To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Björn Påhlsson
- Date: 2007-10-20 21:38:25 UTC
- Revision ID: belorn@tower-20071020213825-abf6f0d1c33ee961
First working version with: IPv6, GnuTLS, X.509 certificates, DN
retrieval.
retrieval.
- files added:
- bad-ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugins.d
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
* General Public License for more details.
24
*
25
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
*
29
* Contact the authors at <mandos@recompile.se>.
30
*/
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
34
#define _LARGEFILE_SOURCE
35
#endif /* not _LARGEFILE_SOURCE */
36
#ifndef _FILE_OFFSET_BITS
37
#define _FILE_OFFSET_BITS 64
38
#endif /* not _FILE_OFFSET_BITS */
39
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open(), S_ISREG */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect(),
59
getnameinfo() */
60
#include <fcntl.h> /* open() */
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
*/
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
strtoimax() */
65
#include <errno.h> /* perror(), errno,
66
program_invocation_short_name */
67
#include <time.h> /* nanosleep(), time(), sleep() */
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
69
SIOCSIFFLAGS, if_indextoname(),
70
if_nametoindex(), IF_NAMESIZE */
71
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
*/
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit() */
77
#include <arpa/inet.h> /* inet_pton(), htons() */
78
#include <iso646.h> /* not, or, and */
79
#include <argp.h> /* struct argp_option, error_t, struct
80
argp_state, struct argp,
81
argp_parse(), ARGP_KEY_ARG,
82
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
83
#include <signal.h> /* sigemptyset(), sigaddset(),
84
sigaction(), SIGTERM, sig_atomic_t,
85
raise() */
86
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
87
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
88
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
89
WEXITSTATUS(), WTERMSIG() */
90
#include <grp.h> /* setgroups() */
91
#include <argz.h> /* argz_add_sep(), argz_next(),
92
argz_delete(), argz_append(),
93
argz_stringify(), argz_add(),
94
argz_count() */
95
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
96
EAI_SYSTEM, gai_strerror() */
97
98
#ifdef __linux__
99
#include <sys/klog.h> /* klogctl() */
100
#endif /* __linux__ */
101
102
/* Avahi */
103
/* All Avahi types, constants and functions
104
Avahi*, avahi_*,
105
AVAHI_* */
106
#include <avahi-core/core.h>
107
#include <avahi-core/lookup.h>
108
#include <avahi-core/log.h>
109
#include <avahi-common/simple-watch.h>
110
#include <avahi-common/malloc.h>
111
#include <avahi-common/error.h>
112
113
/* GnuTLS */
114
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
115
functions:
116
gnutls_*
117
init_gnutls_session(),
118
GNUTLS_* */
119
#include <gnutls/openpgp.h>
120
/* gnutls_certificate_set_openpgp_key_file(),
121
GNUTLS_OPENPGP_FMT_BASE64 */
122
123
/* GPGME */
124
#include <gpgme.h> /* All GPGME types, constants and
125
functions:
126
gpgme_*
127
GPGME_PROTOCOL_OpenPGP,
128
GPG_ERR_NO_* */
129
130
#define BUFFER_SIZE 256
131
132
#define PATHDIR "/conf/conf.d/mandos"
133
#define SECKEY "seckey.txt"
134
#define PUBKEY "pubkey.txt"
135
#define HOOKDIR "/lib/mandos/network-hooks.d"
136
137
bool debug = false;
138
static const char mandos_protocol_version[] = "1";
139
const char *argp_program_version = "mandos-client " VERSION;
140
const char *argp_program_bug_address = "<mandos@recompile.se>";
141
static const char sys_class_net[] = "/sys/class/net";
142
char *connect_to = NULL;
143
const char *hookdir = HOOKDIR;
144
int hookdir_fd = -1;
145
uid_t uid = 65534;
146
gid_t gid = 65534;
147
148
/* Doubly linked list that need to be circularly linked when used */
149
typedef struct server{
150
const char *ip;
151
in_port_t port;
152
AvahiIfIndex if_index;
153
int af;
154
struct timespec last_seen;
155
struct server *next;
156
struct server *prev;
157
} server;
158
159
/* Used for passing in values through the Avahi callback functions */
160
typedef struct {
161
AvahiServer *server;
162
gnutls_certificate_credentials_t cred;
163
unsigned int dh_bits;
164
gnutls_dh_params_t dh_params;
165
const char *priority;
166
gpgme_ctx_t ctx;
167
server *current_server;
168
char *interfaces;
169
size_t interfaces_size;
170
} mandos_context;
171
172
/* global so signal handler can reach it*/
173
AvahiSimplePoll *simple_poll;
174
175
sig_atomic_t quit_now = 0;
176
int signal_received = 0;
177
178
/* Function to use when printing errors */
179
void perror_plus(const char *print_text){
180
int e = errno;
181
fprintf(stderr, "Mandos plugin %s: ",
182
program_invocation_short_name);
183
errno = e;
184
perror(print_text);
185
}
186
187
__attribute__((format (gnu_printf, 2, 3), nonnull))
188
int fprintf_plus(FILE *stream, const char *format, ...){
189
va_list ap;
190
va_start (ap, format);
191
192
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
193
program_invocation_short_name));
194
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
195
}
196
197
/*
198
* Make additional room in "buffer" for at least BUFFER_SIZE more
199
* bytes. "buffer_capacity" is how much is currently allocated,
200
* "buffer_length" is how much is already used.
201
*/
202
__attribute__((nonnull, warn_unused_result))
203
size_t incbuffer(char **buffer, size_t buffer_length,
204
size_t buffer_capacity){
205
if(buffer_length + BUFFER_SIZE > buffer_capacity){
206
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
207
if(new_buf == NULL){
208
int old_errno = errno;
209
free(*buffer);
210
errno = old_errno;
211
*buffer = NULL;
212
return 0;
213
}
214
*buffer = new_buf;
215
buffer_capacity += BUFFER_SIZE;
216
}
217
return buffer_capacity;
218
}
219
220
/* Add server to set of servers to retry periodically */
221
__attribute__((nonnull, warn_unused_result))
222
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
223
int af, server **current_server){
224
int ret;
225
server *new_server = malloc(sizeof(server));
226
if(new_server == NULL){
227
perror_plus("malloc");
228
return false;
229
}
230
*new_server = (server){ .ip = strdup(ip),
231
.port = port,
232
.if_index = if_index,
233
.af = af };
234
if(new_server->ip == NULL){
235
perror_plus("strdup");
236
return false;
237
}
238
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
239
if(ret == -1){
240
perror_plus("clock_gettime");
241
return false;
242
}
243
/* Special case of first server */
244
if(*current_server == NULL){
245
new_server->next = new_server;
246
new_server->prev = new_server;
247
*current_server = new_server;
248
} else {
249
/* Place the new server last in the list */
250
new_server->next = *current_server;
251
new_server->prev = (*current_server)->prev;
252
new_server->prev->next = new_server;
253
(*current_server)->prev = new_server;
254
}
255
return true;
256
}
257
258
/*
259
* Initialize GPGME.
