/mandos/trunk : revision 812

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2016-02-28 20:34:59 UTC
Revision ID: teddy@recompile.se-20160228203459-81vtqvr96yukyrok

Client: Remove calls to gnutls_global_init and gnutls_global_deinit

* plugins.d/mandos-client.c (init_gnutls_global, main): Don't call
gnutls_global_init or gnutls_global_deinit anymore; these are
unnecessary in GnuTLS 3.3.

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.prerm

debian/rules

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),

strtof(), abort() */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <string.h> /* strcmp(), strlen(), strerror(),

asprintf(), strncpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

305

return false;

306

}

307

308

ret = (int)TEMP_FAILURE_RETRY(close(fd));

308

ret = close(fd);

309

if(ret == -1){

310

perror_plus("close");

311

}

513

fprintf_plus(stderr, "GnuTLS: %s", string);

514

}

515

516

__attribute__((nonnull, warn_unused_result))

516

__attribute__((nonnull(1, 2, 4), warn_unused_result))

517

static int init_gnutls_global(const char *pubkeyfilename,

518

const char *seckeyfilename,

519

const char *dhparamsfilename,

525

fprintf_plus(stderr, "Initializing GnuTLS\n");

526

}

527

528

ret = gnutls_global_init();

529

if(ret != GNUTLS_E_SUCCESS){

530

fprintf_plus(stderr, "GnuTLS global_init: %s\n",

531

safer_gnutls_strerror(ret));

532

return -1;

533

}

534

535

528

if(debug){

536

529

/* "Use a log level over 10 to enable all debugging options."

537

530

* - GnuTLS manual

545

538

if(ret != GNUTLS_E_SUCCESS){

546

539

fprintf_plus(stderr, "GnuTLS memory error: %s\n",

547

540

safer_gnutls_strerror(ret));

548

gnutls_global_deinit();

549

541

return -1;

550

542

}

551

543

755

747

globalfail:

756

748

757

749

gnutls_certificate_free_credentials(mc->cred);

758

gnutls_global_deinit();

759

750

gnutls_dh_params_deinit(mc->dh_params);

760

751

return -1;

761

752

}

931

922

perror_plus("dup2(devnull, STDIN_FILENO)");

932

923

_exit(EX_OSERR);

933

924

}

934

ret = (int)TEMP_FAILURE_RETRY(close(devnull));

925

ret = close(devnull);

935

926

if(ret == -1){

936

927

perror_plus("close");

937

928

_exit(EX_OSERR);

954

945

helper, O_RDONLY));

955

946

if(helper_fd == -1){

956

947

perror_plus("openat");

948

close(helperdir_fd);

957

949

_exit(EX_UNAVAILABLE);

958

950

}

959

TEMP_FAILURE_RETRY(close(helperdir_fd));

951

close(helperdir_fd);

960

952

#ifdef __GNUC__

961

953

#pragma GCC diagnostic push

962

954

#pragma GCC diagnostic ignored "-Wcast-qual"

1130

1122

goto mandos_end;

1131

1123

}

1132

1124

1133

memset(&to, 0, sizeof(to));

1134

1125

if(af == AF_INET6){

1135

((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;

1136

ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);

1126

struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;

1127

*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };

1128

ret = inet_pton(af, ip, &to6->sin6_addr);

1137

1129

} else { /* IPv4 */

1138

((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;

1139

ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);

1130

struct sockaddr_in *to4 = (struct sockaddr_in *)&to;

1131

*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };

1132

ret = inet_pton(af, ip, &to4->sin_addr);

1140

1133

}

1141

1134

if(ret < 0 ){

1142

1135

int e = errno;

1221

1214

sizeof(struct sockaddr_in));

1222

1215

}

1223

1216

if(ret < 0){

1224

if(errno == ENETUNREACH

1217

if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))

1225

1218

and if_index != AVAHI_IF_UNSPEC

1226

1219

and connect_to == NULL

1227

1220

and not route_added and

1465

1458

free(decrypted_buffer);

1466

1459

free(buffer);

1467

1460

if(tcp_sd >= 0){

1468

ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));

1461

ret = close(tcp_sd);

1469

1462

}

1470

1463

if(ret == -1){

1471

1464

if(e == 0){

1635

1628

errno = ret_errno;

1636

1629

return false;

1637

1630

}

1638

strcpy(ifr->ifr_name, ifname);

1631

strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);

1632

ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */

1639

1633

ret = ioctl(s, SIOCGIFFLAGS, ifr);

1640

1634

if(ret == -1){

1641

1635

if(debug){

1911

1905

return;

1912

1906

}

1913

1907

}

1914

#ifdef __GLIBC__

1915

#if __GLIBC_PREREQ(2, 15)

1916

1908

int numhooks = scandirat(hookdir_fd, ".", &direntries,

1917

1909

runnable_hook, alphasort);

1918

#else /* not __GLIBC_PREREQ(2, 15) */

1919

int numhooks = scandir(hookdir, &direntries, runnable_hook,

1920

alphasort);

