/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2015-07-09 20:32:52 UTC
  • Revision ID: teddy@recompile.se-20150709203252-u10p7trfsxc1a9yp
Install client Diffie-Hellman parameters into initramfs.

* debian/control (Package: mandos-client/Recommends): Added
  "gnutls-bin | openssl" (to generate DH parameters).
* debian/mandos-client.postinst (create_dh_params): New function
                                                    called on package
                                                    configure.
* plugins.d/mandos-client.c (main): Bug fix: Work around Debian bug
                                    #633582 also for the
                                    "client-dhparams.pem" file.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.c
2546
2546
        }
2547
2547
      }
2548
2548
      
 
2549
      if(strcmp(dh_params_file, PATHDIR "/client-dhparams.pem" )
 
2550
         == 0){
 
2551
        int dhparams_fd = open(dh_params_file, O_RDONLY);
 
2552
        if(dhparams_fd == -1){
 
2553
          perror_plus("open");
 
2554
        } else {
 
2555
          ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
 
2556
          if(ret == -1){
 
2557
            perror_plus("fstat");
 
2558
          } else {
 
2559
            if(S_ISREG(st.st_mode)
 
2560
               and st.st_uid == 0 and st.st_gid == 0){
 
2561
              ret = fchown(dhparams_fd, uid, gid);
 
2562
              if(ret == -1){
 
2563
                perror_plus("fchown");
 
2564
              }
 
2565
            }
 
2566
          }
 
2567
          TEMP_FAILURE_RETRY(close(dhparams_fd));
 
2568
        }
 
2569
      }
 
2570
      
2549
2571
      /* Lower privileges */
2550
2572
      ret_errno = lower_privileges();
2551
2573
      if(ret_errno != 0){