260
*/
261
__attribute__((nonnull, warn_unused_result))
262
static bool init_gpgme(const char * const seckey,
263
const char * const pubkey,
264
const char * const tempdir,
265
mandos_context *mc){
266
gpgme_error_t rc;
267
gpgme_engine_info_t engine_info;
268
269
/*
270
* Helper function to insert pub and seckey to the engine keyring.
271
*/
272
bool import_key(const char * const filename){
273
int ret;
274
int fd;
275
gpgme_data_t pgp_data;
276
277
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
278
if(fd == -1){
279
perror_plus("open");
280
return false;
281
}
282
283
rc = gpgme_data_new_from_fd(&pgp_data, fd);
284
if(rc != GPG_ERR_NO_ERROR){
285
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
286
gpgme_strsource(rc), gpgme_strerror(rc));
287
return false;
288
}
289
290
rc = gpgme_op_import(mc->ctx, pgp_data);
291
if(rc != GPG_ERR_NO_ERROR){
292
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
293
gpgme_strsource(rc), gpgme_strerror(rc));
294
return false;
295
}
296
297
ret = (int)TEMP_FAILURE_RETRY(close(fd));
298
if(ret == -1){
299
perror_plus("close");
300
}
301
gpgme_data_release(pgp_data);
302
return true;
303
}
304
305
if(debug){
306
fprintf_plus(stderr, "Initializing GPGME\n");
307
}
308
309
/* Init GPGME */
310
gpgme_check_version(NULL);
311
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
312
if(rc != GPG_ERR_NO_ERROR){
313
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
314
gpgme_strsource(rc), gpgme_strerror(rc));
315
return false;
316
}
317
318
/* Set GPGME home directory for the OpenPGP engine only */
319
rc = gpgme_get_engine_info(&engine_info);
320
if(rc != GPG_ERR_NO_ERROR){
321
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
322
gpgme_strsource(rc), gpgme_strerror(rc));
323
return false;
324
}
325
while(engine_info != NULL){
326
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
327
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
328
engine_info->file_name, tempdir);
329
break;
330
}
331
engine_info = engine_info->next;
332
}
333
if(engine_info == NULL){
334
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
335
tempdir);
336
return false;
337
}
338
339
/* Create new GPGME "context" */
340
rc = gpgme_new(&(mc->ctx));
341
if(rc != GPG_ERR_NO_ERROR){
342
fprintf_plus(stderr, "Mandos plugin mandos-client: "
343
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
344
gpgme_strerror(rc));
345
return false;
346
}
347
348
if(not import_key(pubkey) or not import_key(seckey)){
349
return false;
350
}
351
352
return true;
353
}
354
355
/*
356
* Decrypt OpenPGP data.
357
* Returns -1 on error
358
*/
359
__attribute__((nonnull, warn_unused_result))
360
static ssize_t pgp_packet_decrypt(const char *cryptotext,
361
size_t crypto_size,
362
char **plaintext,
363
mandos_context *mc){
364
gpgme_data_t dh_crypto, dh_plain;
365
gpgme_error_t rc;
366
ssize_t ret;
367
size_t plaintext_capacity = 0;
368
ssize_t plaintext_length = 0;
369
370
if(debug){
371
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
372
}
373
374
/* Create new GPGME data buffer from memory cryptotext */
375
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
376
0);
377
if(rc != GPG_ERR_NO_ERROR){
378
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
379
gpgme_strsource(rc), gpgme_strerror(rc));
380
return -1;
381
}
382
383
/* Create new empty GPGME data buffer for the plaintext */
384
rc = gpgme_data_new(&dh_plain);
385
if(rc != GPG_ERR_NO_ERROR){
386
fprintf_plus(stderr, "Mandos plugin mandos-client: "
387
"bad gpgme_data_new: %s: %s\n",
388
gpgme_strsource(rc), gpgme_strerror(rc));
389
gpgme_data_release(dh_crypto);
390
return -1;
391
}
392
393
/* Decrypt data from the cryptotext data buffer to the plaintext
394
data buffer */
395
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
396
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
398
gpgme_strsource(rc), gpgme_strerror(rc));
399
plaintext_length = -1;
400
if(debug){
401
gpgme_decrypt_result_t result;
402
result = gpgme_op_decrypt_result(mc->ctx);
403
if(result == NULL){
404
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
405
} else {
406
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
407
result->unsupported_algorithm);
408
fprintf_plus(stderr, "Wrong key usage: %u\n",
409
result->wrong_key_usage);
410
if(result->file_name != NULL){
411
fprintf_plus(stderr, "File name: %s\n", result->file_name);
412
}
413
gpgme_recipient_t recipient;
414
recipient = result->recipients;
415
while(recipient != NULL){
416
fprintf_plus(stderr, "Public key algorithm: %s\n",
417
gpgme_pubkey_algo_name
418
(recipient->pubkey_algo));
419
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
420
fprintf_plus(stderr, "Secret key available: %s\n",
421
recipient->status == GPG_ERR_NO_SECKEY
422
? "No" : "Yes");
423
recipient = recipient->next;
424
}
425
}
426
}
427
goto decrypt_end;
428
}
429
430
if(debug){
431
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
432
}
433
434
/* Seek back to the beginning of the GPGME plaintext data buffer */
435
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
436
perror_plus("gpgme_data_seek");
437
plaintext_length = -1;
438
goto decrypt_end;
439
}
440
441
*plaintext = NULL;
442
while(true){
443
plaintext_capacity = incbuffer(plaintext,
444
(size_t)plaintext_length,
445
plaintext_capacity);
446
if(plaintext_capacity == 0){
447
perror_plus("incbuffer");
448
plaintext_length = -1;
449
goto decrypt_end;
450
}
451
452
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
453
BUFFER_SIZE);
454
/* Print the data, if any */
455
if(ret == 0){
456
/* EOF */
457
break;
458
}
459
if(ret < 0){
460
perror_plus("gpgme_data_read");
461
plaintext_length = -1;
462
goto decrypt_end;
463
}
464
plaintext_length += ret;
465
}
466
467
if(debug){
468
fprintf_plus(stderr, "Decrypted password is: ");
469
for(ssize_t i = 0; i < plaintext_length; i++){
470
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
471
}
472
fprintf(stderr, "\n");
473
}
474
475
decrypt_end:
476
477
/* Delete the GPGME cryptotext data buffer */
478
gpgme_data_release(dh_crypto);
479
480
/* Delete the GPGME plaintext data buffer */
481
gpgme_data_release(dh_plain);
482
return plaintext_length;
483
}
484
485
__attribute__((warn_unused_result))
486
static const char *safer_gnutls_strerror(int value){
487
const char *ret = gnutls_strerror(value);
488
if(ret == NULL)
489
ret = "(unknown)";
490
return ret;
491
}
492
493
/* GnuTLS log function callback */
494
__attribute__((nonnull))
495
static void debuggnutls(__attribute__((unused)) int level,
496
const char* string){
497
fprintf_plus(stderr, "GnuTLS: %s", string);
498
}
499
500
__attribute__((nonnull, warn_unused_result))
501
static int init_gnutls_global(const char *pubkeyfilename,
502
const char *seckeyfilename,
503
mandos_context *mc){
504
int ret;
505
506
if(debug){
507
fprintf_plus(stderr, "Initializing GnuTLS\n");
508
}
509
510
ret = gnutls_global_init();
511
if(ret != GNUTLS_E_SUCCESS){
512
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
513
safer_gnutls_strerror(ret));
514
return -1;
515
}
516
517
if(debug){
518
/* "Use a log level over 10 to enable all debugging options."
