To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 355
- compare with another revision
- download diff
- download tarball
- view history from revision 355
- Committer: Teddy Hogeborn
- Date: 2009-08-30 03:10:29 UTC
- Revision ID: teddy@fukt.bsnet.se-20090830031029-cj8po3rc4g1cux1d
* mandos: White-space fixes only.
* mandos-ctl: - '' -
* plugin-runner.c: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -
* mandos-ctl: - '' -
* plugin-runner.c: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -
added
removed
plugins.d/mandos-client.c
164
164
*/
165
165
static bool init_gpgme(const char *seckey,
166
166
const char *pubkey, const char *tempdir){
167
int ret;
167
168
gpgme_error_t rc;
168
169
gpgme_engine_info_t engine_info;
169
170
172
173
* Helper function to insert pub and seckey to the engine keyring.
173
174
*/
174
175
bool import_key(const char *filename){
175
int ret;
176
176
int fd;
177
177
gpgme_data_t pgp_data;
178
178
521
521
static int start_mandos_communication(const char *ip, uint16_t port,
522
522
AvahiIfIndex if_index,
523
523
int af){
524
int ret, tcp_sd = -1;
524
int ret, tcp_sd;
525
525
ssize_t sret;
526
526
union {
527
527
struct sockaddr_in in;
531
531
char *decrypted_buffer;
532
532
size_t buffer_length = 0;
533
533
size_t buffer_capacity = 0;
534
ssize_t decrypted_buffer_size;
534
535
size_t written;
535
536
int retval = 0;
536
537
gnutls_session_t session;
537
538
int pf; /* Protocol family */
538
539
539
if(quit_now){
540
return -1;
541
}
542
543
540
switch(af){
544
541
case AF_INET6:
545
542
pf = PF_INET6;
565
562
tcp_sd = socket(pf, SOCK_STREAM, 0);
566
563
if(tcp_sd < 0){
567
564
perror("socket");
568
retval = -1;
569
goto mandos_end;
570
}
571
572
if(quit_now){
573
goto mandos_end;
565
return -1;
574
566
}
575
567
576
568
memset(&to, 0, sizeof(to));
583
575
}
584
576
if(ret < 0 ){
585
577
perror("inet_pton");
586
retval = -1;
587
goto mandos_end;
578
return -1;
588
579
}
589
580
if(ret == 0){
590
581
fprintf(stderr, "Bad address: %s\n", ip);
591
retval = -1;
592
goto mandos_end;
582
return -1;
593
583
}
594
584
if(af == AF_INET6){
595
585
to.in6.sin6_port = htons(port); /* Spurious warnings from
602
592
if(if_index == AVAHI_IF_UNSPEC){
603
593
fprintf(stderr, "An IPv6 link-local address is incomplete"
604
594
" without a network interface\n");
605
retval = -1;
606
goto mandos_end;
595
return -1;
607
596
}
608
597
/* Set the network interface number as scope */
609
598
to.in6.sin6_scope_id = (uint32_t)if_index;
614
603
-Wunreachable-code */
615
604
}
616
605
617
if(quit_now){
618
goto mandos_end;
619
}
620
621
606
if(debug){
622
607
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
623
608
char interface[IF_NAMESIZE];
650
635
}
651
636
}
652
637
653
if(quit_now){
654
goto mandos_end;
655
}
656
657
638
if(af == AF_INET6){
658
639
ret = connect(tcp_sd, &to.in6, sizeof(to));
659
640
} else {
661
642
}
662
643
if(ret < 0){
663
644
perror("connect");
664
retval = -1;
665
goto mandos_end;
666
}
667
668
if(quit_now){
669
goto mandos_end;
645
return -1;
670
646
}
671
647
672
648
const char *out = mandos_protocol_version;
691
667
break;
692
668
}
693
669
}
694
695
if(quit_now){
696
goto mandos_end;
697
}
698
670
}
699
671
700
672
if(debug){
701
673
fprintf(stderr, "Establishing TLS session with %s\n", ip);
702
674
}
703
675
704
if(quit_now){
705
goto mandos_end;
706
}
707
708
676
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
709
677
710
if(quit_now){
711
goto mandos_end;
712
}
713
714
do {
678
do{
715
679
ret = gnutls_handshake(session);
716
if(quit_now){
717
goto mandos_end;
718
}
719
680
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
720
681
721
682
if(ret != GNUTLS_E_SUCCESS){
735
696
}
736
697
737
698
while(true){
738
739
if(quit_now){
740
goto mandos_end;
741
}
742
743
699
buffer_capacity = incbuffer(&buffer, buffer_length,
744
700
buffer_capacity);
745
701
if(buffer_capacity == 0){
748
704
goto mandos_end;
749
