/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#include <sys/select.h> /* fd_set, select(), FD_ZERO(),

FD_SET(), FD_ISSET(), FD_CLR */

#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),

WEXITSTATUS(), WTERMSIG() */

WEXITSTATUS(), WTERMSIG(),

WCOREDUMP() */

#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */

#include <iso646.h> /* and, or, not */

#include <dirent.h> /* struct dirent, scandirat() */

313

__attribute__((nonnull))

314

static void free_plugin(plugin *plugin_node){

315

316

for(char **arg = (plugin_node->argv)+1; *arg != NULL; arg++){

316

for(char **arg = plugin_node->argv; *arg != NULL; arg++){

317

free(*arg);

318

}

319

free(plugin_node->name);

320

319

free(plugin_node->argv);

321

320

for(char **env = plugin_node->environ; *env != NULL; env++){

322

321

free(*env);

565

564

case '?': /* --help */

566

565

state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */

567

566

argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);

568

__builtin_unreachable();

569

567

case -3: /* --usage */

570

568

state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */

571

569

argp_state_help(state, state->out_stream,

572

570

ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);

573

__builtin_unreachable();

574

571

case 'V': /* --version */

575

572

fprintf(state->out_stream, "%s\n", argp_program_version);

576

573

exit(EXIT_SUCCESS);

586

583

if(arg[0] == '\0'){

587

584

break;

588

585

}

589

#if __GNUC__ >= 7

590

__attribute__((fallthrough));

591

#else

592

/* FALLTHROUGH */

593

#endif

594

586

default:

595

587

return ARGP_ERR_UNKNOWN;

596

588

}

709

701

custom_argc += 1;

710

702

{

711

703

char **new_argv = realloc(custom_argv, sizeof(char *)

712

* ((size_t)custom_argc + 1));

704

* ((unsigned int)

705

custom_argc + 1));

713

706

if(new_argv == NULL){

714

707

error(0, errno, "realloc");

715

708

exitstatus = EX_OSERR;

801

794

}

802

795

803

796

if(debug){

804

for(plugin *p = plugin_list; p != NULL; p = p->next){

797

for(plugin *p = plugin_list; p != NULL; p=p->next){

805

798

fprintf(stderr, "Plugin: %s has %d arguments\n",

806

799

p->name ? p->name : "Global", p->argc - 1);

807

800

for(char **a = p->argv; *a != NULL; a++){

816

809

817

810

if(getuid() == 0){

818

811

/* Work around Debian bug #633582:

819

<https://bugs.debian.org/633582> */

812

<http://bugs.debian.org/633582> */

820

813

int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);

821

814

if(plugindir_fd == -1){

822

815

if(errno != ENOENT){

899

892

return 1;

900

893

}

901

894

895

#ifdef __GLIBC__

896

#if __GLIBC_PREREQ(2, 15)

902

897

int numplugins = scandirat(dir_fd, ".", &direntries, good_name,

903

898

alphasort);

899

#else /* not __GLIBC_PREREQ(2, 15) */

900

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

901

&direntries, good_name, alphasort);

902

#endif /* not __GLIBC_PREREQ(2, 15) */

903

#else /* not __GLIBC__ */

904

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

905

&direntries, good_name, alphasort);

906

#endif /* not __GLIBC__ */

904

907

if(numplugins == -1){

905

908

error(0, errno, "Could not scan plugin dir");

906

909

direntries = NULL;

1100

1103

1101

1104

new_plugin->pid = pid;

1102

1105

new_plugin->fd = pipefd[0];

1103

1104

if(debug){

1105

fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",

1106

new_plugin->name, (intmax_t) (new_plugin->pid));

1107

}

1108

1106

1109

1107

/* Unblock SIGCHLD so signal handler can be run if this process

1110

1108

has already completed */

1111

1109

ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1117

1115

goto fallback;

1118

1116

}

1119

1117

1120

FD_SET(new_plugin->fd, &rfds_all);

1118

#if defined (__GNUC__) and defined (__GLIBC__)

1119

#if not __GLIBC_PREREQ(2, 16)

1120

#pragma GCC diagnostic push

1121

#pragma GCC diagnostic ignored "-Wsign-conversion"

1122

#endif

1123

#endif

1124

FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from

1125

-Wconversion in GNU libc

1126

before 2.16 */

1127

#if defined (__GNUC__) and defined (__GLIBC__)

1128

#if not __GLIBC_PREREQ(2, 16)

1129

#pragma GCC diagnostic pop

1130

#endif

1131

#endif

1121

1132

1122

1133

if(maxfd < new_plugin->fd){

1123

1134

maxfd = new_plugin->fd;

1172

1183

(intmax_t) (proc->pid),

1173

1184

WTERMSIG(proc->status),

1174

1185

strsignal(WTERMSIG(proc->status)));

1186

} else if(WCOREDUMP(proc->status)){

1187

fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"

1188

" core\n", proc->name, (intmax_t) (proc->pid));

1175

1189

}

1176

1190

}

1177

1191

1178

1192

/* Remove the plugin */

1179

FD_CLR(proc->fd, &rfds_all);

1193

#if defined (__GNUC__) and defined (__GLIBC__)

1194

#if not __GLIBC_PREREQ(2, 16)

1195

#pragma GCC diagnostic push

1196

#pragma GCC diagnostic ignored "-Wsign-conversion"

1197

#endif

1198

#endif

1199

FD_CLR(proc->fd, &rfds_all); /* Spurious warning from

1200

-Wconversion in GNU libc

1201

before 2.16 */

1202

#if defined (__GNUC__) and defined (__GLIBC__)

1203

#if not __GLIBC_PREREQ(2, 16)

1204

#pragma GCC diagnostic pop

1205

#endif

1206

#endif

1180

1207

1181

1208

/* Block signal while modifying process_list */

1182

1209

ret = (int)TEMP_FAILURE_RETRY(sigprocmask

1222

1249

}

1223

1250

1224

1251

/* This process has not completed. Does it have any output? */

1225

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1252

#if defined (__GNUC__) and defined (__GLIBC__)

1253

#if not __GLIBC_PREREQ(2, 16)

1254

#pragma GCC diagnostic push

1255

#pragma GCC diagnostic ignored "-Wsign-conversion"

1256

#endif

1257

#endif

1258

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious

1259

warning from

1260

-Wconversion

1261

in GNU libc

1262

before

1263

2.16 */

1264

#if defined (__GNUC__) and defined (__GLIBC__)

1265

#if not __GLIBC_PREREQ(2, 16)

1266

#pragma GCC diagnostic pop

1267

#endif

1268

#endif

1226

1269

/* This process had nothing to say at this time */

1227

1270

proc = proc->next;

1228

1271

continue;

Older »