519
* - GnuTLS manual
520
*/
521
gnutls_global_set_log_level(11);
522
gnutls_global_set_log_function(debuggnutls);
523
}
524
525
/* OpenPGP credentials */
526
ret = gnutls_certificate_allocate_credentials(&mc->cred);
527
if(ret != GNUTLS_E_SUCCESS){
528
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
529
safer_gnutls_strerror(ret));
530
gnutls_global_deinit();
531
return -1;
532
}
533
534
if(debug){
535
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
536
" secret key %s as GnuTLS credentials\n",
537
pubkeyfilename,
538
seckeyfilename);
539
}
540
541
ret = gnutls_certificate_set_openpgp_key_file
542
(mc->cred, pubkeyfilename, seckeyfilename,
543
GNUTLS_OPENPGP_FMT_BASE64);
544
if(ret != GNUTLS_E_SUCCESS){
545
fprintf_plus(stderr,
546
"Error[%d] while reading the OpenPGP key pair ('%s',"
547
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
548
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
549
safer_gnutls_strerror(ret));
550
goto globalfail;
551
}
552
553
/* GnuTLS server initialization */
554
ret = gnutls_dh_params_init(&mc->dh_params);
555
if(ret != GNUTLS_E_SUCCESS){
556
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
557
" initialization: %s\n",
558
safer_gnutls_strerror(ret));
559
goto globalfail;
560
}
561
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
562
if(ret != GNUTLS_E_SUCCESS){
563
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
564
safer_gnutls_strerror(ret));
565
goto globalfail;
566
}
567
568
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
569
570
return 0;
571
572
globalfail:
573
574
gnutls_certificate_free_credentials(mc->cred);
575
gnutls_global_deinit();
576
gnutls_dh_params_deinit(mc->dh_params);
577
return -1;
578
}
579
580
__attribute__((nonnull, warn_unused_result))
581
static int init_gnutls_session(gnutls_session_t *session,
582
mandos_context *mc){
583
int ret;
584
/* GnuTLS session creation */
585
do {
586
ret = gnutls_init(session, GNUTLS_SERVER);
587
if(quit_now){
588
return -1;
589
}
590
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
591
if(ret != GNUTLS_E_SUCCESS){
592
fprintf_plus(stderr,
593
"Error in GnuTLS session initialization: %s\n",
594
safer_gnutls_strerror(ret));
595
}
596
597
{
598
const char *err;
599
do {
600
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
601
if(quit_now){
602
gnutls_deinit(*session);
603
return -1;
604
}
605
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
606
if(ret != GNUTLS_E_SUCCESS){
607
fprintf_plus(stderr, "Syntax error at: %s\n", err);
608
fprintf_plus(stderr, "GnuTLS error: %s\n",
609
safer_gnutls_strerror(ret));
610
gnutls_deinit(*session);
611
return -1;
612
}
613
}
614
615
do {
616
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
617
mc->cred);
618
if(quit_now){
619
gnutls_deinit(*session);
620
return -1;
621
}
622
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
623
if(ret != GNUTLS_E_SUCCESS){
624
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
625
safer_gnutls_strerror(ret));
626
gnutls_deinit(*session);
627
return -1;
628
}
629
630
/* ignore client certificate if any. */
631
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
632
633
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
634
635
return 0;
636
}
637
638
/* Avahi log function callback */
639
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
640
__attribute__((unused)) const char *txt){}
641
642
/* Called when a Mandos server is found */
643
__attribute__((nonnull, warn_unused_result))
644
static int start_mandos_communication(const char *ip, in_port_t port,
645
AvahiIfIndex if_index,
646
int af, mandos_context *mc){
647
int ret, tcp_sd = -1;
648
ssize_t sret;
649
struct sockaddr_storage to;
650
char *buffer = NULL;
651
char *decrypted_buffer = NULL;
652
size_t buffer_length = 0;
653
size_t buffer_capacity = 0;
654
size_t written;
655
int retval = -1;
656
gnutls_session_t session;
657
int pf; /* Protocol family */
658
659
errno = 0;
660
661
if(quit_now){
662
errno = EINTR;
663
return -1;
664
}
665
666
switch(af){
667
case AF_INET6:
668
pf = PF_INET6;
669
break;
670
case AF_INET:
671
pf = PF_INET;
672
break;
673
default:
674
fprintf_plus(stderr, "Bad address family: %d\n", af);
675
errno = EINVAL;
676
return -1;
677
}
678
679
/* If the interface is specified and we have a list of interfaces */
680
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
681
/* Check if the interface is one of the interfaces we are using */
682
bool match = false;
683
{
684
char *interface = NULL;
685
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
686
interface))){
687
if(if_nametoindex(interface) == (unsigned int)if_index){
688
match = true;
689
break;
690
}
691
}
692
}
693
if(not match){
694
/* This interface does not match any in the list, so we don't
695
connect to the server */
696
if(debug){
697
char interface[IF_NAMESIZE];
698
if(if_indextoname((unsigned int)if_index, interface) == NULL){
699
perror_plus("if_indextoname");
700
} else {
701
fprintf_plus(stderr, "Skipping server on non-used interface"
702
" \"%s\"\n",
703
if_indextoname((unsigned int)if_index,
704
interface));
705
}
706
}
707
return -1;
708
}
709
}
710
711
ret = init_gnutls_session(&session, mc);
712
if(ret != 0){
713
return -1;
714
}
715
716
if(debug){
717
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
718
PRIuMAX "\n", ip, (uintmax_t)port);
719
}
720
721
tcp_sd = socket(pf, SOCK_STREAM, 0);
722
if(tcp_sd < 0){
723
int e = errno;
724
perror_plus("socket");
725
errno = e;
726
goto mandos_end;
727
}
728
729
if(quit_now){
730
errno = EINTR;
731
goto mandos_end;
732
}
733
734
memset(&to, 0, sizeof(to));
735
if(af == AF_INET6){
736
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
737
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
738
} else { /* IPv4 */
739
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
740
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
741
}
742
if(ret < 0 ){
743
int e = errno;
744
perror_plus("inet_pton");
745
errno = e;
746
goto mandos_end;
747
}
748
if(ret == 0){
749
int e = errno;
750
fprintf_plus(stderr, "Bad address: %s\n", ip);
751
errno = e;
752
goto mandos_end;
753
}
754
if(af == AF_INET6){
