll_quit(mc.simple_poll);
794
avahi_strerror(avahi_server_errno(mc->server)));
795
avahi_simple_poll_quit(mc->simple_poll);
847
796
return;
848
797
849
798
case AVAHI_BROWSER_NEW:
852
801
the callback function is called the Avahi server will free the
853
802
resolver for us. */
854
803
855
if(!(avahi_s_service_resolver_new(mc.server, interface,
804
if(!(avahi_s_service_resolver_new(mc->server, interface,
856
805
protocol, name, type, domain,
857
806
AVAHI_PROTO_INET6, 0,
858
resolve_callback, NULL)))
807
resolve_callback, mc)))
859
808
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
860
name, avahi_strerror(avahi_server_errno(mc.server)));
809
name, avahi_strerror(avahi_server_errno(mc->server)));
861
810
break;
862
811
863
812
case AVAHI_BROWSER_REMOVE:
872
821
}
873
822
}
874
823
875
sig_atomic_t quit_now = 0;
876
877
static void handle_sigterm(__attribute__((unused)) int sig){
878
if(quit_now){
879
return;
880
}
881
quit_now = 1;
882
int old_errno = errno;
883
if(mc.simple_poll != NULL){
884
avahi_simple_poll_quit(mc.simple_poll);
885
}
886
errno = old_errno;
887
}
888
889
824
int main(int argc, char *argv[]){
890
825
AvahiSServiceBrowser *sb = NULL;
891
826
int error;
905
840
const char *seckey = PATHDIR "/" SECKEY;
906
841
const char *pubkey = PATHDIR "/" PUBKEY;
907
842
908
/* Initialize Mandos context */
909
mc = (mandos_context){ .simple_poll = NULL, .server = NULL,
910
.dh_bits = 1024, .priority = "SECURE256"
911
":!CTYPE-X.509:+CTYPE-OPENPGP" };
843
mandos_context mc = { .simple_poll = NULL, .server = NULL,
844
.dh_bits = 1024, .priority = "SECURE256"
845
":!CTYPE-X.509:+CTYPE-OPENPGP" };
912
846
bool gnutls_initialized = false;
913
847
bool gpgme_initialized = false;
914
848
double delay = 2.5;
915
916
struct sigaction old_sigterm_action;
917
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
918
849
919
850
{
920
851
struct argp_option options[] = {
926
857
.group = 1 },
927
858
{ .name = "interface", .key = 'i',
928
859
.arg = "NAME",
929
.doc = "Network interface that will be used to search for"
930
" Mandos servers",
860
.doc = "Interface that will be used to search for Mandos"
861
" servers",
931
862
.group = 1 },
932
863
{ .name = "seckey", .key = 's',
933
864
.arg = "FILE",
1013
944
}
1014
945
1015
946
/* If the interface is down, bring it up */
1016
if(interface[0] != '\0'){
947
{
1017
948
#ifdef __linux__
1018
949
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1019
950
messages to mess up the prompt */
1020
951
ret = klogctl(8, NULL, 5);
1021
bool restore_loglevel = true;
1022
952
if(ret == -1){
1023
restore_loglevel = false;
1024
953
perror("klogctl");
1025
954
}
1026
#endif /* __linux__ */
955
#endif
1027
956
1028
957
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1029
958
if(sd < 0){
1030
959
perror("socket");
1031
960
exitcode = EXIT_FAILURE;
1032
961
#ifdef __linux__
1033
if(restore_loglevel){
1034
ret = klogctl(7, NULL, 0);
1035
if(ret == -1){
1036
perror("klogctl");
1037
}
962
ret = klogctl(7, NULL, 0);
963
if(ret == -1){
964
perror("klogctl");
1038
965
}
1039
#endif /* __linux__ */
966
#endif
1040
967
goto end;
1041
968
}
1042
969
strcpy(network.ifr_name, interface);
1044
971
if(ret == -1){
1045
972
perror("ioctl SIOCGIFFLAGS");
1046
973
#ifdef __linux__
1047
if(restore_loglevel){
1048
ret = klogctl(7, NULL, 0);
1049
if(ret == -1){
1050
perror("klogctl");
1051
}
974
ret = klogctl(7, NULL, 0);
975
if(ret == -1){
976
perror("klogctl");
1052
977
}
1053
#endif /* __linux__ */
978
#endif
1054
979
exitcode = EXIT_FAILURE;
1055
980
goto end;
1056
981
}
1061
986
perror("ioctl SIOCSIFFLAGS");
1062
987
exitcode = EXIT_FAILURE;
