To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Teddy Hogeborn
- Date: 2009-02-09 19:26:19 UTC
- Revision ID: teddy@fukt.bsnet.se-20090209192619-7rse82x9pypq4ihk
* plugin-runner.c: Comment change.
* plugins.d/mandos-client.c: Comment changes.
(quit_now): New global flag.
(handle_sigterm): Only call avahi_simple_poll_quit once.
(main): Also handle SIGINT and SIGHUP.
* plugins.d/mandos-client.c: Comment changes.
(quit_now): New global flag.
(handle_sigterm): Only call avahi_simple_poll_quit once.
(main): Also handle SIGINT and SIGHUP.
added
removed
plugins.d/mandos-client.c
42
42
#include <stddef.h> /* NULL, size_t, ssize_t */
43
43
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
44
44
srand() */
45
#include <stdbool.h> /* bool, true */
45
#include <stdbool.h> /* bool, false, true */
46
46
#include <string.h> /* memset(), strcmp(), strlen(),
47
47
strerror(), asprintf(), strcpy() */
48
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/ioctl.h> /* ioctl */
49
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, INET6_ADDRSTRLEN,
52
uid_t, gid_t, open(), opendir(),
53
DIR */
51
SOCK_STREAM, uid_t, gid_t, open(),
52
opendir(), DIR */
54
53
#include <sys/stat.h> /* open() */
55
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
56
struct in6_addr, inet_pton(),
57
connect() */
55
inet_pton(), connect() */
58
56
#include <fcntl.h> /* open() */
59
57
#include <dirent.h> /* opendir(), struct dirent, readdir()
60
58
*/
65
63
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
66
64
SIOCSIFFLAGS, if_indextoname(),
67
65
if_nametoindex(), IF_NAMESIZE */
68
#include <netinet/in.h>
66
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
67
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
68
*/
69
69
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
70
70
getuid(), getgid(), setuid(),
71
71
setgid() */
72
72
#include <arpa/inet.h> /* inet_pton(), htons */
73
#include <iso646.h> /* not, and, or */
73
#include <iso646.h> /* not, or, and */
74
74
#include <argp.h> /* struct argp_option, error_t, struct
75
75
argp_state, struct argp,
76
76
argp_parse(), ARGP_KEY_ARG,
77
77
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
78
#include <signal.h> /* sigemptyset(), sigaddset(),
79
sigaction(), SIGTERM, sigaction,
80
sig_atomic_t */
81
78
82
#ifdef __linux__
79
83
#include <sys/klog.h> /* klogctl() */
80
#endif
84
#endif /* __linux__ */
81
85
82
86
/* Avahi */
83
87
/* All Avahi types, constants and functions
129
133
gpgme_ctx_t ctx;
130
134
} mandos_context;
131
135
136
/* global context so signal handler can reach it*/
137
mandos_context mc;
138
132
139
/*
133
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
134
* "buffer_capacity" is how much is currently allocated,
140
* Make additional room in "buffer" for at least BUFFER_SIZE more
141
* bytes. "buffer_capacity" is how much is currently allocated,
135
142
* "buffer_length" is how much is already used.
136
143
*/
137
size_t adjustbuffer(char **buffer, size_t buffer_length,
144
size_t incbuffer(char **buffer, size_t buffer_length,
138
145
size_t buffer_capacity){
139
146
if(buffer_length + BUFFER_SIZE > buffer_capacity){
140
147
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
149
156
/*
150
157
* Initialize GPGME.
151
158
*/
152
static bool init_gpgme(mandos_context *mc, const char *seckey,
159
static bool init_gpgme(const char *seckey,
153
160
const char *pubkey, const char *tempdir){
154
161
int ret;
155
162
gpgme_error_t rc;
176
183
return false;
177
184
}
178
185
179
rc = gpgme_op_import(mc->ctx, pgp_data);
186
rc = gpgme_op_import(mc.ctx, pgp_data);
180
187
if(rc != GPG_ERR_NO_ERROR){
181
188
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
182
189
gpgme_strsource(rc), gpgme_strerror(rc));
192
199
}
193
200
194
201
if(debug){
195
fprintf(stderr, "Initialize gpgme\n");
202
fprintf(stderr, "Initializing GPGME\n");
196
203
}
197
204
198
205
/* Init GPGME */
225
232
}
226
233
227
234
/* Create new GPGME "context" */
228
rc = gpgme_new(&(mc->ctx));
235
rc = gpgme_new(&(mc.ctx));
229
236
if(rc != GPG_ERR_NO_ERROR){
230
237
fprintf(stderr, "bad gpgme_new: %s: %s\n",
231
238
gpgme_strsource(rc), gpgme_strerror(rc));
243
250
* Decrypt OpenPGP data.