755
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
756
if(IN6_IS_ADDR_LINKLOCAL
757
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
758
if(if_index == AVAHI_IF_UNSPEC){
759
fprintf_plus(stderr, "An IPv6 link-local address is"
760
" incomplete without a network interface\n");
761
errno = EINVAL;
762
goto mandos_end;
763
}
764
/* Set the network interface number as scope */
765
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
766
}
767
} else {
768
((struct sockaddr_in *)&to)->sin_port = htons(port);
769
}
770
771
if(quit_now){
772
errno = EINTR;
773
goto mandos_end;
774
}
775
776
if(debug){
777
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
778
char interface[IF_NAMESIZE];
779
if(if_indextoname((unsigned int)if_index, interface) == NULL){
780
perror_plus("if_indextoname");
781
} else {
782
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
783
"\n", ip, interface, (uintmax_t)port);
784
}
785
} else {
786
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
787
ip, (uintmax_t)port);
788
}
789
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
790
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
791
if(af == AF_INET6){
792
ret = getnameinfo((struct sockaddr *)&to,
793
sizeof(struct sockaddr_in6),
794
addrstr, sizeof(addrstr), NULL, 0,
795
NI_NUMERICHOST);
796
} else {
797
ret = getnameinfo((struct sockaddr *)&to,
798
sizeof(struct sockaddr_in),
799
addrstr, sizeof(addrstr), NULL, 0,
800
NI_NUMERICHOST);
801
}
802
if(ret == EAI_SYSTEM){
803
perror_plus("getnameinfo");
804
} else if(ret != 0) {
805
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
806
} else if(strcmp(addrstr, ip) != 0){
807
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
808
}
809
}
810
811
if(quit_now){
812
errno = EINTR;
813
goto mandos_end;
814
}
815
816
if(af == AF_INET6){
817
ret = connect(tcp_sd, (struct sockaddr *)&to,
818
sizeof(struct sockaddr_in6));
819
} else {
820
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
821
sizeof(struct sockaddr_in));
822
}
823
if(ret < 0){
824
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
825
int e = errno;
826
perror_plus("connect");
827
errno = e;
828
}
829
goto mandos_end;
830
}
831
832
if(quit_now){
833
errno = EINTR;
834
goto mandos_end;
835
}
836
837
const char *out = mandos_protocol_version;
838
written = 0;
839
while(true){
840
size_t out_size = strlen(out);
841
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
842
out_size - written));
843
if(ret == -1){
844
int e = errno;
845
perror_plus("write");
846
errno = e;
847
goto mandos_end;
848
}
849
written += (size_t)ret;
850
if(written < out_size){
851
continue;
852
} else {
853
if(out == mandos_protocol_version){
854
written = 0;
855
out = "\r\n";
856
} else {
857
break;
858
}
859
}
860
861
if(quit_now){
862
errno = EINTR;
863
goto mandos_end;
864
}
865
}
866
867
if(debug){
868
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
869
}
870
871
if(quit_now){
872
errno = EINTR;
873
goto mandos_end;
874
}
875
876
/* This casting via intptr_t is to eliminate warning about casting
877
an int to a pointer type. This is exactly how the GnuTLS Guile
878
function "set-session-transport-fd!" does it. */
879
gnutls_transport_set_ptr(session,
880
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
881
882
if(quit_now){
883
errno = EINTR;
884
goto mandos_end;
885
}
886
887
do {
888
ret = gnutls_handshake(session);
889
if(quit_now){
890
errno = EINTR;
891
goto mandos_end;
892
}
893
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
894
895
if(ret != GNUTLS_E_SUCCESS){
896
if(debug){
897
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
898
gnutls_perror(ret);
899
}
900
errno = EPROTO;
901
goto mandos_end;
902
}
903
904
/* Read OpenPGP packet that contains the wanted password */
905
906
if(debug){
907
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
908
" %s\n", ip);
909
}
910
911
while(true){
912
913
if(quit_now){
914
errno = EINTR;
915
goto mandos_end;
916
}
917
918
buffer_capacity = incbuffer(&buffer, buffer_length,
919
buffer_capacity);
920
if(buffer_capacity == 0){
921
int e = errno;
922
perror_plus("incbuffer");
923
errno = e;
924
goto mandos_end;
925
}
926
927
if(quit_now){
928
errno = EINTR;
929
goto mandos_end;
930
}
931
932
sret = gnutls_record_recv(session, buffer+buffer_length,
933
BUFFER_SIZE);
934
if(sret == 0){
935
break;
936
}
937
if(sret < 0){
938
switch(sret){
939
case GNUTLS_E_INTERRUPTED:
940
case GNUTLS_E_AGAIN:
941
break;
942
case GNUTLS_E_REHANDSHAKE:
943
do {
944
ret = gnutls_handshake(session);
945
946
if(quit_now){
947
errno = EINTR;
948
goto mandos_end;
949
}
950
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
951
if(ret < 0){
952
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
953
"***\n");
954
gnutls_perror(ret);
955
errno = EPROTO;
956
goto mandos_end;
957
}
958
break;
959
default:
960
fprintf_plus(stderr, "Unknown error while reading data from"
961
" encrypted session with Mandos server\n");
962
gnutls_bye(session, GNUTLS_SHUT_RDWR);
963
errno = EIO;
964
goto mandos_end;
965
}
966
} else {
967
buffer_length += (size_t) sret;
968
}
969
}
970
971
if(debug){
972
fprintf_plus(stderr, "Closing TLS session\n");
973
}
974
975
if(quit_now){
976
errno = EINTR;
977
goto mandos_end;
978
}
979
980
do {
981
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
982
if(quit_now){
983
errno = EINTR;
984
goto mandos_end;
985
}
986
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
987
988
if(buffer_length > 0){
989
ssize_t decrypted_buffer_size;
990
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
991
&decrypted_buffer, mc);
992
if(decrypted_buffer_size >= 0){
993
994
written = 0;
995
while(written < (size_t) decrypted_buffer_size){
996
if(quit_now){
997
errno = EINTR;
998
goto mandos_end;
999
}
1000
1001
ret = (int)fwrite(decrypted_buffer + written, 1,
1002
(size_t)decrypted_buffer_size - written,
1003
stdout);
1004
if(ret == 0 and ferror(stdout)){
1005
int e = errno;
1006
if(debug){
1007
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1008
strerror(errno));
1009
}
1010
errno = e;
1011
goto mandos_end;
1012
}
1013
written += (size_t)ret;
1014
}
1015
retval = 0;
1016
}
