void send_success (struct command *cmd);
int send_command (struct command *cmd, int passfd);
struct command *send_callback_and_await_response (struct command *cmdresp, time_t opt_timeout);
+void register_server_socket (int srvsox);
/* pinentry.c */
void setup_pinentry (void);
void register_pinentry_command (struct command *cmd);
success_t token_callback (const char *const label, unsigned retry);
success_t pin_callback (int attempt, const char *token_url, const char *token_label, char *pin, size_t pin_max);
+void pinentry_forget_clientfd (int fd);
/* starttls.c */
void setup_starttls (void);
void cleanup_starttls (void);
void starttls_pkcs11_provider (char *p11path);
-void starttls_client (struct command *cmd);
-void starttls_server (struct command *cmd);
+void starttls (struct command *cmd);
void starttls_prng (struct command *cmd);
/* config.c */
*/
int ctlkey_unregister (uint8_t *ctlkey);
+/* Look through the ctlkey registry, to find sessions that depend on a closing
+ * control connection meaning that they cannot survive it being closed;
+ * those entries will be unregistered and deallocated ; this is used when a
+ * client socket closes its link to the TLS Pool.
+ *
+ * This implementation closes all entries whose ctlfd matches; this is needed
+ * for detached nodes that have been reattached. Nodes that are attached
+ * will usually be removed before they hit this routine, which is also good.
+ *
+ * Note that detached keys are (by definition) protected against this cleanup
+ * procedure; however, when their TLS connection breaks down, they too will
+ * be cleaned up. Note that detaching is not done before the TLS handshake
+ * is complete.
+ */
+void ctlkey_close_ctlfd (int clisox);
+
/* Find a ctlkeynode based on a ctlkey. Returns NULL if not found.
*
* The value returned is the registered structure, meaning that any context
all: $(TARGETS)
libtlspool.so: $(libtlspool_OBJS)
- gcc -shared $(LDFLAGS) -o "$@" $(libtlspool_OBJS) $(LIBS)
+ gcc -std=gnu11 -shared $(LDFLAGS) -o "$@" $(libtlspool_OBJS) $(LIBS)
libtlspool.a: $(libtlspool_OBJS)
rm -f "$@"
python -m compileall "$<"
.c.o:
- gcc -c $(CFLAGS) -o $@ $<
+ gcc -std=gnu11 -c $(CFLAGS) -o $@ $<
clean:
rm -f $(OBJS) *.lo *.la $(TARGETS)
+anew: clean all
+
install: all
install libtlspool.so libtlspool.a "$(PREFIX)/lib/"
@echo #
all: $(TARGETS)
tlspool: $(OBJS)
- gcc $(LDFLAGS) -o "$@" $(OBJS) $(LIBS)
+ gcc -std=gnu11 $(LDFLAGS) -o "$@" $(OBJS) $(LIBS)
.c.o:
- gcc -c $(CFLAGS) -o "$@" "$<"
+ gcc -std=gnu11 -c $(CFLAGS) -o "$@" "$<"
clean:
rm -f $(OBJS) $(TARGETS)
+anew: clean all
+
install: all
install $(TARGETS) "$(PREFIX)/sbin/"
#include <sys/types.h>
#include <sys/file.h>
#include <sys/un.h>
+#include <sys/stat.h>
#include <syslog.h>
#include <fcntl.h>
#include <syslog.h>
#include <errno.h>
+#include <arpa/inet.h>
+
#include <tlspool/internal.h>
#include "manage.h"
int selector_iterate_init (selector_t *iterator, donai_t *donai);
int selector_iterate_next (selector_t *iterator);
+/* Retrieve flags from the credentials structure found in dbh_localid.
+ * The function returns non-zero on success (zero indicates syntax error).
