To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 301
- compare with another revision
- download diff
- download tarball
- view history from revision 301
- Committer: Teddy Hogeborn
- Date: 2009-02-07 03:38:17 UTC
- Revision ID: teddy@fukt.bsnet.se-20090207033817-aotdjeibhz3sa4lr
* plugin-runner.c (main): If debugging, print name of failed plugins.
added
removed
plugins.d/mandos-client.c
42
42
#include <stddef.h> /* NULL, size_t, ssize_t */
43
43
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
44
44
srand() */
45
#include <stdbool.h> /* bool, false, true */
45
#include <stdbool.h> /* bool, true */
46
46
#include <string.h> /* memset(), strcmp(), strlen(),
47
47
strerror(), asprintf(), strcpy() */
48
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/ioctl.h> /* ioctl */
49
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, uid_t, gid_t, open(),
52
opendir(), DIR */
51
SOCK_STREAM, INET6_ADDRSTRLEN,
52
uid_t, gid_t, open(), opendir(),
53
DIR */
53
54
#include <sys/stat.h> /* open() */
54
55
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
inet_pton(), connect() */
56
struct in6_addr, inet_pton(),
57
connect() */
56
58
#include <fcntl.h> /* open() */
57
59
#include <dirent.h> /* opendir(), struct dirent, readdir()
58
60
*/
63
65
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
64
66
SIOCSIFFLAGS, if_indextoname(),
65
67
if_nametoindex(), IF_NAMESIZE */
66
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
67
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
68
*/
68
#include <netinet/in.h>
69
69
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
70
70
getuid(), getgid(), setuid(),
71
71
setgid() */
72
72
#include <arpa/inet.h> /* inet_pton(), htons */
73
#include <iso646.h> /* not, or, and */
73
#include <iso646.h> /* not, and, or */
74
74
#include <argp.h> /* struct argp_option, error_t, struct
75
75
argp_state, struct argp,
76
76
argp_parse(), ARGP_KEY_ARG,
77
77
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
78
#include <signal.h> /* sigemptyset(), sigaddset(), sigaction(), SIGTERM, sigaction */
79
78
#ifdef __linux__
80
79
#include <sys/klog.h> /* klogctl() */
81
80
#endif
130
129
gpgme_ctx_t ctx;
131
130
} mandos_context;
132
131
133
/* global context so signal handler can reach it*/
134
mandos_context mc;
135
136
132
/*
137
* Make additional room in "buffer" for at least BUFFER_SIZE
138
* additional bytes. "buffer_capacity" is how much is currently
139
* allocated, "buffer_length" is how much is already used.
133
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
134
* "buffer_capacity" is how much is currently allocated,
135
* "buffer_length" is how much is already used.
140
136
*/
141
size_t incbuffer(char **buffer, size_t buffer_length,
137
size_t adjustbuffer(char **buffer, size_t buffer_length,
142
138
size_t buffer_capacity){
143
139
if(buffer_length + BUFFER_SIZE > buffer_capacity){
144
140
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
153
149
/*
154
150
* Initialize GPGME.
155
151
*/
156
static bool init_gpgme(const char *seckey,
152
static bool init_gpgme(mandos_context *mc, const char *seckey,
157
153
const char *pubkey, const char *tempdir){
158
154
int ret;
159
155
gpgme_error_t rc;
180
176
return false;
181
177
}
182
178
183
rc = gpgme_op_import(mc.ctx, pgp_data);
179
rc = gpgme_op_import(mc->ctx, pgp_data);
184
180
if(rc != GPG_ERR_NO_ERROR){
185
181
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
186
182
gpgme_strsource(rc), gpgme_strerror(rc));
229
225
}
230
226
231
227
/* Create new GPGME "context" */
232
rc = gpgme_new(&(mc.ctx));
228
rc = gpgme_new(&(mc->ctx));
233
229
if(rc != GPG_ERR_NO_ERROR){
234
230
fprintf(stderr, "bad gpgme_new: %s: %s\n",
235
231
gpgme_strsource(rc), gpgme_strerror(rc));
247
243
* Decrypt OpenPGP data.
