(root)/mandos/trunk
» Revision
24.1.81
(compared to revision 24.1.29)
: plugins.d/password-request.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 24.1.81
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.81
- Committer: Björn Påhlsson
- Date: 2008-09-03 18:47:50 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 149.
- Revision ID: belorn@braxen-20080903184750-s0k0jrrq0lxiamwh
removed keyring pre-requirement for starting password-request.
Keys will now be imported in run-time to a run-time created keyring
Changed seckey and pubkey to be paths to private and public keys of the pgp encrypted password and gnutls authentication credentials.
Keys will now be imported in run-time to a run-time created keyring
Changed seckey and pubkey to be paths to private and public keys of the pgp encrypted password and gnutls authentication credentials.
- files added:
- .bzrignore
- files removed:
- network-protocol.txt
- files renamed:
- mandos-client.c => plugin-runner.c
- mandos-client.xml => plugin-runner.xml
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,
38
ferror() */
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
39
#include <stdint.h> /* uint16_t, uint32_t */
40
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
42
srand() */
43
43
#include <stdbool.h> /* bool, true */
44
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), memcpy(), strcpy() */
45
strerror(), asprintf(), strcpy() */
46
46
#include <sys/ioctl.h> /* ioctl */
47
#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,
48
IFF_UP */
49
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
48
sockaddr_in6, PF_INET6,
51
49
SOCK_STREAM, INET6_ADDRSTRLEN,
52
uid_t, gid_t */
50
uid_t, gid_t, open(), opendir(), DIR */
51
#include <sys/stat.h> /* open() */
53
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
53
struct in6_addr, inet_pton(),
55
54
connect() */
55
#include <fcntl.h> /* open() */
56
#include <dirent.h> /* opendir(), struct dirent, readdir() */
57
#include <inttypes.h> /* PRIu16 */
56
58
#include <assert.h> /* assert() */
57
59
#include <errno.h> /* perror(), errno */
58
60
#include <time.h> /* time() */
59
61
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
60
62
SIOCSIFFLAGS, if_indextoname(),
61
63
if_nametoindex(), IF_NAMESIZE */
64
#include <netinet/in.h>
62
65
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
63
66
getuid(), getgid(), setuid(),
64
67
setgid() */
65
#include <netinet/in.h>
66
68
#include <arpa/inet.h> /* inet_pton(), htons */
67
69
#include <iso646.h> /* not, and */
68
70
#include <argp.h> /* struct argp_option, error_t, struct
82
84
#include <avahi-common/error.h>
83
85
84
86
/* GnuTLS */
85
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions
87
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
88
functions:
86
89
gnutls_*
87
90
init_gnutls_session(),
88
91
GNUTLS_* */
90
93
GNUTLS_OPENPGP_FMT_BASE64 */
91
94
92
95
/* GPGME */
93
#include <gpgme.h> /* All GPGME types, constants and functions
96
#include <gpgme.h> /* All GPGME types, constants and
97
functions:
94
98
gpgme_*
95
99
GPGME_PROTOCOL_OpenPGP,
96
100
GPG_ERR_NO_* */
97
101
98
102
#define BUFFER_SIZE 256
99
103
104
/*
105
#define PATHDIR "/conf/conf.d/mandos"
106
*/
107
108
#define PATHDIR "/conf/conf.d/mandos"
109
#define SECKEY "seckey.txt"
110
#define PUBKEY "pupkey.txt"
111
100
112
bool debug = false;
101
static const char *keydir = "/conf/conf.d/mandos";
102
113
static const char mandos_protocol_version[] = "1";
103
const char *argp_program_version = "mandosclient 0.9";
114
const char *argp_program_version = "password-request 1.0";
104
115
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
105
116
106
117
/* Used for passing in values through the Avahi callback functions */
111
122
unsigned int dh_bits;
112
123
gnutls_dh_params_t dh_params;
113
124
const char *priority;
125
gpgme_ctx_t ctx;
114
126
} mandos_context;
115
127
116
128
/*
131
143
}
132
144
133
145
/*
134
* Decrypt OpenPGP data using keyrings in HOMEDIR.