1017
}
1018
1019
/* Shutdown procedure */
1020
1021
mandos_end:
1022
{
1023
int e = errno;
1024
free(decrypted_buffer);
1025
free(buffer);
1026
if(tcp_sd >= 0){
1027
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1028
}
1029
if(ret == -1){
1030
if(e == 0){
1031
e = errno;
1032
}
1033
perror_plus("close");
1034
}
1035
gnutls_deinit(session);
1036
errno = e;
1037
if(quit_now){
1038
errno = EINTR;
1039
retval = -1;
1040
}
1041
}
1042
return retval;
1043
}
1044
1045
__attribute__((nonnull))
1046
static void resolve_callback(AvahiSServiceResolver *r,
1047
AvahiIfIndex interface,
1048
AvahiProtocol proto,
1049
AvahiResolverEvent event,
1050
const char *name,
1051
const char *type,
1052
const char *domain,
1053
const char *host_name,
1054
const AvahiAddress *address,
1055
uint16_t port,
1056
AVAHI_GCC_UNUSED AvahiStringList *txt,
1057
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1058
flags,
1059
void *mc){
1060
if(r == NULL){
1061
return;
1062
}
1063
1064
/* Called whenever a service has been resolved successfully or
1065
timed out */
1066
1067
if(quit_now){
1068
return;
1069
}
1070
1071
switch(event){
1072
default:
1073
case AVAHI_RESOLVER_FAILURE:
1074
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1075
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1076
domain,
1077
avahi_strerror(avahi_server_errno
1078
(((mandos_context*)mc)->server)));
1079
break;
1080
1081
case AVAHI_RESOLVER_FOUND:
1082
{
1083
char ip[AVAHI_ADDRESS_STR_MAX];
1084
avahi_address_snprint(ip, sizeof(ip), address);
1085
if(debug){
1086
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1087
PRIdMAX ") on port %" PRIu16 "\n", name,
1088
host_name, ip, (intmax_t)interface, port);
1089
}
1090
int ret = start_mandos_communication(ip, (in_port_t)port,
1091
interface,
1092
avahi_proto_to_af(proto),
1093
mc);
1094
if(ret == 0){
1095
avahi_simple_poll_quit(simple_poll);
1096
} else {
1097
if(not add_server(ip, (in_port_t)port, interface,
1098
avahi_proto_to_af(proto),
1099
&((mandos_context*)mc)->current_server)){
1100
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1101
" list\n", name);
1102
}
1103
}
1104
}
1105
}
1106
avahi_s_service_resolver_free(r);
1107
}
1108
1109
static void browse_callback(AvahiSServiceBrowser *b,
1110
AvahiIfIndex interface,
1111
AvahiProtocol protocol,
1112
AvahiBrowserEvent event,
1113
const char *name,
1114
const char *type,
1115
const char *domain,
1116
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1117
flags,
1118
void *mc){
1119
if(b == NULL){
1120
return;
1121
}
1122
1123
/* Called whenever a new services becomes available on the LAN or
1124
is removed from the LAN */
1125
1126
if(quit_now){
1127
return;
1128
}
1129
1130
switch(event){
1131
default:
1132
case AVAHI_BROWSER_FAILURE:
1133
1134
fprintf_plus(stderr, "(Avahi browser) %s\n",
1135
avahi_strerror(avahi_server_errno
1136
(((mandos_context*)mc)->server)));
1137
avahi_simple_poll_quit(simple_poll);
1138
return;
1139
1140
case AVAHI_BROWSER_NEW:
1141
/* We ignore the returned Avahi resolver object. In the callback
1142
function we free it. If the Avahi server is terminated before
1143
the callback function is called the Avahi server will free the
1144
resolver for us. */
1145
1146
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1147
interface, protocol, name, type,
1148
domain, protocol, 0,
1149
resolve_callback, mc) == NULL)
1150
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1151
" %s\n", name,
1152
avahi_strerror(avahi_server_errno
1153
(((mandos_context*)mc)->server)));
1154
break;
1155
1156
case AVAHI_BROWSER_REMOVE:
1157
break;
1158
1159
case AVAHI_BROWSER_ALL_FOR_NOW:
1160
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1161
if(debug){
1162
fprintf_plus(stderr, "No Mandos server found, still"
1163
" searching...\n");
1164
}
1165
break;
1166
}
1167
}
1168
1169
/* Signal handler that stops main loop after SIGTERM */
1170
static void handle_sigterm(int sig){
1171
if(quit_now){
1172
return;
1173
}
1174
quit_now = 1;
1175
signal_received = sig;
1176
int old_errno = errno;
1177
/* set main loop to exit */
1178
if(simple_poll != NULL){
1179
avahi_simple_poll_quit(simple_poll);
1180
}
1181
errno = old_errno;
1182
}
1183
1184
__attribute__((nonnull, warn_unused_result))
1185
bool get_flags(const char *ifname, struct ifreq *ifr){
1186
int ret;
1187
error_t ret_errno;
1188
1189
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1190
if(s < 0){
1191
ret_errno = errno;
1192
perror_plus("socket");
1193
errno = ret_errno;
1194
return false;
1195
}
1196
strcpy(ifr->ifr_name, ifname);
1197
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1198
if(ret == -1){
1199
if(debug){
1200
ret_errno = errno;
1201
perror_plus("ioctl SIOCGIFFLAGS");
1202
errno = ret_errno;
1203
}
1204
return false;
1205
}
1206
return true;
1207
}
1208
1209
__attribute__((nonnull, warn_unused_result))
1210
bool good_flags(const char *ifname, const struct ifreq *ifr){
1211
1212
/* Reject the loopback device */
1213
if(ifr->ifr_flags & IFF_LOOPBACK){
1214
if(debug){
1215
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1216
ifname);
1217
}
1218
return false;
1219
}
1220
/* Accept point-to-point devices only if connect_to is specified */
1221
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1222
if(debug){
1223
fprintf_plus(stderr, "Accepting point-to-point interface"
1224
" \"%s\"\n", ifname);
1225
}
1226
return true;
1227
}
1228
/* Otherwise, reject non-broadcast-capable devices */
1229
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1230
if(debug){
1231
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1232
" \"%s\"\n", ifname);
1233
}
1234
return false;
1235
}
1236
/* Reject non-ARP interfaces (including dummy interfaces) */
1237
if(ifr->ifr_flags & IFF_NOARP){
1238
if(debug){
1239
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1240
ifname);
1241
}
1242
return false;
1243
}
1244
1245
/* Accept this device */
1246
if(debug){
1247
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1248
}
1249
return true;
1250
}
1251
1252
/*
1253
* This function determines if a directory entry in /sys/class/net
1254
* corresponds to an acceptable network device.