1921

#endif /* not __GLIBC_PREREQ(2, 15) */

1922

#else /* not __GLIBC__ */

1923

int numhooks = scandir(hookdir, &direntries, runnable_hook,

1924

alphasort);

1925

#endif /* not __GLIBC__ */

1926

1910

if(numhooks == -1){

1927

1911

perror_plus("scandir");

1928

1912

return;

2010

1994

perror_plus("openat");

2011

1995

_exit(EXIT_FAILURE);

2012

1996

}

2013

if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){

1997

if(close(hookdir_fd) == -1){

2014

1998

perror_plus("close");

2015

1999

_exit(EXIT_FAILURE);

2016

2000

}

2019

2003

perror_plus("dup2(devnull, STDIN_FILENO)");

2020

2004

_exit(EX_OSERR);

2021

2005

}

2022

ret = (int)TEMP_FAILURE_RETRY(close(devnull));

2006

ret = close(devnull);

2023

2007

if(ret == -1){

2024

2008

perror_plus("close");

2025

2009

_exit(EX_OSERR);

2074

2058

free(direntry);

2075

2059

}

2076

2060

free(direntries);

2077

if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){

2061

if(close(hookdir_fd) == -1){

2078

2062

perror_plus("close");

2079

2063

} else {

2080

2064

hookdir_fd = -1;

2120

2104

}

2121

2105

2122

2106

if(quit_now){

2123

ret = (int)TEMP_FAILURE_RETRY(close(sd));

2107

ret = close(sd);

2124

2108

if(ret == -1){

2125

2109

perror_plus("close");

2126

2110

}

2176

2160

}

2177

2161

2178

2162

/* Close the socket */

2179

ret = (int)TEMP_FAILURE_RETRY(close(sd));

2163

ret = close(sd);

2180

2164

if(ret == -1){

2181

2165

perror_plus("close");

2182

2166

}

2264

2248

}

2265

2249

2266

2250

/* Close the socket */

2267

int ret = (int)TEMP_FAILURE_RETRY(close(sd));

2251

int ret = close(sd);

2268

2252

if(ret == -1){

2269

2253

perror_plus("close");

2270

2254

}

2286

2270

2287

2271

int main(int argc, char *argv[]){

2288

2272

mandos_context mc = { .server = NULL, .dh_bits = 0,

2289

.priority = "SECURE256:!CTYPE-X.509:"

2290

"+CTYPE-OPENPGP:!RSA", .current_server = NULL,

2291

.interfaces = NULL, .interfaces_size = 0 };

2273

.priority = "SECURE256:!CTYPE-X.509"

2274

":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",

2275

.current_server = NULL, .interfaces = NULL,

2276

.interfaces_size = 0 };

2292

2277

AvahiSServiceBrowser *sb = NULL;

2293

2278

error_t ret_errno;

2294

2279

int ret;

2521

2506

}

2522

2507

}

2523

2508

}

2524

TEMP_FAILURE_RETRY(close(seckey_fd));

2509

close(seckey_fd);

2525

2510

}

2526

2511

}

2527

2512

2542

2527

}

2543

2528

}

2544

2529

}

2545

TEMP_FAILURE_RETRY(close(pubkey_fd));

2530

close(pubkey_fd);

2546

2531

}

2547

2532

}

2548

2533

2549

if(strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){

2534

if(dh_params_file != NULL

2535

and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){

2550

2536

int dhparams_fd = open(dh_params_file, O_RDONLY);

2551

2537

if(dhparams_fd == -1){

2552

2538

perror_plus("open");

2563

2549

}

2564

2550

}

2565

2551

}

2566

TEMP_FAILURE_RETRY(close(dhparams_fd));

2552

close(dhparams_fd);

2567

2553

}

2568

2554

}

2569

2555

2971

2957

2972

2958

if(gnutls_initialized){

2973

2959

gnutls_certificate_free_credentials(mc.cred);

2974

gnutls_global_deinit();

2975

2960

gnutls_dh_params_deinit(mc.dh_params);

2976

2961

}

2977

2962

3049

3034

if(tempdir_fd == -1){

3050

3035

perror_plus("open");

3051

3036

} else {

3052

#ifdef __GLIBC__

3053

#if __GLIBC_PREREQ(2, 15)

3054

3037

int numentries = scandirat(tempdir_fd, ".", &direntries,

3055

3038

notdotentries, alphasort);

3056

#else /* not __GLIBC_PREREQ(2, 15) */

3057

int numentries = scandir(tempdir, &direntries, notdotentries,

3058

alphasort);

3059

#endif /* not __GLIBC_PREREQ(2, 15) */

3060

#else /* not __GLIBC__ */

3061

int numentries = scandir(tempdir, &direntries, notdotentries,

3062

alphasort);

3063

#endif /* not __GLIBC__ */

3064

3039

if(numentries >= 0){

3065

3040

for(int i = 0; i < numentries; i++){

3066

3041

ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);

3082

3057

perror_plus("rmdir");

3083

3058

}

3084

3059

}

3085

TEMP_FAILURE_RETRY(close(tempdir_fd));

3060

close(tempdir_fd);

3086

3061

}

3087

3062

}

3088

3063

Older »