244
251
* Returns -1 on error
245
252
*/
246
static ssize_t pgp_packet_decrypt(const mandos_context *mc,
247
const char *cryptotext,
253
static ssize_t pgp_packet_decrypt(const char *cryptotext,
248
254
size_t crypto_size,
249
255
char **plaintext){
250
256
gpgme_data_t dh_crypto, dh_plain;
277
283
278
284
/* Decrypt data from the cryptotext data buffer to the plaintext
279
285
data buffer */
280
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
286
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
281
287
if(rc != GPG_ERR_NO_ERROR){
282
288
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
283
289
gpgme_strsource(rc), gpgme_strerror(rc));
284
290
plaintext_length = -1;
285
291
if(debug){
286
292
gpgme_decrypt_result_t result;
287
result = gpgme_op_decrypt_result(mc->ctx);
293
result = gpgme_op_decrypt_result(mc.ctx);
288
294
if(result == NULL){
289
295
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
290
296
} else {
326
332
327
333
*plaintext = NULL;
328
334
while(true){
329
plaintext_capacity = adjustbuffer(plaintext,
335
plaintext_capacity = incbuffer(plaintext,
330
336
(size_t)plaintext_length,
331
337
plaintext_capacity);
332
338
if(plaintext_capacity == 0){
333
perror("adjustbuffer");
339
perror("incbuffer");
334
340
plaintext_length = -1;
335
341
goto decrypt_end;
336
342
}
382
388
fprintf(stderr, "GnuTLS: %s", string);
383
389
}
384
390
385
static int init_gnutls_global(mandos_context *mc,
386
const char *pubkeyfilename,
391
static int init_gnutls_global(const char *pubkeyfilename,
387
392
const char *seckeyfilename){
388
393
int ret;
389
394
407
412
}
408
413
409
414
/* OpenPGP credentials */
410
gnutls_certificate_allocate_credentials(&mc->cred);
415
gnutls_certificate_allocate_credentials(&mc.cred);
411
416
if(ret != GNUTLS_E_SUCCESS){
412
417
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
413
* from
414
* -Wunreachable-code
415
*/
418
from
419
-Wunreachable-code
420
*/
416
421
safer_gnutls_strerror(ret));
417
422
gnutls_global_deinit();
418
423
return -1;
425
430
}
426
431
427
432
ret = gnutls_certificate_set_openpgp_key_file
428
(mc->cred, pubkeyfilename, seckeyfilename,
433
(mc.cred, pubkeyfilename, seckeyfilename,
429
434
GNUTLS_OPENPGP_FMT_BASE64);
430
435
if(ret != GNUTLS_E_SUCCESS){
431
436
fprintf(stderr,
437
442
}
438
443
439
444
/* GnuTLS server initialization */
440
ret = gnutls_dh_params_init(&mc->dh_params);
445
ret = gnutls_dh_params_init(&mc.dh_params);
441
446
if(ret != GNUTLS_E_SUCCESS){
442
447
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
443
448
" %s\n", safer_gnutls_strerror(ret));
444
449
goto globalfail;
445
450
}
446
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
451
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
447
452
if(ret != GNUTLS_E_SUCCESS){
448
453
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
449
454
safer_gnutls_strerror(ret));
450
455
goto globalfail;
451
456
}
452
457
453
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
458
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
454
459
455
460
return 0;
456
461
457
462
globalfail:
458
463
459
gnutls_certificate_free_credentials(mc->cred);
464
gnutls_certificate_free_credentials(mc.cred);
460
465
gnutls_global_deinit();
461
gnutls_dh_params_deinit(mc->dh_params);
466
gnutls_dh_params_deinit(mc.dh_params);
462
467
return -1;
463
468
}
464
469
465
static int init_gnutls_session(mandos_context *mc,
466
gnutls_session_t *session){
470
static int init_gnutls_session(gnutls_session_t *session){
467
471
int ret;
468
472
/* GnuTLS session creation */
469
473
ret = gnutls_init(session, GNUTLS_SERVER);
474
478
475
479
{
476
480
const char *err;
477
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
481
