/mandos/trunk : revision 266

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2009-01-13 04:35:19 UTC
Revision ID: teddy@fukt.bsnet.se-20090113043519-0yr39snphoegq8l1

* plugin-runner.c: Only space changes.
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -

files removed:
debian/watch

files renamed:
mandos-ctl => mandos-list

files modified:
Makefile

NEWS

TODO

debian/changelog

debian/mandos-client.README.Debian

initramfs-tools-script

mandos

mandos-keygen

mandos.lsm

plugin-runner.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

#include <fcntl.h> /* open() */

#include <dirent.h> /* opendir(), struct dirent, readdir()

#include <inttypes.h> /* PRIu16, intmax_t, SCNdMAX */

#include <inttypes.h> /* PRIu16, SCNu16 */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time(), nanosleep() */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

#include <sys/klog.h> /* klogctl() */

/* Avahi */

/* All Avahi types, constants and functions

366

365

}

367

366

368

367

static const char * safer_gnutls_strerror(int value) {

369

const char *ret = gnutls_strerror(value); /* Spurious warning from

370

-Wunreachable-code */

368

const char *ret = gnutls_strerror(value); /* Spurious warning */

371

369

if(ret == NULL)

372

370

ret = "(unknown)";

373

371

return ret;

406

404

/* OpenPGP credentials */

407

405

gnutls_certificate_allocate_credentials(&mc->cred);

408

406

if(ret != GNUTLS_E_SUCCESS){

409

fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning

410

* from

411

* -Wunreachable-code

412

407

fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious

408

warning */

413

409

safer_gnutls_strerror(ret));

414

410

gnutls_global_deinit();

415

411

return -1;

557

553

fprintf(stderr, "Bad address: %s\n", ip);

558

554

return -1;

559

555

}

560

to.in6.sin6_port = htons(port); /* Spurious warnings from

561

-Wconversion and

562

-Wunreachable-code */

556

to.in6.sin6_port = htons(port); /* Spurious warning */

563

557

564

558

to.in6.sin6_scope_id = (uint32_t)if_index;

565

559

755

749

avahi_address_snprint(ip, sizeof(ip), address);

756

750

if(debug){

757

751

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

758

PRIdMAX ") on port %" PRIu16 "\n", name, host_name,

759

ip, (intmax_t)interface, port);

752

PRIu16 ") on port %d\n", name, host_name, ip,

753

interface, port);

760

754

}

761

755

int ret = start_mandos_communication(ip, port, interface, mc);

762

756

if(ret == 0){

822

816

AvahiSServiceBrowser *sb = NULL;

823

817

int error;

824

818

int ret;

825

intmax_t tmpmax;

826

int numchars;

827

819

int exitcode = EXIT_SUCCESS;

828

820

const char *interface = "eth0";

829

821

struct ifreq network;

841

833

":!CTYPE-X.509:+CTYPE-OPENPGP" };

842

834

bool gnutls_initalized = false;

843

835

bool gpgme_initalized = false;

844

double delay = 2.5;

845

836

846

837

{

847

838

struct argp_option options[] = {

873

864

.arg = "STRING",

874

865

.doc = "GnuTLS priority string for the TLS handshake",

875

866

.group = 1 },

876

{ .name = "delay", .key = 131,

877

.arg = "SECONDS",

878

.doc = "Maximum delay to wait for interface startup",

879

.group = 2 },

880

867

{ .name = NULL }

881

868

};

882

869

899

886

pubkey = arg;

900

887

break;

901

888

case 129: /* --dh-bits */

902

ret = sscanf(arg, "%" SCNdMAX "%n", &tmpmax, &numchars);

903

if(ret < 1 or tmpmax != (typeof(mc.dh_bits))tmpmax

904

or arg[numchars] != '\0'){

889

ret = sscanf(arg, "%u", &mc.dh_bits);

890

if(ret != 1){

905

891

fprintf(stderr, "Bad number of DH bits\n");