1255
* (This function is passed to scandir(3) as a filter function.)
1256
*/
1257
__attribute__((nonnull, warn_unused_result))
1258
int good_interface(const struct dirent *if_entry){
1259
if(if_entry->d_name[0] == '.'){
1260
return 0;
1261
}
1262
1263
struct ifreq ifr;
1264
if(not get_flags(if_entry->d_name, &ifr)){
1265
if(debug){
1266
fprintf_plus(stderr, "Failed to get flags for interface "
1267
"\"%s\"\n", if_entry->d_name);
1268
}
1269
return 0;
1270
}
1271
1272
if(not good_flags(if_entry->d_name, &ifr)){
1273
return 0;
1274
}
1275
return 1;
1276
}
1277
1278
/*
1279
* This function determines if a network interface is up.
1280
*/
1281
__attribute__((nonnull, warn_unused_result))
1282
bool interface_is_up(const char *interface){
1283
struct ifreq ifr;
1284
if(not get_flags(interface, &ifr)){
1285
if(debug){
1286
fprintf_plus(stderr, "Failed to get flags for interface "
1287
"\"%s\"\n", interface);
1288
}
1289
return false;
1290
}
1291
1292
return (bool)(ifr.ifr_flags & IFF_UP);
1293
}
1294
1295
/*
1296
* This function determines if a network interface is running
1297
*/
1298
__attribute__((nonnull, warn_unused_result))
1299
bool interface_is_running(const char *interface){
1300
struct ifreq ifr;
1301
if(not get_flags(interface, &ifr)){
1302
if(debug){
1303
fprintf_plus(stderr, "Failed to get flags for interface "
1304
"\"%s\"\n", interface);
1305
}
1306
return false;
1307
}
1308
1309
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1310
}
1311
1312
__attribute__((nonnull, pure, warn_unused_result))
1313
int notdotentries(const struct dirent *direntry){
1314
/* Skip "." and ".." */
1315
if(direntry->d_name[0] == '.'
1316
and (direntry->d_name[1] == '\0'
1317
or (direntry->d_name[1] == '.'
1318
and direntry->d_name[2] == '\0'))){
1319
return 0;
1320
}
1321
return 1;
1322
}
1323
1324
/* Is this directory entry a runnable program? */
1325
__attribute__((nonnull, warn_unused_result))
1326
int runnable_hook(const struct dirent *direntry){
1327
int ret;
1328
size_t sret;
1329
struct stat st;
1330
1331
if((direntry->d_name)[0] == '\0'){
1332
/* Empty name? */
1333
return 0;
1334
}
1335
1336
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1337
"abcdefghijklmnopqrstuvwxyz"
1338
"0123456789"
1339
"_.-");
1340
if((direntry->d_name)[sret] != '\0'){
1341
/* Contains non-allowed characters */
1342
if(debug){
1343
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1344
direntry->d_name);
1345
}
1346
return 0;
1347
}
1348
1349
char *fullname = NULL;
1350
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1351
if(ret < 0){
1352
perror_plus("asprintf");
1353
return 0;
1354
}
1355
1356
ret = stat(fullname, &st);
1357
if(ret == -1){
1358
if(debug){
1359
perror_plus("Could not stat hook");
1360
}
1361
return 0;
1362
}
1363
free(fullname);
1364
if(not (S_ISREG(st.st_mode))){
1365
/* Not a regular file */
1366
if(debug){
1367
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1368
direntry->d_name);
1369
}
1370
return 0;
1371
}
1372
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1373
/* Not executable */
1374
if(debug){
1375
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1376
direntry->d_name);
1377
}
1378
return 0;
1379
}
1380
if(debug){
1381
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1382
direntry->d_name);
1383
}
1384
return 1;
1385
}
1386
1387
__attribute__((nonnull, warn_unused_result))
1388
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1389
mandos_context *mc){
1390
int ret;
1391
struct timespec now;
1392
struct timespec waited_time;
1393
intmax_t block_time;
1394
1395
while(true){
1396
if(mc->current_server == NULL){
1397
if(debug){
1398
fprintf_plus(stderr, "Wait until first server is found."
1399
" No timeout!\n");
1400
}
1401
ret = avahi_simple_poll_iterate(s, -1);
1402
} else {
1403
if(debug){
1404
fprintf_plus(stderr, "Check current_server if we should run"
1405
" it, or wait\n");
1406
}
1407
/* the current time */
1408
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1409
if(ret == -1){
1410
perror_plus("clock_gettime");
1411
return -1;
1412
}
1413
/* Calculating in ms how long time between now and server
1414
who we visted longest time ago. Now - last seen. */
1415
waited_time.tv_sec = (now.tv_sec
1416
- mc->current_server->last_seen.tv_sec);
1417
waited_time.tv_nsec = (now.tv_nsec
1418
- mc->current_server->last_seen.tv_nsec);
1419
/* total time is 10s/10,000ms.