135
* Returns -1 on error
146
* Initialize GPGME.
136
147
*/
137
static ssize_t pgp_packet_decrypt (const char *cryptotext,
138
size_t crypto_size,
139
char **plaintext,
140
const char *homedir){
141
gpgme_data_t dh_crypto, dh_plain;
142
gpgme_ctx_t ctx;
148
static bool init_gpgme(mandos_context *mc, const char *seckey,
149
const char *pubkey, const char *tempdir){
150
int ret;
143
151
gpgme_error_t rc;
144
ssize_t ret;
145
size_t plaintext_capacity = 0;
146
ssize_t plaintext_length = 0;
147
152
gpgme_engine_info_t engine_info;
153
154
155
/*
156
* Helper function to insert pub and seckey to the enigne keyring.
157
*/
158
bool import_key(const char *filename){
159
int fd;
160
gpgme_data_t pgp_data;
161
162
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
163
if(fd == -1){
164
perror("open");
165
return false;
166
}
167
168
rc = gpgme_data_new_from_fd(&pgp_data, fd);
169
if (rc != GPG_ERR_NO_ERROR){
170
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
171
gpgme_strsource(rc), gpgme_strerror(rc));
172
return false;
173
}
174
175
rc = gpgme_op_import(mc->ctx, pgp_data);
176
if (rc != GPG_ERR_NO_ERROR){
177
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
178
gpgme_strsource(rc), gpgme_strerror(rc));
179
return false;
180
}
181
182
ret = TEMP_FAILURE_RETRY(close(fd));
183
if(ret == -1){
184
perror("close");
185
}
186
gpgme_data_release(pgp_data);
187
return true;
188
}
148
189
149
190
if (debug){
150
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
191
fprintf(stderr, "Initialize gpgme\n");
151
192
}
152
193
153
194
/* Init GPGME */
154
195
gpgme_check_version(NULL);
155
196
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
156
197
if (rc != GPG_ERR_NO_ERROR){
157
198
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
158
199
gpgme_strsource(rc), gpgme_strerror(rc));
159
return -1;
200
return false;
160
201
}
161
162
/* Set GPGME home directory for the OpenPGP engine only */
202
203
/* Set GPGME home directory for the OpenPGP engine only */
163
204
rc = gpgme_get_engine_info (&engine_info);
164
205
if (rc != GPG_ERR_NO_ERROR){
165
206
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
166
207
gpgme_strsource(rc), gpgme_strerror(rc));
167
return -1;
208
return false;
168
209
}
169
210
while(engine_info != NULL){
170
211
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
171
212
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
172
engine_info->file_name, homedir);
213
engine_info->file_name, tempdir);
173
214
break;
174
215
}
175
216
engine_info = engine_info->next;
176
217
}
177
218
if(engine_info == NULL){
178
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
179
return -1;
219
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
220
return false;
221
}
222
223
/* Create new GPGME "context" */
224
rc = gpgme_new(&(mc->ctx));
225
if (rc != GPG_ERR_NO_ERROR){
226
fprintf(stderr, "bad gpgme_new: %s: %s\n",
227
gpgme_strsource(rc), gpgme_strerror(rc));
228
return false;
229
}
230
231
if (not import_key(pubkey) or not import_key(seckey)){
232
return false;
233
}
234
235
return true;
236
}
237
238
/*
239
* Decrypt OpenPGP data.
