To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 24.1.141
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.141
- Committer: Björn Påhlsson
- Date: 2009-09-21 13:13:47 UTC
- mfrom: (364 mandos)
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 415.
- Revision ID: belorn@braxen-20090921131347-mhuf1qnwavhyd6l1
fixed incorrect include comments
added
removed
plugins.d/mandos-client.c
164
164
*/
165
165
static bool init_gpgme(const char *seckey,
166
166
const char *pubkey, const char *tempdir){
167
int ret;
168
167
gpgme_error_t rc;
169
168
gpgme_engine_info_t engine_info;
170
169
173
172
* Helper function to insert pub and seckey to the engine keyring.
174
173
*/
175
174
bool import_key(const char *filename){
175
int ret;
176
176
int fd;
177
177
gpgme_data_t pgp_data;
178
178
521
521
static int start_mandos_communication(const char *ip, uint16_t port,
522
522
AvahiIfIndex if_index,
523
523
int af){
524
int ret, tcp_sd;
524
int ret, tcp_sd = -1;
525
525
ssize_t sret;
526
526
union {
527
527
struct sockaddr_in in;
531
531
char *decrypted_buffer;
532
532
size_t buffer_length = 0;
533
533
size_t buffer_capacity = 0;
534
ssize_t decrypted_buffer_size;
535
534
size_t written;
536
535
int retval = 0;
537
536
gnutls_session_t session;
538
537
int pf; /* Protocol family */
539
538
539
if(quit_now){
540
return -1;
541
}
542
540
543
switch(af){
541
544
case AF_INET6:
542
545
pf = PF_INET6;
562
565
tcp_sd = socket(pf, SOCK_STREAM, 0);
563
566
if(tcp_sd < 0){
564
567
perror("socket");
565
return -1;
568
retval = -1;
569
goto mandos_end;
570
}
571
572
if(quit_now){
573
goto mandos_end;
566
574
}
567
575
568
576
memset(&to, 0, sizeof(to));
575
583
}
576
584
if(ret < 0 ){
577
585
perror("inet_pton");
578
return -1;
586
retval = -1;
587
goto mandos_end;
579
588
}
580
589
if(ret == 0){
581
590
fprintf(stderr, "Bad address: %s\n", ip);
582
return -1;
591
retval = -1;
592
goto mandos_end;
583
593
}
584
594
if(af == AF_INET6){
585
595
to.in6.sin6_port = htons(port); /* Spurious warnings from
592
602
if(if_index == AVAHI_IF_UNSPEC){
593
603
fprintf(stderr, "An IPv6 link-local address is incomplete"
594
604
" without a network interface\n");
595
return -1;
605
retval = -1;
606
goto mandos_end;
596
607
}
597
608
/* Set the network interface number as scope */
598
609
to.in6.sin6_scope_id = (uint32_t)if_index;
603
614
-Wunreachable-code */
604
615
}
605
616
617
if(quit_now){
618
goto mandos_end;
619
}
620
606
621
if(debug){
607
622
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
608
623
char interface[IF_NAMESIZE];
635
650
}
636
651
}
637
652
653
if(quit_now){
654
goto mandos_end;
655
}
656
638
657
if(af == AF_INET6){
639
658
ret = connect(tcp_sd, &to.in6, sizeof(to));
640
659
} else {
642
661
}
643
662
if(ret < 0){
644
663
perror("connect");
645
return -1;
664
retval = -1;
665
goto mandos_end;
666
}
667
668
if(quit_now){
669
goto mandos_end;
646
670
}
647
671
648
672
const char *out = mandos_protocol_version;
667
691
break;
668
692
}
669
693
}
694
695
if(quit_now){
696
goto mandos_end;
697
}
670
698
}
671
699
672
700
if(debug){
673
701
fprintf(stderr, "Establishing TLS session with %s\n", ip);
674
702
}
675
703
704
if(quit_now){
705
goto mandos_end;
706
}
707
676
708
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
677
709
678
do{
710
if(quit_now){
711
goto mandos_end;
712
}
713
714
do {
679
715
ret = gnutls_handshake(session);
716
if(quit_now){
717
goto mandos_end;
718
}
680
719
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
681
720
682
721
if(ret != GNUTLS_E_SUCCESS){
696
735
}
697
736
698
737
while(true){
738
739
if(quit_now){
740
goto mandos_end;
741
}
742
699
743
buffer_capacity = incbuffer(&buffer, buffer_length,
700
744
buffer_capacity);
701
745
if(buffer_capacity == 0){
704
748
goto mandos_end;
705
749
}
706
750
751
if(quit_now){
752
goto mandos_end;
753
}
754
707
755
