/mandos/trunk : revision 60

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-10 03:32:42 UTC
Revision ID: teddy@fukt.bsnet.se-20080810033242-ea0qikoxqik0nibr

* mandos-client.c (main): Cast pid_t to unsigned int before printing.

* plugins.d/password-request.c (pgp_packet_decrypt): Use "%u" to print
wrong_key_usage.
(start_mandos_communication): Use PRIu16 to print uint16_t.

files modified:
TODO

mandos

mandos-client.c

mandos-client.xml

mandos.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* Mandos client part */

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

#include <net/if.h> /* IF_NAMESIZE */

#include <argp.h> /* struct argp_option,

struct argp_state, struct argp,

argp_parse() */

/* GPGME */

#include <errno.h> /* perror() */

#include <gpgme.h>

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

const char *argp_program_version = "mandosclient 0.9";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

205

229

} else {

206

230

fprintf(stderr, "Unsupported algorithm: %s\n",

207

231

result->unsupported_algorithm);

208

fprintf(stderr, "Wrong key usage: %d\n",

232

fprintf(stderr, "Wrong key usage: %u\n",

209

233

result->wrong_key_usage);

210

234

if(result->file_name != NULL){

211

235

fprintf(stderr, "File name: %s\n", result->file_name);

298

322

if(debug){

299

323

fprintf(stderr, "Initializing GnuTLS\n");

300

324

}

301

302

if ((ret = gnutls_global_init ())

303

!= GNUTLS_E_SUCCESS) {

325

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

304

328

fprintf (stderr, "GnuTLS global_init: %s\n",

305

329

safer_gnutls_strerror(ret));

306

330

return -1;

315

339

}

316

340

317

341

/* OpenPGP credentials */

318

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

319

!= GNUTLS_E_SUCCESS) {

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

320

344

fprintf (stderr, "GnuTLS memory error: %s\n",

321

345

safer_gnutls_strerror(ret));

322

346

gnutls_global_deinit ();

360

384

361

385

globalfail:

362

386

363

gnutls_certificate_free_credentials (mc->cred);

364

gnutls_global_deinit ();

387

gnutls_certificate_free_credentials(mc->cred);

388

gnutls_global_deinit();

365

389

return -1;

366

390

367

391

}

432

456

}

433

457

434

458

if(debug){

435

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

436

ip, port);

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

437

461

}

438

462

439

463

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

468

492

to.in6.sin6_scope_id = (uint32_t)if_index;

469

493

470

494

if(debug){

471

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

472

497

char addrstr[INET6_ADDRSTRLEN] = "";

473

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

474

499

sizeof(addrstr)) == NULL){

515

540

}

516

541

517

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

518

519

ret = gnutls_handshake (session);

543

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

520

547

521

548

if (ret != GNUTLS_E_SUCCESS){

522

549

if(debug){

554

581

case GNUTLS_E_AGAIN:

555

582

break;

556

583

case GNUTLS_E_REHANDSHAKE:

557

ret = gnutls_handshake (session);

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

558

587

if (ret < 0){

559

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

560

589

gnutls_perror (ret);

649

678

char ip[AVAHI_ADDRESS_STR_MAX];

650

679

avahi_address_snprint(ip, sizeof(ip), address);

651

680

if(debug){

652

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"

653

" port %d\n", name, host_name, ip, interface, port);

681

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

682

PRIu16 ") on port %d\n", name, host_name, ip,

683

interface, port);

654

684

}

655

685

int ret = start_mandos_communication(ip, port, interface, mc);

656

686

if (ret == 0){

835

865

.args_doc = "",

836

866

.doc = "Mandos client -- Get and decrypt"

837

867

" passwords from mandos server" };

838

argp_parse (&argp, argc, argv, 0, 0, NULL);

868

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

869

if (ret == ARGP_ERR_UNKNOWN){

870

fprintf(stderr, "Unkown error while parsing arguments\n");

871

exitcode = EXIT_FAILURE;

872

goto end;

873

}

839

874

}

840

875

841

876

pubkeyfile = combinepath(keydir, pubkeyfile);

1013

1048

free(seckeyfile);

1014

1049

1015

1050

if (gnutls_initalized){

1016

gnutls_certificate_free_credentials (mc.cred);

1051

gnutls_certificate_free_credentials(mc.cred);

1017

1052

gnutls_global_deinit ();

1018

1053

}

1019

1054

Older »