240
* Returns -1 on error
241
*/
242
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
243
const char *cryptotext,
244
size_t crypto_size,
245
char **plaintext){
246
gpgme_data_t dh_crypto, dh_plain;
247
gpgme_error_t rc;
248
ssize_t ret;
249
size_t plaintext_capacity = 0;
250
ssize_t plaintext_length = 0;
251
252
if (debug){
253
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
180
254
}
181
255
182
256
/* Create new GPGME data buffer from memory cryptotext */
197
271
return -1;
198
272
}
199
273
200
/* Create new GPGME "context" */
201
rc = gpgme_new(&ctx);
202
if (rc != GPG_ERR_NO_ERROR){
203
fprintf(stderr, "bad gpgme_new: %s: %s\n",
204
gpgme_strsource(rc), gpgme_strerror(rc));
205
plaintext_length = -1;
206
goto decrypt_end;
207
}
208
209
274
/* Decrypt data from the cryptotext data buffer to the plaintext
210
275
data buffer */
211
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
276
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
212
277
if (rc != GPG_ERR_NO_ERROR){
213
278
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
214
279
gpgme_strsource(rc), gpgme_strerror(rc));
215
280
plaintext_length = -1;
281
if (debug){
282
gpgme_decrypt_result_t result;
283
result = gpgme_op_decrypt_result(mc->ctx);
284
if (result == NULL){
285
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
286
} else {
287
fprintf(stderr, "Unsupported algorithm: %s\n",
288
result->unsupported_algorithm);
289
fprintf(stderr, "Wrong key usage: %u\n",
290
result->wrong_key_usage);
291
if(result->file_name != NULL){
292
fprintf(stderr, "File name: %s\n", result->file_name);
293
}
294
gpgme_recipient_t recipient;
295
recipient = result->recipients;
296
if(recipient){
297
while(recipient != NULL){
298
fprintf(stderr, "Public key algorithm: %s\n",
299
gpgme_pubkey_algo_name(recipient->pubkey_algo));
300
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
301
fprintf(stderr, "Secret key available: %s\n",
302
recipient->status == GPG_ERR_NO_SECKEY
303
? "No" : "Yes");
304
recipient = recipient->next;
305
}
306
}
307
}
308
}
216
309
goto decrypt_end;
217
310
}
218
311
220
313
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
221
314
}
222
315
223
if (debug){
224
gpgme_decrypt_result_t result;
225
result = gpgme_op_decrypt_result(ctx);
226
if (result == NULL){
227
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
228
} else {
229
fprintf(stderr, "Unsupported algorithm: %s\n",
230
result->unsupported_algorithm);
231
fprintf(stderr, "Wrong key usage: %d\n",
232
result->wrong_key_usage);
233
if(result->file_name != NULL){
234
fprintf(stderr, "File name: %s\n", result->file_name);
235
}
236
gpgme_recipient_t recipient;
237
recipient = result->recipients;
238
if(recipient){
239
while(recipient != NULL){
240
fprintf(stderr, "Public key algorithm: %s\n",
241
gpgme_pubkey_algo_name(recipient->pubkey_algo));
242
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
243
fprintf(stderr, "Secret key available: %s\n",
244
recipient->status == GPG_ERR_NO_SECKEY
245
? "No" : "Yes");
246
recipient = recipient->next;
247
}
248
}
249
}
250
}
251
252
316
/* Seek back to the beginning of the GPGME plaintext data buffer */
253
317
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
254
318
perror("pgpme_data_seek");
301
365
}
302
366
303
367
static const char * safer_gnutls_strerror (int value) {
304
const char *ret = gnutls_strerror (value);
368
const char *ret = gnutls_strerror (value); /* Spurious warning */
305
369
if (ret == NULL)
306
370
ret = "(unknown)";
307
371
return ret;
314
378
}
315
379
316
380
