/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

• browse files at revision 24.1.51
• compare with another revision
• download diff
• download tarball
• view history from revision 24.1.51

• reverse the comparison (24.1.51 to 77)
• stop comparing with revision 77

Show diffs side-by-side

added

removed

plugins.d/password-request.c

32

32

#define _LARGEFILE_SOURCE

33

33

#define _FILE_OFFSET_BITS 64

34

34

 

35

 

#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY(), asprintf() */

 

35

#define _GNU_SOURCE             /* TEMP_FAILURE_RETRY() */

36

36

 

37

 

#include <stdio.h>              /* fprintf(), stderr, fwrite(),

38

 

                                   stdout, ferror() */

 

37

#include <stdio.h>              /* fprintf(), stderr, fwrite(), stdout,

 

38

                                   ferror() */

39

39

#include <stdint.h>             /* uint16_t, uint32_t */

40

40

#include <stddef.h>             /* NULL, size_t, ssize_t */

41

41

#include <stdlib.h>             /* free(), EXIT_SUCCESS, EXIT_FAILURE,

42

42

                                   srand() */

43

43

#include <stdbool.h>            /* bool, true */

44

44

#include <string.h>             /* memset(), strcmp(), strlen(),

45

 

                                   strerror(), asprintf(), strcpy() */

 

45

                                   strerror(), memcpy(), strcpy() */

46

46

#include <sys/ioctl.h>          /* ioctl */

47

47

#include <sys/types.h>          /* socket(), inet_pton(), sockaddr,

48

48

                                   sockaddr_in6, PF_INET6,

81

81

#include <avahi-common/error.h>

82

82

 

83

83

/* GnuTLS */

84

 

#include <gnutls/gnutls.h>      /* All GnuTLS types, constants and

85

 

                                   functions:

 

84

#include <gnutls/gnutls.h>      /* All GnuTLS types, constants and functions

86

85

                                   gnutls_*

87

86

                                   init_gnutls_session(),

88

87

                                   GNUTLS_* */

90

89

                                   GNUTLS_OPENPGP_FMT_BASE64 */

91

90

 

92

91

/* GPGME */

93

 

#include <gpgme.h>              /* All GPGME types, constants and

94

 

                                   functions:

 

92

#include <gpgme.h>              /* All GPGME types, constants and functions

95

93

                                   gpgme_*

96

94

                                   GPGME_PROTOCOL_OpenPGP,

97

95

                                   GPG_ERR_NO_* */

315

313

}

316

314

 

317

315

static int init_gnutls_global(mandos_context *mc,

318

 

                              const char *pubkeyfilename,

319

 

                              const char *seckeyfilename){

 

316

                              const char *pubkeyfile,

 

317

                              const char *seckeyfile){

320

318

  int ret;

321

319

  

322

320

  if(debug){

349

347

  

350

348

  if(debug){

351

349

    fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

 

            " and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

 

            seckeyfilename);

 

350

            " and keyfile %s as GnuTLS credentials\n", pubkeyfile,

 

351

            seckeyfile);

354

352

  }

355

353

  

356

354

  ret = gnutls_certificate_set_openpgp_key_file

357

 

    (mc->cred, pubkeyfilename, seckeyfilename,

358

 

     GNUTLS_OPENPGP_FMT_BASE64);

 

355

    (mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

359

356

  if (ret != GNUTLS_E_SUCCESS) {

360

357

    fprintf(stderr,

361

358

            "Error[%d] while reading the OpenPGP key pair ('%s',"

362

 

            " '%s')\n", ret, pubkeyfilename, seckeyfilename);

 

359

            " '%s')\n", ret, pubkeyfile, seckeyfile);

363

360

    fprintf(stdout, "The GnuTLS error is: %s\n",

364

361

            safer_gnutls_strerror(ret));

365

362

    goto globalfail;

475

472

    fprintf(stderr, "Binding to interface %s\n", interface);

476

473

  }

477

474

  