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
478
482
if(ret != GNUTLS_E_SUCCESS){
479
483
fprintf(stderr, "Syntax error at: %s\n", err);
480
484
fprintf(stderr, "GnuTLS error: %s\n",
485
489
}
486
490
487
491
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
488
mc->cred);
492
mc.cred);
489
493
if(ret != GNUTLS_E_SUCCESS){
490
494
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
491
495
safer_gnutls_strerror(ret));
497
501
gnutls_certificate_server_set_request(*session,
498
502
GNUTLS_CERT_IGNORE);
499
503
500
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
504
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
501
505
502
506
return 0;
503
507
}
509
513
/* Called when a Mandos server is found */
510
514
static int start_mandos_communication(const char *ip, uint16_t port,
511
515
AvahiIfIndex if_index,
512
mandos_context *mc){
516
int af){
513
517
int ret, tcp_sd;
514
518
ssize_t sret;
515
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
519
union {
520
struct sockaddr_in in;
521
struct sockaddr_in6 in6;
522
} to;
516
523
char *buffer = NULL;
517
524
char *decrypted_buffer;
518
525
size_t buffer_length = 0;
520
527
ssize_t decrypted_buffer_size;
521
528
size_t written;
522
529
int retval = 0;
523
char interface[IF_NAMESIZE];
524
530
gnutls_session_t session;
525
526
ret = init_gnutls_session(mc, &session);
531
int pf; /* Protocol family */
532
533
switch(af){
534
case AF_INET6:
535
pf = PF_INET6;
536
break;
537
case AF_INET:
538
pf = PF_INET;
539
break;
540
default:
541
fprintf(stderr, "Bad address family: %d\n", af);
542
return -1;
543
}
544
545
ret = init_gnutls_session(&session);
527
546
if(ret != 0){
528
547
return -1;
529
548
}
530
549
531
550
if(debug){
532
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
551
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
533
552
"\n", ip, port);
534
553
}
535
554
536
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
555
tcp_sd = socket(pf, SOCK_STREAM, 0);
537
556
if(tcp_sd < 0){
538
557
perror("socket");
539
558
return -1;
540
559
}
541
560
542
if(debug){
543
if(if_indextoname((unsigned int)if_index, interface) == NULL){
544
perror("if_indextoname");
545
return -1;
546
}
547
fprintf(stderr, "Binding to interface %s\n", interface);
548
}
549
550
561
memset(&to, 0, sizeof(to));
551
to.in6.sin6_family = AF_INET6;
552
/* It would be nice to have a way to detect if we were passed an
553
IPv4 address here. Now we assume an IPv6 address. */
554
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
562
if(af == AF_INET6){
563
to.in6.sin6_family = (uint16_t)af;
564
ret = inet_pton(af, ip, &to.in6.sin6_addr);
565
} else { /* IPv4 */
566
to.in.sin_family = (sa_family_t)af;
567
ret = inet_pton(af, ip, &to.in.sin_addr);
568
}
555
569
if(ret < 0 ){
556
570
perror("inet_pton");
557
571
return -1;
560
574
fprintf(stderr, "Bad address: %s\n", ip);
561
575
return -1;
562
576
}
563
to.in6.sin6_port = htons(port); /* Spurious warnings from
577
if(af == AF_INET6){
578
to.in6.sin6_port = htons(port); /* Spurious warnings from
579
-Wconversion and
580
-Wunreachable-code */
581
582
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
583
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
584
-Wunreachable-code*/
585
if(if_index == AVAHI_IF_UNSPEC){
586
fprintf(stderr, "An IPv6 link-local address is incomplete"
587
" without a network interface\n");
588
return -1;
589
}
590
/* Set the network interface number as scope */
591
to.in6.sin6_scope_id = (uint32_t)if_index;
592
}
593
} else {
594
to.in.sin_port = htons(port); /* Spurious warnings from
564
595
-Wconversion and
565
596
-Wunreachable-code */
566
567
to.in6.sin6_scope_id = (uint32_t)if_index;
597
}
568
598
569
599
if(debug){