static int init_gnutls_global(mandos_context *mc,
317
const char *pubkeyfile,
318
const char *seckeyfile){
381
const char *pubkeyfilename,
382
const char *seckeyfilename){
319
383
int ret;
320
384
321
385
if(debug){
340
404
/* OpenPGP credentials */
341
405
gnutls_certificate_allocate_credentials(&mc->cred);
342
406
if (ret != GNUTLS_E_SUCCESS){
343
fprintf (stderr, "GnuTLS memory error: %s\n",
407
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
408
warning */
344
409
safer_gnutls_strerror(ret));
345
410
gnutls_global_deinit ();
346
411
return -1;
348
413
349
414
if(debug){
350
415
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
351
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
352
seckeyfile);
416
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
417
seckeyfilename);
353
418
}
354
419
355
420
ret = gnutls_certificate_set_openpgp_key_file
356
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
421
(mc->cred, pubkeyfilename, seckeyfilename,
422
GNUTLS_OPENPGP_FMT_BASE64);
357
423
if (ret != GNUTLS_E_SUCCESS) {
358
424
fprintf(stderr,
359
425
"Error[%d] while reading the OpenPGP key pair ('%s',"
360
" '%s')\n", ret, pubkeyfile, seckeyfile);
361
fprintf(stdout, "The GnuTLS error is: %s\n",
426
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
427
fprintf(stderr, "The GnuTLS error is: %s\n",
362
428
safer_gnutls_strerror(ret));
363
429
goto globalfail;
364
430
}
455
521
}
456
522
457
523
if(debug){
458
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
459
ip, port);
524
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
525
"\n", ip, port);
460
526
}
461
527
462
528
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
473
539
fprintf(stderr, "Binding to interface %s\n", interface);
474
540
}
475
541
476
memset(&to,0,sizeof(to)); /* Spurious warning */
542
memset(&to, 0, sizeof(to));
477
543
to.in6.sin6_family = AF_INET6;
478
544
/* It would be nice to have a way to detect if we were passed an
479
545
IPv4 address here. Now we assume an IPv6 address. */
486
552
fprintf(stderr, "Bad address: %s\n", ip);
487
553
return -1;
488
554
}
489
to.in6.sin6_port = htons(port); /* Spurious warning */
555
to.in6.sin6_port = htons(port); /* Spurious warning */
490
556
491
557
to.in6.sin6_scope_id = (uint32_t)if_index;
492
558
493
559
if(debug){
494
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
560
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
561
port);
495
562
char addrstr[INET6_ADDRSTRLEN] = "";
496
563
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
497
564
sizeof(addrstr)) == NULL){
608
675
gnutls_bye (session, GNUTLS_SHUT_RDWR);
609
676
610
677
if (buffer_length > 0){
611
decrypted_buffer_size = pgp_packet_decrypt(buffer,
678
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
612
679
buffer_length,
613
&decrypted_buffer,
614
keydir);
680
&decrypted_buffer);
615
681
if (decrypted_buffer_size >= 0){
616
682
written = 0;
617
683
while(written < (size_t) decrypted_buffer_size){
632
698
} else {
633
699
retval = -1;
634
700
}
701
} else {
702
retval = -1;
635
703
}
636
704
637
705
/* Shutdown procedure */
638
706
639
707
mandos_end:
640
708
free(buffer);
641
close(tcp_sd);
709
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
710
if(ret == -1){
711
perror("close");
712
}
642
713
gnutls_deinit (session);
643
714
return retval;
644
715
}
658
729
flags,
659
730
void* userdata) {
660
731
mandos_context *mc = userdata;
661
assert(r); /* Spurious warning */
732
assert(r);
662
733
663
734
/* Called whenever a service has been resolved successfully or
664
735
timed out */
676
747