705
}
750
706
751
if(quit_now){
752
goto mandos_end;
753
}
754
755
707
sret = gnutls_record_recv(session, buffer+buffer_length,
756
708
BUFFER_SIZE);
757
709
if(sret == 0){
763
715
case GNUTLS_E_AGAIN:
764
716
break;
765
717
case GNUTLS_E_REHANDSHAKE:
766
do {
718
do{
767
719
ret = gnutls_handshake(session);
768
769
if(quit_now){
770
goto mandos_end;
771
}
772
720
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
773
721
if(ret < 0){
774
722
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
793
741
fprintf(stderr, "Closing TLS session\n");
794
742
}
795
743
796
if(quit_now){
797
goto mandos_end;
798
}
799
800
744
gnutls_bye(session, GNUTLS_SHUT_RDWR);
801
745
802
if(quit_now){
803
goto mandos_end;
804
}
805
806
746
if(buffer_length > 0){
807
ssize_t decrypted_buffer_size;
808
747
decrypted_buffer_size = pgp_packet_decrypt(buffer,
809
748
buffer_length,
810
749
&decrypted_buffer);
811
750
if(decrypted_buffer_size >= 0){
812
813
751
written = 0;
814
752
while(written < (size_t) decrypted_buffer_size){
815
if(quit_now){
816
goto mandos_end;
817
}
818
819
753
ret = (int)fwrite(decrypted_buffer + written, 1,
820
754
(size_t)decrypted_buffer_size - written,
821
755
stdout);
841
775
842
776
mandos_end:
843
777
free(buffer);
844
if(tcp_sd >= 0){
845
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
846
}
778
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
847
779
if(ret == -1){
848
780
perror("close");
849
781
}
850
782
gnutls_deinit(session);
851
if(quit_now){
852
retval = -1;
853
}
854
783
return retval;
855
784
}
856
785
919
848
/* Called whenever a new services becomes available on the LAN or
920
849
is removed from the LAN */
921
850
922
if(quit_now){
923
return;
924
}
925
926
851
switch(event){
927
852
default:
928
853
case AVAHI_BROWSER_FAILURE:
1130
1055
exitcode = EXIT_FAILURE;
1131
1056
goto end;
1132
1057
}
1133
/* Need to check if the handler is SIG_IGN before handling:
1134
| [[info:libc:Initial Signal Actions]] |
1135
| [[info:libc:Basic Signal Handling]] |
1136
*/
1137
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1138
if(ret == -1){
1139
perror("sigaction");
1140
return EXIT_FAILURE;
1141
}
1142
if(old_sigterm_action.sa_handler != SIG_IGN){
1143
ret = sigaction(SIGINT, &sigterm_action, NULL);
1144
if(ret == -1){
1145
perror("sigaction");
1146
exitcode = EXIT_FAILURE;
1147
goto end;
1148
}
1149
}
1150
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1151
if(ret == -1){
1152
perror("sigaction");
1153
return EXIT_FAILURE;
1154
}
1155
if(old_sigterm_action.sa_handler != SIG_IGN){
1156
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1157
if(ret == -1){
1158
perror("sigaction");
1159
exitcode = EXIT_FAILURE;
1160
goto end;
1161
}
1162
}
1163
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1164
if(ret == -1){
1165
perror("sigaction");
1166
return EXIT_FAILURE;
1167
}
1168
if(old_sigterm_action.sa_handler != SIG_IGN){
1169
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1170
if(ret == -1){
1171
perror("sigaction");
1172
exitcode = EXIT_FAILURE;
1173
goto end;
1174
}
1058
ret = sigaction(SIGINT, &sigterm_action, &old_sigterm_action);
1059
if(ret == -1){
1060
perror("sigaction");
1061
exitcode = EXIT_FAILURE;
1062
goto end;
1063
}
1064
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1065
if(ret == -1){
1066
perror("sigaction");
1067
exitcode = EXIT_FAILURE;
1068
goto end;
1069
}
1070
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1071
if(ret == -1){
1072
perror("sigaction");
1073
exitcode = EXIT_FAILURE;
1074
goto end;
1175
1075
}
1176
1076
1177
1077
/* If the interface is down, bring it up */
1534
1434
}
1535
1435
1536
1436
if(quit_now){
1537
sigemptyset(&old_sigterm_action.sa_mask);
1538
old_sigterm_action.sa_handler = SIG_DFL;
1539
1437
ret = sigaction(signal_received, &old_sigterm_action, NULL);
1540
1438
if(ret == -1){
1541
1439
perror("sigaction");
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0