To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 602
- compare with another revision
- download diff
- download tarball
- view history from revision 602
- Committer: Teddy Hogeborn
- Date: 2012-06-16 23:25:46 UTC
- Revision ID: teddy@recompile.se-20120616232546-dcrkmnhd4yhq6mvd
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
All users changed.
(add_server): Take new "current_server" argument; all callers
changed.
(init_gpgme, pgp_packet_decrypt, init_gnutls_global,
init_gnutls_session, start_mandos_communication,
avahi_loop_with_timeout): Take new "mc" argument"; all callers
changed.
(resolve_callback, browse_callback): Handle void pointer userdata as
"mc", a pointer to
mandos_context. All callers
changed.
(main): New "mc" variable.
All users changed.
(add_server): Take new "current_server" argument; all callers
changed.
(init_gpgme, pgp_packet_decrypt, init_gnutls_global,
init_gnutls_session, start_mandos_communication,
avahi_loop_with_timeout): Take new "mc" argument"; all callers
changed.
(resolve_callback, browse_callback): Handle void pointer userdata as
"mc", a pointer to
mandos_context. All callers
changed.
(main): New "mc" variable.
- files removed:
- debian/upstream-signing-key.pgp
- files modified:
- INSTALL
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2013 Teddy Hogeborn
13
* Copyright © 2008-2013 Björn Påhlsson
12
* Copyright © 2008-2012 Teddy Hogeborn
13
* Copyright © 2008-2012 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
161
161
const char *priority;
162
162
gpgme_ctx_t ctx;
163
163
server *current_server;
164
char *interfaces;
165
size_t interfaces_size;
166
164
} mandos_context;
167
165
168
166
/* global so signal handler can reach it*/
187
185
188
186
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
189
187
program_invocation_short_name));
190
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
188
return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
191
189
}
192
190
193
191
/*
198
196
size_t incbuffer(char **buffer, size_t buffer_length,
199
197
size_t buffer_capacity){
200
198
if(buffer_length + BUFFER_SIZE > buffer_capacity){
201
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
202
if(new_buf == NULL){
203
int old_errno = errno;
204
free(*buffer);
205
errno = old_errno;
206
*buffer = NULL;
199
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
200
if(buffer == NULL){
207
201
return 0;
208
202
}
209
*buffer = new_buf;
210
203
buffer_capacity += BUFFER_SIZE;
211
204
}
212
205
return buffer_capacity;
664
657
return -1;
665
658
}
666
659
667
/* If the interface is specified and we have a list of interfaces */
668
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
669
/* Check if the interface is one of the interfaces we are using */
670
bool match = false;
671
{
672
char *interface = NULL;
673
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
674
interface))){
675
if(if_nametoindex(interface) == (unsigned int)if_index){
676
match = true;
677
break;
678
}
679
}
680
}
681
if(not match){
682
/* This interface does not match any in the list, so we don't
683
connect to the server */
684
if(debug){
685
char interface[IF_NAMESIZE];
686
if(if_indextoname((unsigned int)if_index, interface) == NULL){
687
perror_plus("if_indextoname");
688
} else {
689
fprintf_plus(stderr, "Skipping server on non-used interface"
690
" \"%s\"\n",
691
if_indextoname((unsigned int)if_index,
692
interface));
693
}
694
}
695
return -1;
696
}
697
}
698
699
660
ret = init_gnutls_session(&session, mc);
700
661
if(ret != 0){
701
662
return -1;
741
702
}
742
703
if(af == AF_INET6){
743
704
to.in6.sin6_port = htons(port);
744
#ifdef __GNUC__
745
#pragma GCC diagnostic push
746
#pragma GCC diagnostic ignored "-Wstrict-aliasing"
747
#endif
748
705
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
749
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower */
750
#ifdef __GNUC__
751
#pragma GCC diagnostic pop
752
#endif
706
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
707
-Wunreachable-code*/
753
708
if(if_index == AVAHI_IF_UNSPEC){
754
709
fprintf_plus(stderr, "An IPv6 link-local address is"
755
710
" incomplete without a network interface\n");
760
715
to.in6.sin6_scope_id = (uint32_t)if_index;
761
716
}
762
717
} else {
763
to.in.sin_port = htons(port);
718
to.in.sin_port = htons(port); /* Spurious warnings from
719
-Wconversion and
720
-Wunreachable-code */
764
721
}
765
722
766
723
if(quit_now){
1493
1450
bool run_network_hooks(const char *mode, const char *interface,
1494
1451
const float delay){
1495
1452
struct dirent **direntries;
1453
struct dirent *direntry;
1454
int ret;
1496
1455
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1497
1456