char ip[AVAHI_ADDRESS_STR_MAX];
677
748
avahi_address_snprint(ip, sizeof(ip), address);
678
749
if(debug){
679
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
680
" port %d\n", name, host_name, ip, interface, port);
750
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
751
PRIu16 ") on port %d\n", name, host_name, ip,
752
interface, port);
681
753
}
682
754
int ret = start_mandos_communication(ip, port, interface, mc);
683
755
if (ret == 0){
684
exit(EXIT_SUCCESS);
756
avahi_simple_poll_quit(mc->simple_poll);
685
757
}
686
758
}
687
759
}
699
771
flags,
700
772
void* userdata) {
701
773
mandos_context *mc = userdata;
702
assert(b); /* Spurious warning */
774
assert(b);
703
775
704
776
/* Called whenever a new services becomes available on the LAN or
705
777
is removed from the LAN */
739
811
}
740
812
}
741
813
742
/* Combines file name and path and returns the malloced new
743
string. some sane checks could/should be added */
744
static const char *combinepath(const char *first, const char *second){
745
size_t f_len = strlen(first);
746
size_t s_len = strlen(second);
747
char *tmp = malloc(f_len + s_len + 2);
748
if (tmp == NULL){
749
return NULL;
750
}
751
if(f_len > 0){
752
memcpy(tmp, first, f_len); /* Spurious warning */
753
}
754
tmp[f_len] = '/';
755
if(s_len > 0){
756
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
757
}
758
tmp[f_len + 1 + s_len] = '\0';
759
return tmp;
760
}
761
762
763
814
int main(int argc, char *argv[]){
764
815
AvahiSServiceBrowser *sb = NULL;
765
816
int error;
771
822
uid_t uid;
772
823
gid_t gid;
773
824
char *connect_to = NULL;
825
char tempdir[] = "/tmp/mandosXXXXXX";
774
826
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
775
const char *pubkeyfile = "pubkey.txt";
776
const char *seckeyfile = "seckey.txt";
827
const char *seckey = PATHDIR "/" SECKEY;
828
const char *pubkey = PATHDIR "/" PUBKEY;
829
777
830
mandos_context mc = { .simple_poll = NULL, .server = NULL,
778
831
.dh_bits = 1024, .priority = "SECURE256"};
779
832
bool gnutls_initalized = false;
833
bool pgpme_initalized = false;
780
834
781
835
{
782
836
struct argp_option options[] = {
790
844
.arg = "INTERFACE",
791
845
.doc = "Interface that Avahi will conntect through",
792
846
.group = 1 },
793
{ .name = "keydir", .key = 'd',
794
.arg = "KEYDIR",
795
.doc = "Directory where the openpgp keyring is",
796
.group = 1 },
797
847
{ .name = "seckey", .key = 's',
798
848
.arg = "SECKEY",
799
849
.doc = "Secret openpgp key for gnutls authentication",
827
877
case 'i':
828
878
interface = arg;
829
879
break;
830
case 'd':
831
keydir = arg;
832
break;
833
880
case 's':
834
seckeyfile = arg;
881
seckey = arg;
835
882
break;
836
883
case 'p':
837
pubkeyfile = arg;
884
pubkey = arg;
838
885
break;
839
886
case 129:
840
887
errno = 0;
849
896
break;
850
897
case ARGP_KEY_ARG:
851
898
argp_usage (state);
899
case ARGP_KEY_END:
852
900
break;
853
case ARGP_KEY_END:
854
break;
855
901
default:
856
902
return ARGP_ERR_UNKNOWN;
857
903
}
864
910
" passwords from mandos server" };
865
911
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
866
912
if (ret == ARGP_ERR_UNKNOWN){
867
fprintf(stderr, "Unkown error while parsing arguments\n");
913
fprintf(stderr, "Unknown error while parsing arguments\n");
868
914
exitcode = EXIT_FAILURE;
869
915
goto end;
870
916
}
871
917
}
872
873
pubkeyfile = combinepath(keydir, pubkeyfile);
874
if (pubkeyfile == NULL){
875
perror("combinepath");
876
exitcode = EXIT_FAILURE;
877
goto end;
878
}
879
880
seckeyfile = combinepath(keydir, seckeyfile);
881
if (seckeyfile == NULL){