248
244
* Returns -1 on error
249
245
*/
250
static ssize_t pgp_packet_decrypt(const char *cryptotext,
246
static ssize_t pgp_packet_decrypt(const mandos_context *mc,
247
const char *cryptotext,
251
248
size_t crypto_size,
252
249
char **plaintext){
253
250
gpgme_data_t dh_crypto, dh_plain;
280
277
281
278
/* Decrypt data from the cryptotext data buffer to the plaintext
282
279
data buffer */
283
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
280
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
284
281
if(rc != GPG_ERR_NO_ERROR){
285
282
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
286
283
gpgme_strsource(rc), gpgme_strerror(rc));
287
284
plaintext_length = -1;
288
285
if(debug){
289
286
gpgme_decrypt_result_t result;
290
result = gpgme_op_decrypt_result(mc.ctx);
287
result = gpgme_op_decrypt_result(mc->ctx);
291
288
if(result == NULL){
292
289
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
293
290
} else {
329
326
330
327
*plaintext = NULL;
331
328
while(true){
332
plaintext_capacity = incbuffer(plaintext,
329
plaintext_capacity = adjustbuffer(plaintext,
333
330
(size_t)plaintext_length,
334
331
plaintext_capacity);
335
332
if(plaintext_capacity == 0){
336
perror("incbuffer");
333
perror("adjustbuffer");
337
334
plaintext_length = -1;
338
335
goto decrypt_end;
339
336
}
385
382
fprintf(stderr, "GnuTLS: %s", string);
386
383
}
387
384
388
static int init_gnutls_global(const char *pubkeyfilename,
385
static int init_gnutls_global(mandos_context *mc,
386
const char *pubkeyfilename,
389
387
const char *seckeyfilename){
390
388
int ret;
391
389
409
407
}
410
408
411
409
/* OpenPGP credentials */
412
gnutls_certificate_allocate_credentials(&mc.cred);
410
gnutls_certificate_allocate_credentials(&mc->cred);
413
411
if(ret != GNUTLS_E_SUCCESS){
414
412
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
415
from
416
-Wunreachable-code
417
*/
413
* from
414
* -Wunreachable-code
415
*/
418
416
safer_gnutls_strerror(ret));
419
417
gnutls_global_deinit();
420
418
return -1;
427
425
}
428
426
429
427
ret = gnutls_certificate_set_openpgp_key_file
430
(mc.cred, pubkeyfilename, seckeyfilename,
428
(mc->cred, pubkeyfilename, seckeyfilename,
431
429
GNUTLS_OPENPGP_FMT_BASE64);
432
430
if(ret != GNUTLS_E_SUCCESS){
433
431
fprintf(stderr,
439
437
}
440
438
441
439
/* GnuTLS server initialization */
442
ret = gnutls_dh_params_init(&mc.dh_params);
440
ret = gnutls_dh_params_init(&mc->dh_params);
443
441
if(ret != GNUTLS_E_SUCCESS){
444
442
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
445
443
" %s\n", safer_gnutls_strerror(ret));
446
444
goto globalfail;
447
445
}
448
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
446
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
449
447
if(ret != GNUTLS_E_SUCCESS){
450
448
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
451
449
safer_gnutls_strerror(ret));
452
450
goto globalfail;
453
451
}
454
452
455
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
453
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
456
454
457
455
return 0;
458
456
459
457
globalfail:
460
458
461
gnutls_certificate_free_credentials(mc.cred);
459
gnutls_certificate_free_credentials(mc->cred);
462
460
gnutls_global_deinit();
463
gnutls_dh_params_deinit(mc.dh_params);
461
gnutls_dh_params_deinit(mc->dh_params);
464
462
return -1;
465
463
}
466
464
467
static int init_gnutls_session(gnutls_session_t *session){
465
static int init_gnutls_session(mandos_context *mc,
466
gnutls_session_t *session){
468
467
int ret;
469
468
/* GnuTLS session creation */
470
469