1420
Converting to s from ms by dividing by 1,000,
1421
and ns to ms by dividing by 1,000,000. */
1422
block_time = ((retry_interval
1423
- ((intmax_t)waited_time.tv_sec * 1000))
1424
- ((intmax_t)waited_time.tv_nsec / 1000000));
1425
1426
if(debug){
1427
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1428
block_time);
1429
}
1430
1431
if(block_time <= 0){
1432
ret = start_mandos_communication(mc->current_server->ip,
1433
mc->current_server->port,
1434
mc->current_server->if_index,
1435
mc->current_server->af, mc);
1436
if(ret == 0){
1437
avahi_simple_poll_quit(s);
1438
return 0;
1439
}
1440
ret = clock_gettime(CLOCK_MONOTONIC,
1441
&mc->current_server->last_seen);
1442
if(ret == -1){
1443
perror_plus("clock_gettime");
1444
return -1;
1445
}
1446
mc->current_server = mc->current_server->next;
1447
block_time = 0; /* Call avahi to find new Mandos
1448
servers, but don't block */
1449
}
1450
1451
ret = avahi_simple_poll_iterate(s, (int)block_time);
1452
}
1453
if(ret != 0){
1454
if(ret > 0 or errno != EINTR){
1455
return (ret != 1) ? ret : 0;
1456
}
1457
}
1458
}
1459
}
1460
1461
/* Set effective uid to 0, return errno */
1462
__attribute__((warn_unused_result))
1463
error_t raise_privileges(void){
1464
error_t old_errno = errno;
1465
error_t ret_errno = 0;
1466
if(seteuid(0) == -1){
1467
ret_errno = errno;
1468
perror_plus("seteuid");
1469
}
1470
errno = old_errno;
1471
return ret_errno;
1472
}
1473
1474
/* Set effective and real user ID to 0. Return errno. */
1475
__attribute__((warn_unused_result))
1476
error_t raise_privileges_permanently(void){
1477
error_t old_errno = errno;
1478
error_t ret_errno = raise_privileges();
1479
if(ret_errno != 0){
1480
errno = old_errno;
1481
return ret_errno;
1482
}
1483
if(setuid(0) == -1){
1484
ret_errno = errno;
1485
perror_plus("seteuid");
1486
}
1487
errno = old_errno;
1488
return ret_errno;
1489
}
1490
1491
/* Set effective user ID to unprivileged saved user ID */
1492
__attribute__((warn_unused_result))
1493
error_t lower_privileges(void){
1494
error_t old_errno = errno;
1495
error_t ret_errno = 0;
1496
if(seteuid(uid) == -1){
1497
ret_errno = errno;
1498
perror_plus("seteuid");
1499
}
1500
errno = old_errno;
1501
return ret_errno;
1502
}
1503
1504
/* Lower privileges permanently */
1505
__attribute__((warn_unused_result))
1506
error_t lower_privileges_permanently(void){
1507
error_t old_errno = errno;
1508
error_t ret_errno = 0;
1509
if(setuid(uid) == -1){
1510
ret_errno = errno;
1511
perror_plus("setuid");
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1517
#ifndef O_CLOEXEC
1518
/*
1519
* Based on the example in the GNU LibC manual chapter 13.13 "File
1520
* Descriptor Flags".
1521
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
1522
*/
1523
__attribute__((warn_unused_result))
1524
static int set_cloexec_flag(int fd){
1525
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
1526
/* If reading the flags failed, return error indication now. */
1527
if(ret < 0){
1528
return ret;
1529
}
1530
/* Store modified flag word in the descriptor. */
1531
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
1532
ret | FD_CLOEXEC));
1533
}
1534
#endif /* not O_CLOEXEC */
1535
1536
__attribute__((nonnull))
1537
void run_network_hooks(const char *mode, const char *interface,
1538
const float delay){
1539
struct dirent **direntries;
1540
if(hookdir_fd == -1){
1541
hookdir_fd = open(hookdir, O_RDONLY |
1542
#ifdef O_CLOEXEC
1543
O_CLOEXEC
1544
#else /* not O_CLOEXEC */
1545
0
1546
#endif /* not O_CLOEXEC */
1547
);
1548
if(hookdir_fd == -1){
1549
if(errno == ENOENT){
1550
if(debug){
1551
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1552
" found\n", hookdir);
1553
}
1554
} else {
1555
perror_plus("open");
1556
}
1557
return;
1558
}
1559
#ifndef O_CLOEXEC
1560
if(set_cloexec_flag(hookdir_fd) < 0){
1561
perror_plus("set_cloexec_flag");
1562
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1563
perror_plus("close");
1564
} else {
1565
hookdir_fd = -1;
1566
}
1567
return;
1568
}
1569
#endif /* not O_CLOEXEC */
1570
}
1571
#ifdef __GLIBC__
1572
#if __GLIBC_PREREQ(2, 15)
1573
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1574
runnable_hook, alphasort);
1575
#else /* not __GLIBC_PREREQ(2, 15) */
1576
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1577
alphasort);
1578
#endif /* not __GLIBC_PREREQ(2, 15) */
1579
#else /* not __GLIBC__ */
1580
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1581
alphasort);
1582
#endif /* not __GLIBC__ */
1583
if(numhooks == -1){
1584
perror_plus("scandir");
1585
return;
1586
}
1587
struct dirent *direntry;
1588
int ret;
1589
int devnull = open("/dev/null", O_RDONLY);
1590
for(int i = 0; i < numhooks; i++){
1591
direntry = direntries[i];
1592
if(debug){
1593
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1594
direntry->d_name);
1595
}
1596
pid_t hook_pid = fork();
1597
if(hook_pid == 0){
1598
/* Child */
1599
/* Raise privileges */
1600
if(raise_privileges_permanently() != 0){
1601
perror_plus("Failed to raise privileges");
1602
_exit(EX_NOPERM);
1603
}
1604
/* Set group */
1605
errno = 0;
1606
ret = setgid(0);
1607
if(ret == -1){
1608
perror_plus("setgid");
1609
_exit(EX_NOPERM);
1610
}
1611
/* Reset supplementary groups */
1612
errno = 0;
1613
ret = setgroups(0, NULL);
1614
if(ret == -1){
1615
perror_plus("setgroups");
1616
_exit(EX_NOPERM);
1617
}
1618
ret = dup2(devnull, STDIN_FILENO);
1619
if(ret == -1){
1620
perror_plus("dup2(devnull, STDIN_FILENO)");
1621
_exit(EX_OSERR);
1622
}
1623
ret = close(devnull);
1624
if(ret == -1){
1625
perror_plus("close");
1626
_exit(EX_OSERR);
1627
}
1628
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1629
if(ret == -1){
1630
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1631
_exit(EX_OSERR);
1632
}
1633
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1634
if(ret == -1){
1635
perror_plus("setenv");
1636
_exit(EX_OSERR);
1637
}
1638
ret = setenv("DEVICE", interface, 1);
1639
if(ret == -1){
1640
perror_plus("setenv");
1641
_exit(EX_OSERR);
1642
}
1643
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1644
if(ret == -1){
1645
perror_plus("setenv");
1646
_exit(EX_OSERR);
1647
}
1648
ret = setenv("MODE", mode, 1);
1649
if(ret == -1){
1650
perror_plus("setenv");
1651
_exit(EX_OSERR);
1652
}
1653
char *delaystring;
1654
ret = asprintf(&delaystring, "%f", (double)delay);
1655
if(ret == -1){
