To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 266
- compare with another revision
- download diff
- download tarball
- view history from revision 266
- Committer: Teddy Hogeborn
- Date: 2009-01-13 04:35:19 UTC
- Revision ID: teddy@fukt.bsnet.se-20090113043519-0yr39snphoegq8l1
* plugin-runner.c: Only space changes.
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -
- files removed:
- debian/watch
- files renamed:
- mandos-ctl => mandos-list *
- files modified:
- INSTALL
added
removed
plugins.d/mandos-client.c
36
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
37
38
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror(), sscanf(),
40
remove() */
39
stdout, ferror(), sscanf */
41
40
#include <stdint.h> /* uint16_t, uint32_t */
42
41
#include <stddef.h> /* NULL, size_t, ssize_t */
43
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
58
57
#include <fcntl.h> /* open() */
59
58
#include <dirent.h> /* opendir(), struct dirent, readdir()
60
59
*/
61
#include <inttypes.h> /* PRIu16, intmax_t, SCNdMAX */
60
#include <inttypes.h> /* PRIu16, SCNu16 */
62
61
#include <assert.h> /* assert() */
63
62
#include <errno.h> /* perror(), errno */
64
63
#include <time.h> /* time() */
154
153
155
154
156
155
/*
157
* Helper function to insert pub and seckey to the engine keyring.
156
* Helper function to insert pub and seckey to the enigne keyring.
158
157
*/
159
158
bool import_key(const char *filename){
160
159
int fd;
366
365
}
367
366
368
367
static const char * safer_gnutls_strerror(int value) {
369
const char *ret = gnutls_strerror(value); /* Spurious warning from
370
-Wunreachable-code */
368
const char *ret = gnutls_strerror(value); /* Spurious warning */
371
369
if(ret == NULL)
372
370
ret = "(unknown)";
373
371
return ret;
406
404
/* OpenPGP credentials */
407
405
gnutls_certificate_allocate_credentials(&mc->cred);
408
406
if(ret != GNUTLS_E_SUCCESS){
409
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
410
* from
411
* -Wunreachable-code
412
*/
407
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious
408
warning */
413
409
safer_gnutls_strerror(ret));
414
410
gnutls_global_deinit();
415
411
return -1;
557
553
fprintf(stderr, "Bad address: %s\n", ip);
558
554
return -1;
559
555
}
560
to.in6.sin6_port = htons(port); /* Spurious warnings from
561
-Wconversion and
562
-Wunreachable-code */
556
to.in6.sin6_port = htons(port); /* Spurious warning */
563
557
564
558
to.in6.sin6_scope_id = (uint32_t)if_index;
565
559
755
749
avahi_address_snprint(ip, sizeof(ip), address);
756
750
if(debug){
757
751
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
758
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
759
ip, (intmax_t)interface, port);
752
PRIu16 ") on port %d\n", name, host_name, ip,
753
interface, port);
760
754
}
761
755
int ret = start_mandos_communication(ip, port, interface, mc);
762
756
if(ret == 0){
822
816
AvahiSServiceBrowser *sb = NULL;
823
817
int error;
824
818
int ret;
825
intmax_t tmpmax;
826
int numchars;
827
819
int exitcode = EXIT_SUCCESS;
828
820
const char *interface = "eth0";
829
821
struct ifreq network;
832
824
gid_t gid;
833
825
char *connect_to = NULL;
834
826
char tempdir[] = "/tmp/mandosXXXXXX";
835
bool tempdir_created = false;
836
827
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
837
828
const char *seckey = PATHDIR "/" SECKEY;
838
829
const char *pubkey = PATHDIR "/" PUBKEY;
840
831
mandos_context mc = { .simple_poll = NULL, .server = NULL,
841
832
.dh_bits = 1024, .priority = "SECURE256"
842
833
":!CTYPE-X.509:+CTYPE-OPENPGP" };
843
bool gnutls_initialized = false;
844
bool gpgme_initialized = false;
834
bool gnutls_initalized = false;
835
bool gpgme_initalized = false;
845
836
846
837
{
847
838
struct argp_option options[] = {
895
886
pubkey = arg;
896
887
break;
897
888
case 129: /* --dh-bits */
898
ret = sscanf(arg, "%" SCNdMAX "%n", &tmpmax, &numchars);
899
if(ret < 1 or tmpmax != (typeof(mc.dh_bits))tmpmax