ret = gnutls_init(session, GNUTLS_SERVER);
475
474
476
475
{
477
476
const char *err;
478
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
477
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
479
478
if(ret != GNUTLS_E_SUCCESS){
480
479
fprintf(stderr, "Syntax error at: %s\n", err);
481
480
fprintf(stderr, "GnuTLS error: %s\n",
486
485
}
487
486
488
487
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
489
mc.cred);
488
mc->cred);
490
489
if(ret != GNUTLS_E_SUCCESS){
491
490
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
492
491
safer_gnutls_strerror(ret));
498
497
gnutls_certificate_server_set_request(*session,
499
498
GNUTLS_CERT_IGNORE);
500
499
501
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
500
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
502
501
503
502
return 0;
504
503
}
510
509
/* Called when a Mandos server is found */
511
510
static int start_mandos_communication(const char *ip, uint16_t port,
512
511
AvahiIfIndex if_index,
513
int af){
512
mandos_context *mc){
514
513
int ret, tcp_sd;
515
514
ssize_t sret;
516
union {
517
struct sockaddr_in in;
518
struct sockaddr_in6 in6;
519
} to;
515
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
520
516
char *buffer = NULL;
521
517
char *decrypted_buffer;
522
518
size_t buffer_length = 0;
524
520
ssize_t decrypted_buffer_size;
525
521
size_t written;
526
522
int retval = 0;
523
char interface[IF_NAMESIZE];
527
524
gnutls_session_t session;
528
int pf; /* Protocol family */
529
530
switch(af){
531
case AF_INET6:
532
pf = PF_INET6;
533
break;
534
case AF_INET:
535
pf = PF_INET;
536
break;
537
default:
538
fprintf(stderr, "Bad address family: %d\n", af);
539
return -1;
540
}
541
542
ret = init_gnutls_session(&session);
525
526
ret = init_gnutls_session(mc, &session);
543
527
if(ret != 0){
544
528
return -1;
545
529
}
546
530
547
531
if(debug){
548
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
532
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
549
533
"\n", ip, port);
550
534
}
551
535
552
tcp_sd = socket(pf, SOCK_STREAM, 0);
536
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
553
537
if(tcp_sd < 0){
554
538
perror("socket");
555
539
return -1;
556
540
}
557
541
542
if(debug){
543
if(if_indextoname((unsigned int)if_index, interface) == NULL){
544
perror("if_indextoname");
545
return -1;
546
}
547
fprintf(stderr, "Binding to interface %s\n", interface);
548
}
549
558
550
memset(&to, 0, sizeof(to));
559
if(af == AF_INET6){
560
to.in6.sin6_family = (uint16_t)af;
561
ret = inet_pton(af, ip, &to.in6.sin6_addr);
562
} else { /* IPv4 */
563
to.in.sin_family = (sa_family_t)af;
564
ret = inet_pton(af, ip, &to.in.sin_addr);
565
}
551
to.in6.sin6_family = AF_INET6;
552
/* It would be nice to have a way to detect if we were passed an
553
IPv4 address here. Now we assume an IPv6 address. */
554
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
566
555
if(ret < 0 ){
567
556
perror("inet_pton");
568
557
return -1;
571
560
fprintf(stderr, "Bad address: %s\n", ip);
572
561
return -1;
573
562
}
574
if(af == AF_INET6){
575
to.in6.sin6_port = htons(port); /* Spurious warnings from
576
-Wconversion and
577
-Wunreachable-code */
578
579
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
580
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
581
-Wunreachable-code*/
582
if(if_index == AVAHI_IF_UNSPEC){
583
fprintf(stderr, "An IPv6 link-local address is incomplete"
584
" without a network interface\n");
585
return -1;
586
}
587
/* Set the network interface number as scope */
588
to.in6.sin6_scope_id = (uint32_t)if_index;