+ */
+int dbcred_flags (DBT *creddata, uint32_t *flags);
+
/* Print a donai or iterated selector to the given text buffer. The
* text will be precisely the same as the originally parsed text. An
* iterator may deliver values that are shorter, not longer. The value
*/
void cleanup_management (void);
+
+/* Begin a database transaction, if possible; otherwise setup as NULL */
+void manage_txn_begin (DB_TXN **txn);
+
+/* Commit a database transaction, setting it to NULL. Ignore when NULL. */
+int manage_txn_commit (DB_TXN **txn);
+
+/* Rollback a database transaction, setting it to NULL. Ignore when NULL. */
+int manage_txn_rollback (DB_TXN **txn);
+
#include <gnutls/pkcs11.h>
#include <gnutls/abstract.h>
+#include <libtasn1.h>
+
#include <tlspool/internal.h>
int gtls_errno = 0;
int db_errno = 0;
int found = 0;
+ gtls_error certificate_onthefly (struct command *cmd);
//
// When applicable, try to create an on-the-fly certificate
if (cmd == NULL) {
send_error (replycmd, EINVAL, "Command structure not received");
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
cmd->session_errno = 0;
cmd->anonpre = 0;
tlog (TLOG_UNIXSOCK, LOG_ERR, "No ciphertext file descriptor supplied to TLS Pool");
send_error (replycmd, EINVAL, "No ciphertext file descriptor supplied to TLS Pool");
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
*/
cmd->session_certificate = (intptr_t) (void *) NULL;
send_error (replycmd, EPROTO, "File handle supplied for renegotiation");
close (cryptfd);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//
// First find the ctlkeynode_tls
tlog (TLOG_UNIXSOCK, LOG_ERR, "Failed to find TLS connection for renegotiation by its ctlkey");
send_error (replycmd, ESRCH, "Cannot find TLS connection for renegotiation");
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//
// Now cancel the pthread for this process
ctlkey_unfind (&ckn->regent);
assert (pthread_detach (pthread_self ()) == 0);
// Do not free the ckn, as the other thread still runs
- return;
+ return NULL;
}
//
// We are in control! Assimilate the TLS connection data.
}
}
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
*/
//
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
tlog (TLOG_UNIXSOCK | TLOG_TLS, LOG_DEBUG, "TLS handshake started over %d", cryptfd);
do {
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
} else {
tlog (TLOG_UNIXSOCK | TLOG_TLS, LOG_INFO, "TLS handshake succeeded over %d", cryptfd);
//TODO// extract_authenticated_remote_identity (cmd);
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
cmd->cmd.pio_cmd = oldcmd;
tlog (TLOG_UNIXSOCK, LOG_DEBUG, "Processing callback response that set plainfd:=%d for lid==\"%s\" and rid==\"%s\"", cmd->passfd, cmd->cmd.pio_data.pioc_starttls.localid, cmd->cmd.pio_data.pioc_starttls.remoteid);
}
manage_txn_rollback (&cmd->txn);
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
//DEFERRED// send_command (replycmd, -1); // app sent plainfd to us
got_session = 0;
}
assert (pthread_detach (pthread_self ()) == 0);
- return;
+ return NULL;
}
all: $(TARGETS)
testcli: testcli.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
testsrv: testsrv.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
testpeer: testpeer.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
@echo #
@echo # You cannot use testpeer yet
@echo #
tlstunnel: tlstunnel.c tlstunnel-chat.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" tlstunnel.c tlstunnel-chat.c $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" tlstunnel.c tlstunnel-chat.c $(tlspool_LDFLAGS)
pingpool: pingpool.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
lidsel: lidsel.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
pinentry: pinentry.c $(tlspool_LIB)
- gcc $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) -o "$@" "$<" $(tlspool_LDFLAGS)
get_localid: get_localid.c $(config_SRC)
- gcc $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
set_localid: set_localid.c $(config_SRC)
- gcc $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
get_disclose: get_disclose.c $(config_SRC) $(donai_SRC)
- gcc $(CFLAGS) $(config_CFLAGS) $(donai_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(donai_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) $(config_CFLAGS) $(donai_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(donai_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
set_disclose: set_disclose.c $(config_SRC)
- gcc $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
+ gcc -std=gnu11 $(CFLAGS) $(config_CFLAGS) $(BDB_CFLAGS) -o "$@" "$<" $(config_SRC) $(tlspool_LDFLAGS) $(BDB_LDFLAGS)
pgp11_genkey: pgp11_genkey.c
- gcc $(CFLAGS) $(pgp11genkey_CFLAGS) -o "$@" "$<" $(pgp11genkey_LIBS)
+ gcc -std=gnu11 $(CFLAGS) $(pgp11genkey_CFLAGS) -o "$@" "$<" $(pgp11genkey_LIBS)
$(tlspool_LIB):
make -C ../lib `basename $(tlspool_LIB)`
.c.o:
- gcc -c $(CFLAGS) -o "$@" "$<"
+ gcc -std=gnu11 -c $(CFLAGS) -o "$@" "$<"
clean:
rm -f $(OBJS) $(TARGETS)
+anew: clean all
+
install: all
install $(TARGETS) "$(PREFIX)/sbin/"
#include <sys/types.h>
#include <sys/stat.h>
+
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
+#include <arpa/inet.h>
+
#include <db.h>
#include <tlspool/internal.h>
* and stores them for future reference. It also requests entry of the
* local identity or the index number of the database entries printed.