900
or arg[numchars] != '\0'){
889
ret = sscanf(arg, "%u", &mc.dh_bits);
890
if(ret != 1){
901
891
fprintf(stderr, "Bad number of DH bits\n");
902
892
exit(EXIT_FAILURE);
903
893
}
904
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
905
894
break;
906
895
case 130: /* --priority */
907
896
mc.priority = arg;
961
950
uid = getuid();
962
951
gid = getgid();
963
952
953
ret = setuid(uid);
954
if(ret == -1){
955
perror("setuid");
956
}
957
964
958
setgid(gid);
965
959
if(ret == -1){
966
960
perror("setgid");
967
961
}
968
962
969
ret = setuid(uid);
970
if(ret == -1){
971
perror("setuid");
972
}
973
974
963
ret = init_gnutls_global(&mc, pubkey, seckey);
975
964
if(ret == -1){
976
965
fprintf(stderr, "init_gnutls_global failed\n");
977
966
exitcode = EXIT_FAILURE;
978
967
goto end;
979
968
} else {
980
gnutls_initialized = true;
969
gnutls_initalized = true;
981
970
}
982
971
983
972
if(mkdtemp(tempdir) == NULL){
984
973
perror("mkdtemp");
974
tempdir[0] = '\0';
985
975
goto end;
986
976
}
987
tempdir_created = true;
988
977
989
978
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
990
fprintf(stderr, "init_gpgme failed\n");
979
fprintf(stderr, "gpgme_initalized failed\n");
991
980
exitcode = EXIT_FAILURE;
992
981
goto end;
993
982
} else {
994
gpgme_initialized = true;
983
gpgme_initalized = true;
995
984
}
996
985
997
986
if_index = (AvahiIfIndex) if_nametoindex(interface);
998
987
if(if_index == 0){
999
988
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1000
exitcode = EXIT_FAILURE;
1001
goto end;
989
exit(EXIT_FAILURE);
1002
990
}
1003
991
1004
992
if(connect_to != NULL){
1011
999
goto end;
1012
1000
}
1013
1001
uint16_t port;
1014
ret = sscanf(address+1, "%" SCNdMAX "%n", &tmpmax, &numchars);
1015
if(ret < 1 or tmpmax != (uint16_t)tmpmax
1016
or address[numchars+1] != '\0'){
1002
ret = sscanf(address+1, "%" SCNu16, &port);
1003
if(ret != 1){
1017
1004
fprintf(stderr, "Bad port number\n");
1018
1005
exitcode = EXIT_FAILURE;
1019
1006
goto end;
1020
1007
}
1021
port = (uint16_t)tmpmax;
1022
1008
*address = '\0';
1023
1009
address = connect_to;
1024
1010
ret = start_mandos_communication(address, port, if_index, &mc);
1108
1094
if(mc.simple_poll != NULL)
1109
1095
avahi_simple_poll_free(mc.simple_poll);
1110
1096
1111
if(gnutls_initialized){
1097
if(gnutls_initalized){
1112
1098
gnutls_certificate_free_credentials(mc.cred);
1113
1099
gnutls_global_deinit();
1114
1100
gnutls_dh_params_deinit(mc.dh_params);
1115
1101
}
1116
1102
1117
if(gpgme_initialized){
1103
if(gpgme_initalized){
1118
1104
gpgme_release(mc.ctx);
1119
1105
}
1120
1106
1121
1107
/* Removes the temp directory used by GPGME */
1122
if(tempdir_created){
1108
if(tempdir[0] != '\0'){
1123
1109
DIR *d;
1124
1110
struct dirent *direntry;
1125
1111
d = opendir(tempdir);
1133
1119
if(direntry == NULL){
1134
1120
break;
1135
1121
}
1136
/* Skip "." and ".." */
1137
if(direntry->d_name[0] == '.'
1138
and (direntry->d_name[1] == '\0'
1139
or (direntry->d_name[1] == '.'
1140
and direntry->d_name[2] == '\0'))){
1141
continue;
1142
}
1143
char *fullname = NULL;
1144
ret = asprintf(&fullname, "%s/%s", tempdir,
1145
direntry->d_name);
1146
if(ret < 0){
1147
perror("asprintf");
1148
continue;
1149
}
1150
ret = remove(fullname);
1151
if(ret == -1){
1152
fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1153
strerror(errno));
1154
}
1155
free(fullname);
1122
if(direntry->d_type == DT_REG){
1123
char *fullname = NULL;
1124
ret = asprintf(&fullname, "%s/%s", tempdir,
1125
direntry->d_name);
1126
if(ret < 0){
1127
perror("asprintf");
1128
continue;
1129
}
1130
ret = unlink(fullname);
1131
if(ret == -1){
1132
fprintf(stderr, "unlink(\"%s\"): %s",
1133
fullname, strerror(errno));
1134
}
1135
free(fullname);
1136
}
1156
1137
}
1157
1138
closedir(d);
1158
1139
}
1161
1142
perror("rmdir");
1162
1143
}
1163
1144
}
1164
1145
1165
1146
return exitcode;
1166
1147
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0