alphasort);
1498
1457
if(numhooks == -1){
1505
1464
perror_plus("scandir");
1506
1465
}
1507
1466
} else {
1508
struct dirent *direntry;
1509
int ret;
1510
1467
int devnull = open("/dev/null", O_RDONLY);
1511
1468
for(int i = 0; i < numhooks; i++){
1512
1469
direntry = direntries[i];
1732
1689
}
1733
1690
1734
1691
error_t take_down_interface(const char *const interface){
1692
int sd = -1;
1735
1693
error_t old_errno = errno;
1694
error_t ret_errno = 0;
1695
int ret, ret_setflags;
1736
1696
struct ifreq network;
1737
1697
unsigned int if_index = if_nametoindex(interface);
1738
1698
if(if_index == 0){
1741
1701
return ENXIO;
1742
1702
}
1743
1703
if(interface_is_up(interface)){
1744
error_t ret_errno = 0;
1745
1704
if(not get_flags(interface, &network) and debug){
1746
1705
ret_errno = errno;
1747
1706
fprintf_plus(stderr, "Failed to get flags for interface "
1750
1709
}
1751
1710
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1752
1711
1753
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1712
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1754
1713
if(sd < 0){
1755
1714
ret_errno = errno;
1756
1715
perror_plus("socket");
1766
1725
/* Raise priviliges */
1767
1726
raise_privileges();
1768
1727
1769
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1728
ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1770
1729
ret_errno = errno;
1771
1730
1772
1731
/* Lower privileges */
1773
1732
lower_privileges();
1774
1733
1775
1734
/* Close the socket */
1776
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
1735
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1777
1736
if(ret == -1){
1778
1737
perror_plus("close");
1779
1738
}
1796
1755
int main(int argc, char *argv[]){
1797
1756
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1798
1757
.priority = "SECURE256:!CTYPE-X.509:"
1799
"+CTYPE-OPENPGP", .current_server = NULL,
1800
.interfaces = NULL, .interfaces_size = 0 };
1758
"+CTYPE-OPENPGP", .current_server = NULL };
1801
1759
AvahiSServiceBrowser *sb = NULL;
1802
1760
error_t ret_errno;
1803
1761
int ret;
1804
1762
intmax_t tmpmax;
1805
1763
char *tmp;
1806
1764
int exitcode = EXIT_SUCCESS;
1765
char *interfaces = NULL;
1766
size_t interfaces_size = 0;
1807
1767
char *interfaces_to_take_down = NULL;
1808
1768
size_t interfaces_to_take_down_size = 0;
1809
1769
char tempdir[] = "/tmp/mandosXXXXXX";
1812
1772
const char *seckey = PATHDIR "/" SECKEY;
1813
1773
const char *pubkey = PATHDIR "/" PUBKEY;
1814
1774
char *interfaces_hooks = NULL;
1775
size_t interfaces_hooks_size = 0;
1815
1776
1816
1777
bool gnutls_initialized = false;
1817
1778
bool gpgme_initialized = false;
1908
1869
connect_to = arg;
1909
1870
break;
1910
1871
case 'i': /* --interface */
1911
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
1912
arg, (int)',');
1872
ret_errno = argz_add_sep(&interfaces, &interfaces_size, arg,
1873
(int)',');
1913
1874
if(ret_errno != 0){
1914
1875
argp_error(state, "%s", strerror(ret_errno));
1915
1876
}
2042
2003
}
2043
2004
2044
2005
/* Lower privileges */
2045
lower_privileges();
2006
errno = 0;
2007
ret = seteuid(uid);
2008
if(ret == -1){
2009
perror_plus("seteuid");
2010
}
2046
2011
}
2047
2012
}
2048
2013
2049
/* Remove invalid interface names (except "none") */
2014
/* Remove empty interface names */
2050
2015
{
2051
2016
char *interface = NULL;
2052
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2017
while((interface = argz_next(interfaces, interfaces_size,
2053
2018
interface))){
2054
if(strcmp(interface, "none") != 0
2055
and if_nametoindex(interface) == 0){
2056
if(interface[0] != '\0'){
2019
if(if_nametoindex(interface) == 0){
2020
if(interface[0] != '\0' and strcmp(interface, "none") != 0){
2057
2021
fprintf_plus(stderr, "Not using nonexisting interface"
2058
2022
" \"%s\"\n", interface);
2059
2023
}
2060
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2024
argz_delete(&interfaces, &interfaces_size, interface);
2061
2025
interface = NULL;
2062
2026
}
2063
2027
}
2065
2029
2066
2030
/* Run network hooks */
2067
2031
{
2068
if(mc.interfaces != NULL){
2069
interfaces_hooks = malloc(mc.interfaces_size);
2032
2033
if(interfaces != NULL){
2034
interfaces_hooks = malloc(interfaces_size);
2070
2035
if(interfaces_hooks == NULL){
2071
2036
perror_plus("malloc");
2072
2037
goto end;
2073
2038
}
2074
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2075
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2039
memcpy(interfaces_hooks, interfaces, interfaces_size);
2040
interfaces_hooks_size = interfaces_size;
2041
argz_stringify(interfaces_hooks, interfaces_hooks_size,
2042
(int)',');
2076
2043
}
2077
2044
if(not run_network_hooks("start", interfaces_hooks != NULL ?