589
}
590
} else {
591
to.in.sin_port = htons(port); /* Spurious warnings from
563
to.in6.sin6_port = htons(port); /* Spurious warnings from
592
564
-Wconversion and
593
565
-Wunreachable-code */
594
}
566
567
to.in6.sin6_scope_id = (uint32_t)if_index;
595
568
596
569
if(debug){
597
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
598
char interface[IF_NAMESIZE];
599
if(if_indextoname((unsigned int)if_index, interface) == NULL){
600
perror("if_indextoname");
601
} else {
602
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
603
ip, interface, port);
604
}
605
} else {
606
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
607
port);
608
}
609
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
610
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
611
const char *pcret;
612
if(af == AF_INET6){
613
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
614
sizeof(addrstr));
615
} else {
616
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
617
sizeof(addrstr));
618
}
619
if(pcret == NULL){
570
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
571
port);
572
char addrstr[INET6_ADDRSTRLEN] = "";
573
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
574
sizeof(addrstr)) == NULL){
620
575
perror("inet_ntop");
621
576
} else {
622
577
if(strcmp(addrstr, ip) != 0){
625
580
}
626
581
}
627
582
628
if(af == AF_INET6){
629
ret = connect(tcp_sd, &to.in6, sizeof(to));
630
} else {
631
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
632
}
583
ret = connect(tcp_sd, &to.in, sizeof(to));
633
584
if(ret < 0){
634
585
perror("connect");
635
586
return -1;
681
632
/* Read OpenPGP packet that contains the wanted password */
682
633
683
634
if(debug){
684
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
635
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
685
636
ip);
686
637
}
687
638
688
639
while(true){
689
buffer_capacity = incbuffer(&buffer, buffer_length,
640
buffer_capacity = adjustbuffer(&buffer, buffer_length,
690
641
buffer_capacity);
691
642
if(buffer_capacity == 0){
692
perror("incbuffer");
643
perror("adjustbuffer");
693
644
retval = -1;
694
645
goto mandos_end;
695
646
}
734
685
gnutls_bye(session, GNUTLS_SHUT_RDWR);
735
686
736
687
if(buffer_length > 0){
737
decrypted_buffer_size = pgp_packet_decrypt(buffer,
688
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
738
689
buffer_length,
739
690
&decrypted_buffer);
740
691
if(decrypted_buffer_size >= 0){
775
726
776
727
static void resolve_callback(AvahiSServiceResolver *r,
777
728
AvahiIfIndex interface,
778
AvahiProtocol proto,
729
AVAHI_GCC_UNUSED AvahiProtocol protocol,
779
730
AvahiResolverEvent event,
780
731
const char *name,
781
732
const char *type,
786
737
AVAHI_GCC_UNUSED AvahiStringList *txt,
787
738
AVAHI_GCC_UNUSED AvahiLookupResultFlags
788
739
flags,
789
__attribute__((unused)) void* userdata){
740
void* userdata){
741
mandos_context *mc = userdata;
790
742
assert(r);
791
743
792
744
/* Called whenever a service has been resolved successfully or
797
749
case AVAHI_RESOLVER_FAILURE:
798
750
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
799
751
" of type '%s' in domain '%s': %s\n", name, type, domain,
800
avahi_strerror(avahi_server_errno(mc.server)));
752
avahi_strerror(avahi_server_errno(mc->server)));
801
753
break;
802
754
803
755
case AVAHI_RESOLVER_FOUND:
809
761
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
810
762
ip, (intmax_t)interface, port);
811
763
}
812
int ret = start_mandos_communication(ip, port, interface,
813
avahi_proto_to_af(proto));
764
