/mandos/trunk : revision 738

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2014-10-08 21:07:10 UTC
Revision ID: teddy@recompile.se-20141008210710-x0rg80z2aabdg05d

Handle local Zeroconf service name collisions.

Service name collisions from other servers have always been handled,
but not *local* name collisions from services on the same host.

* mandos (AvahiService/rename): Handle local Zeroconf service name
collision.
(AvahiServiceToSyslog.rename): Pass on any extra arguments.

files modified:
DBUS-API

TODO

intro.xml

mandos

mandos-ctl

mandos-keygen

mandos-monitor

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

493

return plaintext_length;

494

}

495

496

__attribute__((warn_unused_result, const))

497

static const char *safe_string(const char *str){

498

if(str == NULL)

499

return "(unknown)";

500

return str;

501

}

502

503

496

__attribute__((warn_unused_result))

504

497

static const char *safer_gnutls_strerror(int value){

505

498

const char *ret = gnutls_strerror(value);

506

return safe_string(ret);

499

if(ret == NULL)

500

ret = "(unknown)";

501

return ret;

507

502

}

508

503

509

504

/* GnuTLS log function callback */

518

513

const char *seckeyfilename,

519

514

mandos_context *mc){

520

515

int ret;

521

unsigned int uret;

522

516

523

517

if(debug){

524

518

fprintf_plus(stderr, "Initializing GnuTLS\n");

575

569

safer_gnutls_strerror(ret));

576

570

goto globalfail;

577

571

}

578

if(mc->dh_bits == 0){

579

/* Find out the optimal number of DH bits */

580

/* Try to read the private key file */

581

gnutls_datum_t buffer = { .data = NULL, .size = 0 };

582

{

583

int secfile = open(seckeyfilename, O_RDONLY);

584

size_t buffer_capacity = 0;

585

while(true){

586

buffer_capacity = incbuffer((char **)&buffer.data,

587

(size_t)buffer.size,

588

(size_t)buffer_capacity);

589

if(buffer_capacity == 0){

590

perror_plus("incbuffer");

591

free(buffer.data);

592

buffer.data = NULL;

593

break;

594

}

595

ssize_t bytes_read = read(secfile, buffer.data + buffer.size,

596

BUFFER_SIZE);

597

/* EOF */

598

if(bytes_read == 0){

599

break;

600

}

601

/* check bytes_read for failure */

602

if(bytes_read < 0){

603

perror_plus("read");

604

free(buffer.data);

605

buffer.data = NULL;

606

break;

607

}

608

buffer.size += (unsigned int)bytes_read;

609

}

610

close(secfile);

611

}

612

/* If successful, use buffer to parse private key */

613

gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;

614

if(buffer.data != NULL){

615

{

616

gnutls_openpgp_privkey_t privkey = NULL;

617

ret = gnutls_openpgp_privkey_init(&privkey);

618

if(ret != GNUTLS_E_SUCCESS){

619

fprintf_plus(stderr, "Error initializing OpenPGP key"

620

" structure: %s", safer_gnutls_strerror(ret));

621

free(buffer.data);

622

buffer.data = NULL;

623

} else {

624

ret = gnutls_openpgp_privkey_import(privkey, &buffer,

625

GNUTLS_OPENPGP_FMT_BASE64,

626

"", 0);

627

if(ret != GNUTLS_E_SUCCESS){

628

fprintf_plus(stderr, "Error importing OpenPGP key : %s",

629

safer_gnutls_strerror(ret));

630

privkey = NULL;

631

}

632

free(buffer.data);

633

buffer.data = NULL;

634

if(privkey != NULL){

635

/* Use private key to suggest an appropriate sec_param */

636

sec_param = gnutls_openpgp_privkey_sec_param(privkey);

637

gnutls_openpgp_privkey_deinit(privkey);

638

if(debug){

639

fprintf_plus(stderr, "This OpenPGP key implies using a"

640

" GnuTLS security parameter \"%s\".\n",

641

safe_string(gnutls_sec_param_get_name

642

(sec_param)));

643

}

644

}

645

}

646

}

647

if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){

648

/* Err on the side of caution */

649

sec_param = GNUTLS_SEC_PARAM_ULTRA;

650

if(debug){

651

fprintf_plus(stderr, "Falling back to security parameter"

652

" \"%s\"\n",

653

safe_string(gnutls_sec_param_get_name

654

(sec_param)));

655

}

656

}

657

}

658

uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);

659

if(uret != 0){

660

mc->dh_bits = uret;

661

if(debug){

662

fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"

663

" implies %u DH bits; using that.\n",

664

safe_string(gnutls_sec_param_get_name

665

(sec_param)),

666

mc->dh_bits);

667

}

668

} else {

669

fprintf_plus(stderr, "Failed to get implied number of DH"

670

" bits for security parameter \"%s\"): %s\n",

671

safe_string(gnutls_sec_param_get_name(sec_param)),

672

safer_gnutls_strerror(ret));

673

goto globalfail;

674

}

675

} else if(debug){

676

fprintf_plus(stderr, "DH bits explicitly set to %u\n",

677

mc->dh_bits);

678

}

679

572

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

680

573

if(ret != GNUTLS_E_SUCCESS){

681

fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"

682

" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));

574

fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",

575

safer_gnutls_strerror(ret));

683

576

goto globalfail;

684

577

}

685

578

2007

1900

}

2008

1901

2009

1902

int main(int argc, char *argv[]){

2010

mandos_context mc = { .server = NULL, .dh_bits = 0,

1903

mandos_context mc = { .server = NULL, .dh_bits = 1024,

2011

1904

.priority = "SECURE256:!CTYPE-X.509:"

2012

"+CTYPE-OPENPGP:!RSA", .current_server = NULL,

1905

"+CTYPE-OPENPGP", .current_server = NULL,

2013

1906

.interfaces = NULL, .interfaces_size = 0 };

2014

1907

AvahiSServiceBrowser *sb = NULL;

2015

1908

error_t ret_errno;

Older »