882
perror("combinepath");
883
goto end;
884
}
885
918
886
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
919
ret = init_gnutls_global(&mc, pubkey, seckey);
887
920
if (ret == -1){
888
fprintf(stderr, "init_gnutls_global\n");
921
fprintf(stderr, "init_gnutls_global failed\n");
922
exitcode = EXIT_FAILURE;
889
923
goto end;
890
924
} else {
891
925
gnutls_initalized = true;
892
926
}
893
927
928
if(mkdtemp(tempdir) == NULL){
929
perror("mkdtemp");
930
tempdir[0] = '\0';
931
goto end;
932
}
933
934
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
935
fprintf(stderr, "pgpme_initalized failed\n");
936
exitcode = EXIT_FAILURE;
937
goto end;
938
} else {
939
pgpme_initalized = true;
940
}
941
942
/* If the interface is down, bring it up */
943
{
944
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
945
if(sd < 0) {
946
perror("socket");
947
exitcode = EXIT_FAILURE;
948
goto end;
949
}
950
strcpy(network.ifr_name, interface);
951
ret = ioctl(sd, SIOCGIFFLAGS, &network);
952
if(ret == -1){
953
perror("ioctl SIOCGIFFLAGS");
954
exitcode = EXIT_FAILURE;
955
goto end;
956
}
957
if((network.ifr_flags & IFF_UP) == 0){
958
network.ifr_flags |= IFF_UP;
959
ret = ioctl(sd, SIOCSIFFLAGS, &network);
960
if(ret == -1){
961
perror("ioctl SIOCSIFFLAGS");
962
exitcode = EXIT_FAILURE;
963
goto end;
964
}
965
}
966
ret = TEMP_FAILURE_RETRY(close(sd));
967
if(ret == -1){
968
perror("close");
969
}
970
}
971
894
972
uid = getuid();
895
973
gid = getgid();
896
974
897
975
ret = setuid(uid);
898
976
if (ret == -1){
899
977
perror("setuid");
937
1015
goto end;
938
1016
}
939
1017
940
/* If the interface is down, bring it up */
941
{
942
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
943
if(sd < 0) {
944
perror("socket");
945
exitcode = EXIT_FAILURE;
946
goto end;
947
}
948
strcpy(network.ifr_name, interface); /* Spurious warning */
949
ret = ioctl(sd, SIOCGIFFLAGS, &network);
950
if(ret == -1){
951
perror("ioctl SIOCGIFFLAGS");
952
exitcode = EXIT_FAILURE;
953
goto end;
954
}
955
if((network.ifr_flags & IFF_UP) == 0){
956
network.ifr_flags |= IFF_UP;
957
ret = ioctl(sd, SIOCSIFFLAGS, &network);
958
if(ret == -1){
959
perror("ioctl SIOCSIFFLAGS");
960
exitcode = EXIT_FAILURE;
961
goto end;
962
}
963
}
964
close(sd);
965
}
966
967
1018
if (not debug){
968
1019
avahi_set_log_function(empty_log);
969
1020
}
1041
1092
1042
1093
if (mc.simple_poll != NULL)
1043
1094
avahi_simple_poll_free(mc.simple_poll);
1044
free(pubkeyfile);
1045
free(seckeyfile);
1046
1095
1047
1096
if (gnutls_initalized){
1048
1097
gnutls_certificate_free_credentials(mc.cred);
1049
1098
gnutls_global_deinit ();
1050
1099
}
1051
1100
1101
if(pgpme_initalized){
1102
gpgme_release(mc.ctx);
1103
}
1104
1105
/* Removes the temp directory used by GPGME */
1106
if(tempdir[0] != '\0'){
1107
DIR *d;
1108
struct dirent *direntry;
1109
d = opendir(tempdir);
1110
if(d == NULL){
1111
perror("opendir");
1112
} else {
1113
while(true){
1114
direntry = readdir(d);
1115
if(direntry == NULL){
1116
break;
1117
}
1118
if (direntry->d_type == DT_REG){
1119
char *fullname = NULL;
1120
ret = asprintf(&fullname, "%s/%s", tempdir,
1121
direntry->d_name);
1122
if(ret < 0){
1123
perror("asprintf");
1124
continue;
1125
}
1126
ret = unlink(fullname);
1127
if(ret == -1){
1128
fprintf(stderr, "unlink(\"%s\"): %s",
1129
fullname, strerror(errno));
1130
}
1131
free(fullname);
1132
}
1133
}
1134
}
1135
ret = rmdir(tempdir);
1136
if(ret == -1){
1137
perror("rmdir");
1138
}
1139
}
1140
1052
1141
return exitcode;
1053
1142
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0