/mandos/trunk : revision 762

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2015-07-08 21:18:49 UTC
Revision ID: teddy@recompile.se-20150708211849-scisutuofnxumqc7

mandos-client: Add --dh-params FILE option.

* plugins.d/mandos-client.c: Added --dh-params FILE option.
  (init_gnutls_global): New "dhparamsfilename" argument.  All callers
                        changed.  Read and use Diffie-Hellman
                        parameters from it.  Bug fix:  check for error
                        when opening seckeyfile for the second time.
  (init_gnutls_session): Remove unnecessary call to
                         gnutls_dh_set_prime_bits();
  (main): New variable "dh_params_file".
  (main/argp_options): Added "--dh-params" option.
  (main/parse_opt): - '' -
* plugins.d/mandos-client.xml (SYNOPSIS): Add --dh-params option.
  (OPTIONS): Document --dh-params option and document that the
             --dh-bits options is potentially overridden by the
             --dh-params option.

files modified:
Makefile

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.prerm

initramfs-tools-hook

mandos

plugins.d/mandos-client.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),

strtof(), abort() */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strcmp(), strlen(), strerror(),

asprintf(), strcpy() */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

1130

goto mandos_end;

1131

}

1132

1133

memset(&to, 0, sizeof(to));

1133

1134

if(af == AF_INET6){

1134

struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;

1135

*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };

1136

ret = inet_pton(af, ip, &to6->sin6_addr);

1135

((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;

1136

ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);

1137

} else { /* IPv4 */

1138

struct sockaddr_in *to4 = (struct sockaddr_in *)&to;

1139

*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };

1140

ret = inet_pton(af, ip, &to4->sin_addr);

1138

((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;

1139

ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);

1141

1140

}

1142

1141

if(ret < 0 ){

1143

1142

int e = errno;

2547

2546

}

2548

2547

}

2549

2548

2550

if(strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){

2551

int dhparams_fd = open(dh_params_file, O_RDONLY);

2552

if(dhparams_fd == -1){

2553

perror_plus("open");

2554

} else {

2555

ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));

2556

if(ret == -1){

2557

perror_plus("fstat");

2558

} else {

2559

if(S_ISREG(st.st_mode)

2560

and st.st_uid == 0 and st.st_gid == 0){

2561

ret = fchown(dhparams_fd, uid, gid);

2562

if(ret == -1){

2563

perror_plus("fchown");

2564

}

2565

}

2566

}

2567

TEMP_FAILURE_RETRY(close(dhparams_fd));

2568

}

2569

}

2570

2571

2549

/* Lower privileges */

2572

2550

ret_errno = lower_privileges();

2573

2551

if(ret_errno != 0){

2747

2725

errno = bring_up_interface(interface, delay);

2748

2726

if(not interface_was_up){

2749

2727

if(errno != 0){

2750

fprintf_plus(stderr, "Failed to bring up interface \"%s\":"

2751

" %s\n", interface, strerror(errno));

2728

perror_plus("Failed to bring up interface");

2752

2729

} else {

2753

2730

errno = argz_add(&interfaces_to_take_down,

2754

2731

&interfaces_to_take_down_size,

Older »