570
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
571
port);
572
char addrstr[INET6_ADDRSTRLEN] = "";
573
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
574
sizeof(addrstr)) == NULL){
600
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
601
char interface[IF_NAMESIZE];
602
if(if_indextoname((unsigned int)if_index, interface) == NULL){
603
perror("if_indextoname");
604
} else {
605
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
606
ip, interface, port);
607
}
608
} else {
609
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
610
port);
611
}
612
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
613
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
614
const char *pcret;
615
if(af == AF_INET6){
616
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
617
sizeof(addrstr));
618
} else {
619
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
620
sizeof(addrstr));
621
}
622
if(pcret == NULL){
575
623
perror("inet_ntop");
576
624
} else {
577
625
if(strcmp(addrstr, ip) != 0){
580
628
}
581
629
}
582
630
583
ret = connect(tcp_sd, &to.in, sizeof(to));
631
if(af == AF_INET6){
632
ret = connect(tcp_sd, &to.in6, sizeof(to));
633
} else {
634
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
635
}
584
636
if(ret < 0){
585
637
perror("connect");
586
638
return -1;
632
684
/* Read OpenPGP packet that contains the wanted password */
633
685
634
686
if(debug){
635
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
687
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
636
688
ip);
637
689
}
638
690
639
691
while(true){
640
buffer_capacity = adjustbuffer(&buffer, buffer_length,
692
buffer_capacity = incbuffer(&buffer, buffer_length,
641
693
buffer_capacity);
642
694
if(buffer_capacity == 0){
643
perror("adjustbuffer");
695
perror("incbuffer");
644
696
retval = -1;
645
697
goto mandos_end;
646
698
}
685
737
gnutls_bye(session, GNUTLS_SHUT_RDWR);
686
738
687
739
if(buffer_length > 0){
688
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
740
decrypted_buffer_size = pgp_packet_decrypt(buffer,
689
741
buffer_length,
690
742
&decrypted_buffer);
691
743
if(decrypted_buffer_size >= 0){
726
778
727
779
static void resolve_callback(AvahiSServiceResolver *r,
728
780
AvahiIfIndex interface,
729
AVAHI_GCC_UNUSED AvahiProtocol protocol,
781
AvahiProtocol proto,
730
782
AvahiResolverEvent event,
731
783
const char *name,
732
784
const char *type,
737
789
AVAHI_GCC_UNUSED AvahiStringList *txt,
738
790
AVAHI_GCC_UNUSED AvahiLookupResultFlags
739
791
flags,
740
void* userdata){
741
mandos_context *mc = userdata;
792
AVAHI_GCC_UNUSED void* userdata){
742
793
assert(r);
743
794
744
795
/* Called whenever a service has been resolved successfully or
749
800
case AVAHI_RESOLVER_FAILURE:
750
801
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
751
802
" of type '%s' in domain '%s': %s\n", name, type, domain,
752
avahi_strerror(avahi_server_errno(mc->server)));
803
avahi_strerror(avahi_server_errno(mc.server)));
753
804
break;
754
805
755
806
case AVAHI_RESOLVER_FOUND:
761
812
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
762
813
ip, (intmax_t)interface, port);
763
814
}
764
int ret = start_mandos_communication(ip, port, interface, mc);
815
int ret = start_mandos_communication(ip, port, interface,
816
avahi_proto_to_af(proto));
765
817
if(ret == 0){
766
avahi_simple_poll_quit(mc->simple_poll);
818
avahi_simple_poll_quit(mc.simple_poll);
767
819
}
768
820
}
769
821
}
779
831
const char *domain,
780
832
AVAHI_GCC_UNUSED AvahiLookupResultFlags
781
833
flags,
782
void* userdata){
783
mandos_context *mc = userdata;
834
AVAHI_GCC_UNUSED void* userdata){
784
835
assert(b);
785
836
786
837
/* Called whenever a new services becomes available on the LAN or
