/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.c
9
9
 * "browse_callback", and parts of "main".
10
10
 * 
11
11
 * Everything else is
12
 
 * Copyright © 2008-2019 Teddy Hogeborn
13
 
 * Copyright © 2008-2019 Björn Påhlsson
 
12
 * Copyright © 2008-2018 Teddy Hogeborn
 
13
 * Copyright © 2008-2018 Björn Påhlsson
14
14
 * 
15
15
 * This file is part of Mandos.
16
16
 * 
1074
1074
      ret = setgid(0);
1075
1075
      if(ret == -1){
1076
1076
        perror_plus("setgid");
1077
 
        close(devnull);
1078
1077
        _exit(EX_NOPERM);
1079
1078
      }
1080
1079
      /* Reset supplementary groups */
1082
1081
      ret = setgroups(0, NULL);
1083
1082
      if(ret == -1){
1084
1083
        perror_plus("setgroups");
1085
 
        close(devnull);
1086
1084
        _exit(EX_NOPERM);
1087
1085
      }
1088
1086
    }
1089
1087
    ret = dup2(devnull, STDIN_FILENO);
1090
1088
    if(ret == -1){
1091
1089
      perror_plus("dup2(devnull, STDIN_FILENO)");
1092
 
      close(devnull);
1093
1090
      _exit(EX_OSERR);
1094
1091
    }
1095
1092
    ret = close(devnull);
1096
1093
    if(ret == -1){
1097
1094
      perror_plus("close");
 
1095
      _exit(EX_OSERR);
1098
1096
    }
1099
1097
    ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
1098
    if(ret == -1){
1135
1133
  }
1136
1134
  if(pid == -1){
1137
1135
    perror_plus("fork");
1138
 
    close(devnull);
1139
1136
    return false;
1140
1137
  }
1141
 
  ret = close(devnull);
1142
 
  if(ret == -1){
1143
 
    perror_plus("close");
1144
 
  }
1145
1138
  int status;
1146
1139
  pid_t pret = -1;
1147
1140
  errno = 0;
2679
2672
        argp_state_help(state, state->out_stream,
2680
2673
                        (ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2681
2674
                        & ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
 
        __builtin_unreachable();
2683
2675
      case -3:                  /* --usage */
2684
2676
        argp_state_help(state, state->out_stream,
2685
2677
                        ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
 
        __builtin_unreachable();
2687
2678
      case 'V':                 /* --version */
2688
2679
        fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2689
2680
        exit(argp_err_exit_status);