*/
-void lidcb (lidentry_t *entry, void *data) {
+char *lidcb (lidentry_t *entry, void *data) {
//
// Declare & initialise
struct data *d = (struct data *) data;
}
d->dblidctr++;
printf ("DEBUG: lidsel.c lidcb() returns after processing database entry\n");
- return;
+ return NULL;
}
//
} while (error);
d->dblidctr = 0;
printf ("DEBUG: lidsel.c lidcb() returns after setting localid to %s and flags to 0x%08lx\n", entry->localid, entry->flags);
- return;
+ return NULL;
}
#include <sys/types.h>
#include <sys/stat.h>
+
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
+#include <arpa/inet.h>
+
#include <db.h>
#include <tlspool/internal.h>
#include <string.h>
#include <stdint.h>
+#include <unistd.h>
#include <poll.h>
#include <errno.h>
#include <signal.h>
break;
}
if (inout [0].revents & POLLIN) {
- sz = read (0, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = read (0, buf, sizeof (buf));
printf ("Read %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (chanio, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (send (chanio, buf, sz, MSG_DONTWAIT) != sz) {
break;
} else {
printf ("Sent %d bytes\n", sz);
}
}
if (inout [1].revents & POLLIN) {
- sz = read (chanio, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = recv (chanio, buf, sizeof (buf), MSG_DONTWAIT);
printf ("Received %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (1, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (write (1, buf, sz) != sz) {
break;
} else {
printf ("Printed %d bytes\n", sz);
#include <string.h>
#include <stdint.h>
+#include <unistd.h>
#include <poll.h>
#include <errno.h>
#include <signal.h>
break;
}
if (inout [0].revents & POLLIN) {
- sz = read (0, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = read (0, buf, sizeof (buf));
printf ("Read %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (chanio, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (send (chanio, buf, sz, MSG_DONTWAIT) != sz) {
break;
} else {
printf ("Sent %d bytes\n", sz);
}
}
if (inout [1].revents & POLLIN) {
- sz = read (chanio, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = recv (chanio, buf, sizeof (buf), MSG_DONTWAIT);
printf ("Received %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (1, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (write (1, buf, sz) != sz) {
break;
} else {
printf ("Printed %d bytes\n", sz);
#include <string.h>
#include <stdint.h>
+#include <unistd.h>
#include <poll.h>
#include <errno.h>
#include <signal.h>
break;
}
if (inout [0].revents & POLLIN) {
- sz = read (0, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = read (0, buf, sizeof (buf));
printf ("Read %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (chanio, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (send (chanio, buf, sz, MSG_DONTWAIT) != sz) {
break;
} else {
printf ("Sent %d bytes\n", sz);
}
}
if (inout [1].revents & POLLIN) {
- sz = read (chanio, buf, sizeof (buf), MSG_DONTWAIT);
+ sz = recv (chanio, buf, sizeof (buf), MSG_DONTWAIT);
printf ("Received %d bytes, sigcont==%d (should be 0 for proper operation)\n", sz, sigcont);
if (sz == -1) {
break;
} else if (sz == 0) {
errno = 0;
break;
- } else if (write (1, buf, sz, MSG_DONTWAIT) != sz) {
+ } else if (write (1, buf, sz) != sz) {
break;
} else {
printf ("Printed %d bytes\n", sz);