791
842
case AVAHI_BROWSER_FAILURE:
792
843
793
844
fprintf(stderr, "(Avahi browser) %s\n",
794
avahi_strerror(avahi_server_errno(mc->server)));
795
avahi_simple_poll_quit(mc->simple_poll);
845
avahi_strerror(avahi_server_errno(mc.server)));
846
avahi_simple_poll_quit(mc.simple_poll);
796
847
return;
797
848
798
849
case AVAHI_BROWSER_NEW:
801
852
the callback function is called the Avahi server will free the
802
853
resolver for us. */
803
854
804
if(!(avahi_s_service_resolver_new(mc->server, interface,
855
if(!(avahi_s_service_resolver_new(mc.server, interface,
805
856
protocol, name, type, domain,
806
857
AVAHI_PROTO_INET6, 0,
807
resolve_callback, mc)))
858
resolve_callback, NULL)))
808
859
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
809
name, avahi_strerror(avahi_server_errno(mc->server)));
860
name, avahi_strerror(avahi_server_errno(mc.server)));
810
861
break;
811
862
812
863
case AVAHI_BROWSER_REMOVE:
821
872
}
822
873
}
823
874
875
sig_atomic_t quit_now = 0;
876
877
static void handle_sigterm(__attribute__((unused)) int sig){
878
if(quit_now){
879
return;
880
}
881
quit_now = 1;
882
int old_errno = errno;
883
if(mc.simple_poll != NULL){
884
avahi_simple_poll_quit(mc.simple_poll);
885
}
886
errno = old_errno;
887
}
888
824
889
int main(int argc, char *argv[]){
825
890
AvahiSServiceBrowser *sb = NULL;
826
891
int error;
840
905
const char *seckey = PATHDIR "/" SECKEY;
841
906
const char *pubkey = PATHDIR "/" PUBKEY;
842
907
843
mandos_context mc = { .simple_poll = NULL, .server = NULL,
844
.dh_bits = 1024, .priority = "SECURE256"
845
":!CTYPE-X.509:+CTYPE-OPENPGP" };
908
/* Initialize Mandos context */
909
mc = (mandos_context){ .simple_poll = NULL, .server = NULL,
910
.dh_bits = 1024, .priority = "SECURE256"
911
":!CTYPE-X.509:+CTYPE-OPENPGP" };
846
912
bool gnutls_initialized = false;
847
913
bool gpgme_initialized = false;
848
914
double delay = 2.5;
915
916
struct sigaction old_sigterm_action;
917
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
849
918
850
919
{
851
920
struct argp_option options[] = {
857
926
.group = 1 },
858
927
{ .name = "interface", .key = 'i',
859
928
.arg = "NAME",
860
.doc = "Interface that will be used to search for Mandos"
861
" servers",
929
.doc = "Network interface that will be used to search for"
930
" Mandos servers",
862
931
.group = 1 },
863
932
{ .name = "seckey", .key = 's',
864
933
.arg = "FILE",
944
1013
}
945
1014
946
1015
/* If the interface is down, bring it up */
947
{
1016
if(interface[0] != '\0'){
948
1017
#ifdef __linux__
949
1018
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
950
1019
messages to mess up the prompt */
951
1020
ret = klogctl(8, NULL, 5);
1021
bool restore_loglevel = true;
952
1022
if(ret == -1){
1023
restore_loglevel = false;
953
1024
perror("klogctl");
954
1025
}
955
#endif
1026
#endif /* __linux__ */
956
1027
957
1028
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
958
1029
if(sd < 0){
959
1030
perror("socket");
960
1031
exitcode = EXIT_FAILURE;
961
1032
#ifdef __linux__
962
ret = klogctl(7, NULL, 0);
963
if(ret == -1){
964
perror("klogctl");
1033
if(restore_loglevel){
1034
ret = klogctl(7, NULL, 0);
1035
if(ret == -1){
1036
perror("klogctl");
1037
}
965
1038
}
966
#endif
1039
#endif /* __linux__ */
967
1040
goto end;
968
1041
}
969
1042
strcpy(network.ifr_name, interface);
971
1044
if(ret == -1){
972
1045
perror("ioctl SIOCGIFFLAGS");
973
1046
#ifdef __linux__
974
ret = klogctl(7, NULL, 0);
975
if(ret == -1){
976
perror("klogctl");
1047
if(restore_loglevel){
1048
ret = klogctl(7, NULL, 0);
1049
if(ret == -1){
1050
perror("klogctl");
1051
}
977
1052
}
978
#endif
1053
#endif /* __linux__ */
979
1054
exitcode = EXIT_FAILURE;