int ret = start_mandos_communication(ip, port, interface, mc);
814
765
if(ret == 0){
815
avahi_simple_poll_quit(mc.simple_poll);
766
avahi_simple_poll_quit(mc->simple_poll);
816
767
}
817
768
}
818
769
}
828
779
const char *domain,
829
780
AVAHI_GCC_UNUSED AvahiLookupResultFlags
830
781
flags,
831
__attribute__((unused)) void* userdata){
782
void* userdata){
783
mandos_context *mc = userdata;
832
784
assert(b);
833
785
834
786
/* Called whenever a new services becomes available on the LAN or
839
791
case AVAHI_BROWSER_FAILURE:
840
792
841
793
fprintf(stderr, "(Avahi browser) %s\n",
842
avahi_strerror(avahi_server_errno(mc.server)));
843
avahi_simple_poll_quit(mc.simple_poll);
794
avahi_strerror(avahi_server_errno(mc->server)));
795
avahi_simple_poll_quit(mc->simple_poll);
844
796
return;
845
797
846
798
case AVAHI_BROWSER_NEW:
849
801
the callback function is called the Avahi server will free the
850
802
resolver for us. */
851
803
852
if(!(avahi_s_service_resolver_new(mc.server, interface,
804
if(!(avahi_s_service_resolver_new(mc->server, interface,
853
805
protocol, name, type, domain,
854
806
AVAHI_PROTO_INET6, 0,
855
resolve_callback, NULL)))
807
resolve_callback, mc)))
856
808
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
857
name, avahi_strerror(avahi_server_errno(mc.server)));
809
name, avahi_strerror(avahi_server_errno(mc->server)));
858
810
break;
859
811
860
812
case AVAHI_BROWSER_REMOVE:
869
821
}
870
822
}
871
823
872
static void handle_sigterm(__attribute__((unused)) int sig){
873
int old_errno = errno;
874
avahi_simple_poll_quit(mc.simple_poll);
875
errno = old_errno;
876
}
877
878
824
int main(int argc, char *argv[]){
879
825
AvahiSServiceBrowser *sb = NULL;
880
826
int error;
894
840
const char *seckey = PATHDIR "/" SECKEY;
895
841
const char *pubkey = PATHDIR "/" PUBKEY;
896
842
843
mandos_context mc = { .simple_poll = NULL, .server = NULL,
844
.dh_bits = 1024, .priority = "SECURE256"
845
":!CTYPE-X.509:+CTYPE-OPENPGP" };
897
846
bool gnutls_initialized = false;
898
847
bool gpgme_initialized = false;
899
848
double delay = 2.5;
900
901
struct sigaction old_sigterm_action;
902
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
903
904
/* Initialize mandos context */
905
mc = (mandos_context){ .simple_poll = NULL, .server = NULL,
906
.dh_bits = 1024, .priority = "SECURE256"
907
":!CTYPE-X.509:+CTYPE-OPENPGP" };
908
849
909
850
{
910
851
struct argp_option options[] = {
916
857
.group = 1 },
917
858
{ .name = "interface", .key = 'i',
918
859
.arg = "NAME",
919
.doc = "Network interface that will be used to search for"
920
" Mandos servers",
860
.doc = "Interface that will be used to search for Mandos"
861
" servers",
921
862
.group = 1 },
922
863
{ .name = "seckey", .key = 's',
923
864
.arg = "FILE",
1003
944
}
1004
945
1005
946
/* If the interface is down, bring it up */
1006
if(interface[0] != '\0'){
947
{
1007
948
#ifdef __linux__
1008
949
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1009
950
messages to mess up the prompt */
1010
951
ret = klogctl(8, NULL, 5);
1011
bool restore_loglevel = true;
1012
952
if(ret == -1){
1013
restore_loglevel = false;
1014
953
perror("klogctl");
1015
954
}
1016
955
#endif
1020
959
perror("socket");
1021
960
exitcode = EXIT_FAILURE;
1022
961
#ifdef __linux__
1023
if(restore_loglevel){
1024
ret = klogctl(7, NULL, 0);
1025
if(ret == -1){
1026
perror("klogctl");
1027
}
962
ret = klogctl(7, NULL, 0);
963
if(ret == -1){
964
perror("klogctl");
1028
965
}
1029
966
#endif
1030
967
goto end;
1034
971
if(ret == -1){
1035
972
perror("ioctl SIOCGIFFLAGS");
1036
973