478

 

  memset(&to, 0, sizeof(to));   /* Spurious warning */

 

475

  memset(&to,0,sizeof(to));     /* Spurious warning */

479

476

  to.in6.sin6_family = AF_INET6;

480

477

  /* It would be nice to have a way to detect if we were passed an

481

478

     IPv4 address here.   Now we assume an IPv6 address. */

745

742

 

746

743

/* Combines file name and path and returns the malloced new

747

744

   string. some sane checks could/should be added */

748

 

static char *combinepath(const char *first, const char *second){

749

 

  char *tmp;

750

 

  int ret = asprintf(&tmp, "%s/%s", first, second);

751

 

  if(ret < 0){

 

745

static const char *combinepath(const char *first, const char *second){

 

746

  size_t f_len = strlen(first);

 

747

  size_t s_len = strlen(second);

 

748

  char *tmp = malloc(f_len + s_len + 2);

 

749

  if (tmp == NULL){

752

750

    return NULL;

753

751

  }

 

752

  if(f_len > 0){

 

753

    memcpy(tmp, first, f_len);  /* Spurious warning */

 

754

  }

 

755

  tmp[f_len] = '/';

 

756

  if(s_len > 0){

 

757

    memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

 

758

  }

 

759

  tmp[f_len + 1 + s_len] = '\0';

754

760

  return tmp;

755

761

}

756

762

 

767

773

    gid_t gid;

768

774

    char *connect_to = NULL;

769

775

    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

770

 

    char *pubkeyfilename = NULL;

771

 

    char *seckeyfilename = NULL;

772

 

    const char *pubkeyname = "pubkey.txt";

773

 

    const char *seckeyname = "seckey.txt";

 

776

    const char *pubkeyfile = "pubkey.txt";

 

777

    const char *seckeyfile = "seckey.txt";

774

778

    mandos_context mc = { .simple_poll = NULL, .server = NULL,

775

779

                          .dh_bits = 1024, .priority = "SECURE256"};

776

780

    bool gnutls_initalized = false;

828

832

          keydir = arg;

829

833

          break;

830

834

        case 's':

831

 

          seckeyname = arg;

 

835

          seckeyfile = arg;

832

836

          break;

833

837

        case 'p':

834

 

          pubkeyname = arg;

 

838

          pubkeyfile = arg;

835

839

          break;

836

840

        case 129:

837

841

          errno = 0;

866

870

      }

867

871

    }

868

872

      

869

 

    pubkeyfilename = combinepath(keydir, pubkeyname);

870

 

    if (pubkeyfilename == NULL){

 

873

    pubkeyfile = combinepath(keydir, pubkeyfile);

 

874

    if (pubkeyfile == NULL){

871

875

      perror("combinepath");

872

876

      exitcode = EXIT_FAILURE;

873

877

      goto end;

874

878

    }

875

879

    

876

 

    seckeyfilename = combinepath(keydir, seckeyname);

877

 

    if (seckeyfilename == NULL){

 

880

    seckeyfile = combinepath(keydir, seckeyfile);

 

881

    if (seckeyfile == NULL){

878

882

      perror("combinepath");

879

883

      exitcode = EXIT_FAILURE;

880

884

      goto end;

881

885

    }

882

886

 

883

 

    ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

 

887

    ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

884

888

    if (ret == -1){

885

889

      fprintf(stderr, "init_gnutls_global failed\n");

886

890

      exitcode = EXIT_FAILURE;

1039

1043

 

1040

1044

    if (mc.simple_poll != NULL)

1041

1045

        avahi_simple_poll_free(mc.simple_poll);

1042

 

    free(pubkeyfilename);

1043

 

    free(seckeyfilename);

 

1046

    free(pubkeyfile);

 

1047

    free(seckeyfile);

1044

1048

 

1045

1049

    if (gnutls_initalized){

1046

1050

      gnutls_certificate_free_credentials(mc.cred);

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0