2078
2045
interfaces_hooks : "", delay)){
2160
2127
}
2161
2128
2162
2129
/* If no interfaces were specified, make a list */
2163
if(mc.interfaces == NULL){
2130
if(interfaces == NULL){
2164
2131
struct dirent **direntries;
2165
2132
/* Look for any good interfaces */
2166
2133
ret = scandir(sys_class_net, &direntries, good_interface,
2168
2135
if(ret >= 1){
2169
2136
/* Add all found interfaces to interfaces list */
2170
2137
for(int i = 0; i < ret; ++i){
2171
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2138
ret_errno = argz_add(&interfaces, &interfaces_size,
2172
2139
direntries[i]->d_name);
2173
2140
if(ret_errno != 0){
2174
errno = ret_errno;
2175
2141
perror_plus("argz_add");
2176
2142
continue;
2177
2143
}
2189
2155
}
2190
2156
}
2191
2157
2192
/* Bring up interfaces which are down, and remove any "none"s */
2193
{
2158
/* If we only got one interface, explicitly use only that one */
2159
if(argz_count(interfaces, interfaces_size) == 1){
2160
if(debug){
2161
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2162
interfaces);
2163
}
2164
if_index = (AvahiIfIndex)if_nametoindex(interfaces);
2165
}
2166
2167
/* Bring up interfaces which are down */
2168
if(not (argz_count(interfaces, interfaces_size) == 1
2169
and strcmp(interfaces, "none") == 0)){
2194
2170
char *interface = NULL;
2195
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2171
while((interface = argz_next(interfaces, interfaces_size,
2196
2172
interface))){
2197
/* If interface name is "none", stop bringing up interfaces.
2198
Also remove all instances of "none" from the list */
2199
if(strcmp(interface, "none") == 0){
2200
argz_delete(&mc.interfaces, &mc.interfaces_size,
2201
interface);
2202
interface = NULL;
2203
while((interface = argz_next(mc.interfaces,
2204
mc.interfaces_size, interface))){
2205
if(strcmp(interface, "none") == 0){
2206
argz_delete(&mc.interfaces, &mc.interfaces_size,
2207
interface);
2208
interface = NULL;
2209
}
2210
}
2211
break;
2212
}
2213
2173
bool interface_was_up = interface_is_up(interface);
2214
2174
ret = bring_up_interface(interface, delay);
2215
2175
if(not interface_was_up){
2220
2180
ret_errno = argz_add(&interfaces_to_take_down,
2221
2181
&interfaces_to_take_down_size,
2222
2182
interface);
2223
if(ret_errno != 0){
2224
errno = ret_errno;
2225
perror_plus("argz_add");
2226
}
2227
2183
}
2228
2184
}
2229
2185
}
2186
free(interfaces);
2187
interfaces = NULL;
2188
interfaces_size = 0;
2230
2189
if(debug and (interfaces_to_take_down == NULL)){
2231
2190
fprintf_plus(stderr, "No interfaces were brought up\n");
2232
2191
}
2233
2192
}
2234
2193
2235
/* If we only got one interface, explicitly use only that one */
2236
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2237
if(debug){
2238
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2239
mc.interfaces);
2240
}
2241
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2242
}
2243
2244
2194
if(quit_now){
2245
2195
goto end;
2246
2196
}
2304
2254
exitcode = EX_USAGE;
2305
2255
goto end;
2306
2256
}
2307
2257
2308
2258
if(quit_now){
2309
2259
goto end;
2310
2260
}
2340
2290
fprintf_plus(stderr, "Retrying in %d seconds\n",
2341
2291
(int)retry_interval);
2342
2292
}
2343
sleep((unsigned int)retry_interval);
2293
sleep((int)retry_interval);
2344
2294
}
2345
2295
2346
2296
if (not quit_now){
2419
2369
}
2420
2370
2421
2371
/* Cleanup things */
2422
free(mc.interfaces);
2423
2424
2372
if(sb != NULL)
2425
2373
avahi_s_service_browser_free(sb);
2426
2374
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0