sret = gnutls_record_recv(session, buffer+buffer_length,
708
756
BUFFER_SIZE);
709
757
if(sret == 0){
715
763
case GNUTLS_E_AGAIN:
716
764
break;
717
765
case GNUTLS_E_REHANDSHAKE:
718
do{
766
do {
719
767
ret = gnutls_handshake(session);
768
769
if(quit_now){
770
goto mandos_end;
771
}
720
772
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
721
773
if(ret < 0){
722
774
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
741
793
fprintf(stderr, "Closing TLS session\n");
742
794
}
743
795
796
if(quit_now){
797
goto mandos_end;
798
}
799
744
800
gnutls_bye(session, GNUTLS_SHUT_RDWR);
745
801
802
if(quit_now){
803
goto mandos_end;
804
}
805
746
806
if(buffer_length > 0){
807
ssize_t decrypted_buffer_size;
747
808
decrypted_buffer_size = pgp_packet_decrypt(buffer,
748
809
buffer_length,
749
810
&decrypted_buffer);
750
811
if(decrypted_buffer_size >= 0){
812
751
813
written = 0;
752
814
while(written < (size_t) decrypted_buffer_size){
815
if(quit_now){
816
goto mandos_end;
817
}
818
753
819
ret = (int)fwrite(decrypted_buffer + written, 1,
754
820
(size_t)decrypted_buffer_size - written,
755
821
stdout);
775
841
776
842
mandos_end:
777
843
free(buffer);
778
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
844
if(tcp_sd >= 0){
845
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
846
}
779
847
if(ret == -1){
780
848
perror("close");
781
849
}
782
850
gnutls_deinit(session);
851
if(quit_now){
852
retval = -1;
853
}
783
854
return retval;
784
855
}
785
856
848
919
/* Called whenever a new services becomes available on the LAN or
849
920
is removed from the LAN */
850
921
922
if(quit_now){
923
return;
924
}
925
851
926
switch(event){
852
927
default:
853
928
case AVAHI_BROWSER_FAILURE:
1055
1130
exitcode = EXIT_FAILURE;
1056
1131
goto end;
1057
1132
}
1058
ret = sigaction(SIGINT, &sigterm_action, &old_sigterm_action);
1059
if(ret == -1){
1060
perror("sigaction");
1061
exitcode = EXIT_FAILURE;
1062
goto end;
1063
}
1064
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1065
if(ret == -1){
1066
perror("sigaction");
1067
exitcode = EXIT_FAILURE;
1068
goto end;
1069
}
1070
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1071
if(ret == -1){
1072
perror("sigaction");
1073
exitcode = EXIT_FAILURE;
1074
goto end;
1133
/* Need to check if the handler is SIG_IGN before handling:
1134
| [[info:libc:Initial Signal Actions]] |
1135
| [[info:libc:Basic Signal Handling]] |
1136
*/
1137
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1138
if(ret == -1){
1139
perror("sigaction");
1140
return EXIT_FAILURE;
1141
}
1142
if(old_sigterm_action.sa_handler != SIG_IGN){
1143
ret = sigaction(SIGINT, &sigterm_action, NULL);
1144
if(ret == -1){
1145
perror("sigaction");
1146
exitcode = EXIT_FAILURE;
1147
goto end;
1148
}
1149
}
1150
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1151
if(ret == -1){
1152
perror("sigaction");
1153
return EXIT_FAILURE;
1154
}
1155
if(old_sigterm_action.sa_handler != SIG_IGN){
1156
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1157
if(ret == -1){
1158
perror("sigaction");
1159
exitcode = EXIT_FAILURE;
1160
goto end;
1161
}
1162
}
1163
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1164
if(ret == -1){
1165
perror("sigaction");
1166
return EXIT_FAILURE;
1167
}
1168
if(old_sigterm_action.sa_handler != SIG_IGN){
1169
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1170
if(ret == -1){
1171
perror("sigaction");
1172
exitcode = EXIT_FAILURE;
1173
goto end;
1174
}
1075
1175
}
1076
1176
1077
1177
/* If the interface is down, bring it up */
1434
1534
}
1435
1535
1436
1536
if(quit_now){
1537
sigemptyset(&old_sigterm_action.sa_mask);
1538
old_sigterm_action.sa_handler = SIG_DFL;
1437
1539
ret = sigaction(signal_received, &old_sigterm_action, NULL);
1438
1540
if(ret == -1){
1439
1541
perror("sigaction");
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0