980
1055
goto end;
981
1056
}
986
1061
perror("ioctl SIOCSIFFLAGS");
987
1062
exitcode = EXIT_FAILURE;
988
1063
#ifdef __linux__
989
ret = klogctl(7, NULL, 0);
990
if(ret == -1){
991
perror("klogctl");
1064
if(restore_loglevel){
1065
ret = klogctl(7, NULL, 0);
1066
if(ret == -1){
1067
perror("klogctl");
1068
}
992
1069
}
993
#endif
1070
#endif /* __linux__ */
994
1071
goto end;
995
1072
}
996
1073
}
1013
1090
perror("close");
1014
1091
}
1015
1092
#ifdef __linux__
1016
/* Restores kernel loglevel to default */
1017
ret = klogctl(7, NULL, 0);
1018
if(ret == -1){
1019
perror("klogctl");
1093
if(restore_loglevel){
1094
/* Restores kernel loglevel to default */
1095
ret = klogctl(7, NULL, 0);
1096
if(ret == -1){
1097
perror("klogctl");
1098
}
1020
1099
}
1021
#endif
1100
#endif /* __linux__ */
1022
1101
}
1023
1102
1024
1103
uid = getuid();
1025
1104
gid = getgid();
1026
1105
1106
errno = 0;
1027
1107
setgid(gid);
1028
1108
if(ret == -1){
1029
1109
perror("setgid");
1034
1114
perror("setuid");
1035
1115
}
1036
1116
1037
ret = init_gnutls_global(&mc, pubkey, seckey);
1117
ret = init_gnutls_global(pubkey, seckey);
1038
1118
if(ret == -1){
1039
1119
fprintf(stderr, "init_gnutls_global failed\n");
1040
1120
exitcode = EXIT_FAILURE;
1049
1129
}
1050
1130
tempdir_created = true;
1051
1131
1052
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
1132
if(not init_gpgme(pubkey, seckey, tempdir)){
1053
1133
fprintf(stderr, "init_gpgme failed\n");
1054
1134
exitcode = EXIT_FAILURE;
1055
1135
goto end;
1057
1137
gpgme_initialized = true;
1058
1138
}
1059
1139
1060
if_index = (AvahiIfIndex) if_nametoindex(interface);
1061
if(if_index == 0){
1062
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1063
exitcode = EXIT_FAILURE;
1064
goto end;
1140
if(interface[0] != '\0'){
1141
if_index = (AvahiIfIndex) if_nametoindex(interface);
1142
if(if_index == 0){
1143
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1144
exitcode = EXIT_FAILURE;
1145
goto end;
1146
}
1065
1147
}
1066
1148
1067
1149
if(connect_to != NULL){
1084
1166
port = (uint16_t)tmpmax;
1085
1167
*address = '\0';
1086
1168
address = connect_to;
1087
ret = start_mandos_communication(address, port, if_index, &mc);
1169
/* Colon in address indicates IPv6 */
1170
int af;
1171
if(strchr(address, ':') != NULL){
1172
af = AF_INET6;
1173
} else {
1174
af = AF_INET;
1175
}
1176
ret = start_mandos_communication(address, port, if_index, af);
1088
1177
if(ret < 0){
1089
1178
exitcode = EXIT_FAILURE;
1090
1179
} else {
1137
1226
/* Create the Avahi service browser */
1138
1227
sb = avahi_s_service_browser_new(mc.server, if_index,
1139
1228
AVAHI_PROTO_INET6, "_mandos._tcp",
1140
NULL, 0, browse_callback, &mc);
1229
NULL, 0, browse_callback, NULL);
1141
1230
if(sb == NULL){
1142
1231
fprintf(stderr, "Failed to create service browser: %s\n",
1143
1232
avahi_strerror(avahi_server_errno(mc.server)));
1145
1234
goto end;
1146
1235
}
1147
1236
1237
sigemptyset(&sigterm_action.sa_mask);
1238
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1239
if(ret == -1){
1240
perror("sigaddset");
1241
exitcode = EXIT_FAILURE;
1242
goto end;
1243
}
1244
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1245
if(ret == -1){
1246
perror("sigaddset");
1247
exitcode = EXIT_FAILURE;
1248
goto end;
1249
}
1250
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1251
if(ret == -1){
1252
perror("sigaddset");
1253
exitcode = EXIT_FAILURE;
1254
goto end;
1255
}
1256
ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);
1257
if(ret == -1){
1258
perror("sigaction");
1259
exitcode = EXIT_FAILURE;
1260
goto end;
1261
}
1262
1148
1263
/* Run the main loop */
1149
1264
1150
1265
if(debug){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0