/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files removed:
bugs.xml

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

* Plymouth - Read a password from Plymouth and output it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

175

174

}

176

175

}

177

176

178

char **new_argv = malloc(sizeof(const char *));

179

if(new_argv == NULL){

180

error_plus(0, errno, "malloc");

181

_exit(EX_OSERR);

182

}

177

char **new_argv = NULL;

183

178

char **tmp;

184

179

int i = 0;

185

for (; argv[i] != NULL; i++){

186

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

180

for (; argv[i]!=NULL; i++){

181

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

187

182

if(tmp == NULL){

188

183

error_plus(0, errno, "realloc");

189

184

free(new_argv);

317

312

return 0;

318

313

}

319

314

320

char **getargv(pid_t pid){

315

const char * const * getargv(pid_t pid){

321

316

int cl_fd;

322

317

char *cmdline_filename;

323

318

ssize_t sret;

384

379

return NULL;

385

380

}

386

381

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

387

return argv;

382

return (const char * const *)argv;

388

383

}

389

384

390

385

int main(__attribute__((unused))int argc,

465

460

}

466

461

kill_and_wait(plymouth_command_pid);

467

462

468

char **plymouthd_argv = NULL;

463

const char * const *plymouthd_argv;

469

464

pid_t pid = get_pid();

470

465

if(pid == 0){

471

466

error_plus(0, 0, "plymouthd pid not found");

467

plymouthd_argv = plymouthd_default_argv;

472

468

} else {

473

469

plymouthd_argv = getargv(pid);

474

470

}

477

473

{ plymouth_path, "quit", NULL },

478

474

false, false);

479

475

if(not bret){

480

if(plymouthd_argv != NULL){

481

free(*plymouthd_argv);

482

free(plymouthd_argv);

483

}

484

476

exit(EXIT_FAILURE);

485

477

}

486

bret = exec_and_wait(NULL, plymouthd_path,

487

(plymouthd_argv != NULL)

488

? (const char * const *)plymouthd_argv

489

: plymouthd_default_argv,

478

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

490

479

false, true);

491

if(plymouthd_argv != NULL){

492

free(*plymouthd_argv);

493

free(plymouthd_argv);

494

}

495

480

if(not bret){

496

481

exit(EXIT_FAILURE);

497

482

}

Older »