1063
988
#ifdef __linux__
1064
if(restore_loglevel){
1065
ret = klogctl(7, NULL, 0);
1066
if(ret == -1){
1067
perror("klogctl");
1068
}
989
ret = klogctl(7, NULL, 0);
990
if(ret == -1){
991
perror("klogctl");
1069
992
}
1070
#endif /* __linux__ */
993
#endif
1071
994
goto end;
1072
995
}
1073
996
}
1090
1013
perror("close");
1091
1014
}
1092
1015
#ifdef __linux__
1093
if(restore_loglevel){
1094
/* Restores kernel loglevel to default */
1095
ret = klogctl(7, NULL, 0);
1096
if(ret == -1){
1097
perror("klogctl");
1098
}
1016
/* Restores kernel loglevel to default */
1017
ret = klogctl(7, NULL, 0);
1018
if(ret == -1){
1019
perror("klogctl");
1099
1020
}
1100
#endif /* __linux__ */
1021
#endif
1101
1022
}
1102
1023
1103
1024
uid = getuid();
1104
1025
gid = getgid();
1105
1026
1106
errno = 0;
1107
1027
setgid(gid);
1108
1028
if(ret == -1){
1109
1029
perror("setgid");
1114
1034
perror("setuid");
1115
1035
}
1116
1036
1117
ret = init_gnutls_global(pubkey, seckey);
1037
ret = init_gnutls_global(&mc, pubkey, seckey);
1118
1038
if(ret == -1){
1119
1039
fprintf(stderr, "init_gnutls_global failed\n");
1120
1040
exitcode = EXIT_FAILURE;
1129
1049
}
1130
1050
tempdir_created = true;
1131
1051
1132
if(not init_gpgme(pubkey, seckey, tempdir)){
1052
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
1133
1053
fprintf(stderr, "init_gpgme failed\n");
1134
1054
exitcode = EXIT_FAILURE;
1135
1055
goto end;
1137
1057
gpgme_initialized = true;
1138
1058
}
1139
1059
1140
if(interface[0] != '\0'){
1141
if_index = (AvahiIfIndex) if_nametoindex(interface);
1142
if(if_index == 0){
1143
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1144
exitcode = EXIT_FAILURE;
1145
goto end;
1146
}
1060
if_index = (AvahiIfIndex) if_nametoindex(interface);
1061
if(if_index == 0){
1062
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1063
exitcode = EXIT_FAILURE;
1064
goto end;
1147
1065
}
1148
1066
1149
1067
if(connect_to != NULL){
1166
1084
port = (uint16_t)tmpmax;
1167
1085
*address = '\0';
1168
1086
address = connect_to;
1169
/* Colon in address indicates IPv6 */
1170
int af;
1171
if(strchr(address, ':') != NULL){
1172
af = AF_INET6;
1173
} else {
1174
af = AF_INET;
1175
}
1176
ret = start_mandos_communication(address, port, if_index, af);
1087
ret = start_mandos_communication(address, port, if_index, &mc);
1177
1088
if(ret < 0){
1178
1089
exitcode = EXIT_FAILURE;
1179
1090
} else {
1226
1137
/* Create the Avahi service browser */
1227
1138
sb = avahi_s_service_browser_new(mc.server, if_index,
1228
1139
AVAHI_PROTO_INET6, "_mandos._tcp",
1229
NULL, 0, browse_callback, NULL);
1140
NULL, 0, browse_callback, &mc);
1230
1141
if(sb == NULL){
1231
1142
fprintf(stderr, "Failed to create service browser: %s\n",
1232
1143
avahi_strerror(avahi_server_errno(mc.server)));
1234
1145
goto end;
1235
1146
}
1236
1147
1237
sigemptyset(&sigterm_action.sa_mask);
1238
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1239
if(ret == -1){
1240
perror("sigaddset");
1241
exitcode = EXIT_FAILURE;
1242
goto end;
1243
}
1244
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1245
if(ret == -1){
1246
perror("sigaddset");
1247
exitcode = EXIT_FAILURE;
1248
goto end;
1249
}
1250
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1251
if(ret == -1){
1252
perror("sigaddset");
1253
exitcode = EXIT_FAILURE;
1254
goto end;
1255
}
1256
ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);
1257
if(ret == -1){
1258
perror("sigaction");
1259
exitcode = EXIT_FAILURE;
1260
goto end;
1261
}
1262
1263
1148
/* Run the main loop */
1264
1149
1265
1150
if(debug){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0