#ifdef __linux__
1037
if(restore_loglevel){
1038
ret = klogctl(7, NULL, 0);
1039
if(ret == -1){
1040
perror("klogctl");
1041
}
974
ret = klogctl(7, NULL, 0);
975
if(ret == -1){
976
perror("klogctl");
1042
977
}
1043
978
#endif
1044
979
exitcode = EXIT_FAILURE;
1051
986
perror("ioctl SIOCSIFFLAGS");
1052
987
exitcode = EXIT_FAILURE;
1053
988
#ifdef __linux__
1054
if(restore_loglevel){
1055
ret = klogctl(7, NULL, 0);
1056
if(ret == -1){
1057
perror("klogctl");
1058
}
989
ret = klogctl(7, NULL, 0);
990
if(ret == -1){
991
perror("klogctl");
1059
992
}
1060
993
#endif
1061
994
goto end;
1080
1013
perror("close");
1081
1014
}
1082
1015
#ifdef __linux__
1083
if(restore_loglevel){
1084
/* Restores kernel loglevel to default */
1085
ret = klogctl(7, NULL, 0);
1086
if(ret == -1){
1087
perror("klogctl");
1088
}
1016
/* Restores kernel loglevel to default */
1017
ret = klogctl(7, NULL, 0);
1018
if(ret == -1){
1019
perror("klogctl");
1089
1020
}
1090
1021
#endif
1091
1022
}
1093
1024
uid = getuid();
1094
1025
gid = getgid();
1095
1026
1096
errno = 0;
1097
1027
setgid(gid);
1098
1028
if(ret == -1){
1099
1029
perror("setgid");
1104
1034
perror("setuid");
1105
1035
}
1106
1036
1107
ret = init_gnutls_global(pubkey, seckey);
1037
ret = init_gnutls_global(&mc, pubkey, seckey);
1108
1038
if(ret == -1){
1109
1039
fprintf(stderr, "init_gnutls_global failed\n");
1110
1040
exitcode = EXIT_FAILURE;
1119
1049
}
1120
1050
tempdir_created = true;
1121
1051
1122
if(not init_gpgme(pubkey, seckey, tempdir)){
1052
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
1123
1053
fprintf(stderr, "init_gpgme failed\n");
1124
1054
exitcode = EXIT_FAILURE;
1125
1055
goto end;
1127
1057
gpgme_initialized = true;
1128
1058
}
1129
1059
1130
if(interface[0] != '\0'){
1131
if_index = (AvahiIfIndex) if_nametoindex(interface);
1132
if(if_index == 0){
1133
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1134
exitcode = EXIT_FAILURE;
1135
goto end;
1136
}
1060
if_index = (AvahiIfIndex) if_nametoindex(interface);
1061
if(if_index == 0){
1062
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1063
exitcode = EXIT_FAILURE;
1064
goto end;
1137
1065
}
1138
1066
1139
1067
if(connect_to != NULL){
1156
1084
port = (uint16_t)tmpmax;
1157
1085
*address = '\0';
1158
1086
address = connect_to;
1159
/* Colon in address indicates IPv6 */
1160
int af;
1161
if(strchr(address, ':') != NULL){
1162
af = AF_INET6;
1163
} else {
1164
af = AF_INET;
1165
}
1166
ret = start_mandos_communication(address, port, if_index,
1167
af);
1087
ret = start_mandos_communication(address, port, if_index, &mc);
1168
1088
if(ret < 0){
1169
1089
exitcode = EXIT_FAILURE;
1170
1090
} else {
1217
1137
/* Create the Avahi service browser */
1218
1138
sb = avahi_s_service_browser_new(mc.server, if_index,
1219
1139
AVAHI_PROTO_INET6, "_mandos._tcp",
1220
NULL, 0, browse_callback, NULL);
1140
NULL, 0, browse_callback, &mc);
1221
1141
if(sb == NULL){
1222
1142
fprintf(stderr, "Failed to create service browser: %s\n",
1223
1143
avahi_strerror(avahi_server_errno(mc.server)));
1224
1144
exitcode = EXIT_FAILURE;
1225
1145
goto end;
1226
1146
}
1227
1228
sigemptyset(&sigterm_action.sa_mask);
1229
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1230
if(ret == -1){
1231
perror("sigaddset");
1232
exitcode = EXIT_FAILURE;
1233
goto end;
1234
}
1235
ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);
1236
if(ret == -1){
1237
perror("sigaction");
1238
exitcode = EXIT_FAILURE;
1239
goto end;
1240
}
1241
1147
1242
1148
/* Run the main loop */
1243
1149
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0