906

892

exit(EXIT_FAILURE);

907

893

}

908

mc.dh_bits = (typeof(mc.dh_bits))tmpmax;

909

894

break;

910

895

case 130: /* --priority */

911

896

mc.priority = arg;

912

897

break;

913

case 131: /* --delay */

914

ret = sscanf(arg, "%lf%n", &delay, &numchars);

915

if(ret < 1 or arg[numchars] != '\0'){

916

fprintf(stderr, "Bad delay\n");

917

exit(EXIT_FAILURE);

918

}

919

break;

920

898

case ARGP_KEY_ARG:

921

899

argp_usage(state);

922

900

case ARGP_KEY_END:

941

919

942

920

/* If the interface is down, bring it up */

943

921

{

944

// Lower kernel loglevel to KERN_NOTICE to avoid

945

// KERN_INFO messages to mess up the prompt

946

ret = klogctl(8, NULL, 5);

947

if(ret == -1){

948

perror("klogctl");

949

}

950

951

922

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

952

923

if(sd < 0) {

953

924

perror("socket");

954

925

exitcode = EXIT_FAILURE;

955

ret = klogctl(7, NULL, 0);

956

if(ret == -1){

957

perror("klogctl");

958

}

959

926

goto end;

960

927

}

961

928

strcpy(network.ifr_name, interface);

962

929

ret = ioctl(sd, SIOCGIFFLAGS, &network);

963

930

if(ret == -1){

964

931

perror("ioctl SIOCGIFFLAGS");

965

ret = klogctl(7, NULL, 0);

966

if(ret == -1){

967

perror("klogctl");

968

}

969

932

exitcode = EXIT_FAILURE;

970

933

goto end;

971

934

}

975

938

if(ret == -1){

976

939

perror("ioctl SIOCSIFFLAGS");

977

940

exitcode = EXIT_FAILURE;

978

ret = klogctl(7, NULL, 0);

979

if(ret == -1){

980

perror("klogctl");

981

}

982

941

goto end;

983

942

}

984

943

}

985

// sleep checking until interface is running

986

for(int i=0; i < delay * 4; i++){

987

ret = ioctl(sd, SIOCGIFFLAGS, &network);

988

if(ret == -1){

989

perror("ioctl SIOCGIFFLAGS");

990

} else if(network.ifr_flags & IFF_RUNNING){

991

break;

992

}

993

struct timespec sleeptime = { .tv_nsec = 250000000 };

994

nanosleep(&sleeptime, NULL);

995

}

996

944

ret = (int)TEMP_FAILURE_RETRY(close(sd));

997

945

if(ret == -1){

998

946

perror("close");

999

947

}

1000

// Restores kernel loglevel to default

1001

ret = klogctl(7, NULL, 0);

1002

if(ret == -1){

1003

perror("klogctl");

1004

}

1005

948

}

1006

949

1007

950

uid = getuid();

1056

999

goto end;

1057

1000

}

1058

1001

uint16_t port;

1059

ret = sscanf(address+1, "%" SCNdMAX "%n", &tmpmax, &numchars);

1060

if(ret < 1 or tmpmax != (uint16_t)tmpmax

1061

or address[numchars+1] != '\0'){

1002

ret = sscanf(address+1, "%" SCNu16, &port);

1003

if(ret != 1){

1062

1004

fprintf(stderr, "Bad port number\n");

1063

1005

exitcode = EXIT_FAILURE;

1064

1006

goto end;

1065

1007

}

1066

port = (uint16_t)tmpmax;

1067

1008

*address = '\0';

1068

1009

address = connect_to;

1069

1010

ret = start_mandos_communication(address, port, if_index, &mc);

1134

1075

if(debug){

1135

1076

fprintf(stderr, "Starting Avahi loop search\n");

1136

1077

}

1137

1078

1138

1079

avahi_simple_poll_loop(mc.simple_poll);

1139

1080

1140

1081

end:

Older »