1656
perror_plus("asprintf");
1657
_exit(EX_OSERR);
1658
}
1659
ret = setenv("DELAY", delaystring, 1);
1660
if(ret == -1){
1661
free(delaystring);
1662
perror_plus("setenv");
1663
_exit(EX_OSERR);
1664
}
1665
free(delaystring);
1666
if(connect_to != NULL){
1667
ret = setenv("CONNECT", connect_to, 1);
1668
if(ret == -1){
1669
perror_plus("setenv");
1670
_exit(EX_OSERR);
1671
}
1672
}
1673
if(fexecve(hookdir_fd, (char *const [])
1674
{ direntry->d_name, NULL }, environ) == -1){
1675
perror_plus("fexecve");
1676
_exit(EXIT_FAILURE);
1677
}
1678
} else {
1679
int status;
1680
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1681
perror_plus("waitpid");
1682
continue;
1683
}
1684
if(WIFEXITED(status)){
1685
if(WEXITSTATUS(status) != 0){
1686
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1687
" with status %d\n", direntry->d_name,
1688
WEXITSTATUS(status));
1689
continue;
1690
}
1691
} else if(WIFSIGNALED(status)){
1692
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1693
" signal %d\n", direntry->d_name,
1694
WTERMSIG(status));
1695
continue;
1696
} else {
1697
fprintf_plus(stderr, "Warning: network hook \"%s\""
1698
" crashed\n", direntry->d_name);
1699
continue;
1700
}
1701
}
1702
if(debug){
1703
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1704
direntry->d_name);
1705
}
1706
}
1707
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1708
perror_plus("close");
1709
} else {
1710
hookdir_fd = -1;
1711
}
1712
close(devnull);
1713
}
1714
1715
__attribute__((nonnull, warn_unused_result))
1716
error_t bring_up_interface(const char *const interface,
1717
const float delay){
1718
error_t old_errno = errno;
1719
int ret;
1720
struct ifreq network;
1721
unsigned int if_index = if_nametoindex(interface);
1722
if(if_index == 0){
1723
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1724
errno = old_errno;
1725
return ENXIO;
1726
}
1727
1728
if(quit_now){
1729
errno = old_errno;
1730
return EINTR;
1731
}
1732
1733
if(not interface_is_up(interface)){
1734
error_t ret_errno = 0, ioctl_errno = 0;
1735
if(not get_flags(interface, &network)){
1736
ret_errno = errno;
1737
fprintf_plus(stderr, "Failed to get flags for interface "
1738
"\"%s\"\n", interface);
1739
errno = old_errno;
1740
return ret_errno;
1741
}
1742
network.ifr_flags |= IFF_UP; /* set flag */
1743
1744
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1745
if(sd == -1){
1746
ret_errno = errno;
1747
perror_plus("socket");
1748
errno = old_errno;
1749
return ret_errno;
1750
}
1751
1752
if(quit_now){
1753
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1754
if(ret == -1){
1755
perror_plus("close");
1756
}
1757
errno = old_errno;
1758
return EINTR;
1759
}
1760
1761
if(debug){
1762
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
1763
interface);
1764
}
1765
1766
/* Raise privileges */
1767
ret_errno = raise_privileges();
1768
if(ret_errno != 0){
1769
perror_plus("Failed to raise privileges");
1770
}
1771
1772
#ifdef __linux__
1773
int ret_linux;
1774
bool restore_loglevel = false;
1775
if(ret_errno == 0){
1776
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1777
messages about the network interface to mess up the prompt */
1778
ret_linux = klogctl(8, NULL, 5);
1779
if(ret_linux == -1){
1780
perror_plus("klogctl");
1781
} else {
1782
restore_loglevel = true;
1783
}
1784
}
1785
#endif /* __linux__ */
1786
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1787
ioctl_errno = errno;
1788
#ifdef __linux__
1789
if(restore_loglevel){
1790
ret_linux = klogctl(7, NULL, 0);
1791
if(ret_linux == -1){
1792
perror_plus("klogctl");
1793
}
1794
}
1795
#endif /* __linux__ */
1796
1797
/* If raise_privileges() succeeded above */
1798
if(ret_errno == 0){
1799
/* Lower privileges */
1800
ret_errno = lower_privileges();
1801
if(ret_errno != 0){
1802
errno = ret_errno;
1803
perror_plus("Failed to lower privileges");
1804
}
1805
}
1806
1807
/* Close the socket */
1808
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1809
if(ret == -1){
1810
perror_plus("close");
1811
}
1812
1813
if(ret_setflags == -1){
1814
errno = ioctl_errno;
1815
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
1816
errno = old_errno;
1817
return ioctl_errno;
1818
}
1819
} else if(debug){
1820
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
1821
interface);
1822
}
1823
1824
/* Sleep checking until interface is running.
1825
Check every 0.25s, up to total time of delay */
1826
for(int i=0; i < delay * 4; i++){
1827
if(interface_is_running(interface)){
1828
break;
1829
}
1830
struct timespec sleeptime = { .tv_nsec = 250000000 };
1831
ret = nanosleep(&sleeptime, NULL);
1832
if(ret == -1 and errno != EINTR){
1833
perror_plus("nanosleep");
1834
}
1835
}
1836
1837
errno = old_errno;
1838
return 0;
1839
}
1840
1841
__attribute__((nonnull, warn_unused_result))
1842
error_t take_down_interface(const char *const interface){
1843
error_t old_errno = errno;
1844
struct ifreq network;
1845
unsigned int if_index = if_nametoindex(interface);
1846
if(if_index == 0){
1847
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1848
errno = old_errno;
1849
return ENXIO;
1850
}
1851
if(interface_is_up(interface)){
1852
error_t ret_errno = 0, ioctl_errno = 0;
1853
if(not get_flags(interface, &network) and debug){
1854
ret_errno = errno;
1855
fprintf_plus(stderr, "Failed to get flags for interface "
1856
"\"%s\"\n", interface);
1857
errno = old_errno;
1858
return ret_errno;
1859
}
1860
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1861
1862
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1863
if(sd == -1){
1864
ret_errno = errno;
1865
perror_plus("socket");
1866
errno = old_errno;
1867
return ret_errno;
1868
}
1869
1870
if(debug){
1871
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
1872
interface);
1873
}
1874
1875
/* Raise privileges */
1876
ret_errno = raise_privileges();
1877
if(ret_errno != 0){
1878
perror_plus("Failed to raise privileges");
1879
}
1880
1881
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1882
ioctl_errno = errno;
1883
1884
/* If raise_privileges() succeeded above */
1885
if(ret_errno == 0){
1886
/* Lower privileges */
1887
ret_errno = lower_privileges();
1888
if(ret_errno != 0){
1889
errno = ret_errno;
1890
perror_plus("Failed to lower privileges");
1891
}
1892
}
1893
1894
/* Close the socket */
1895
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
1896
if(ret == -1){
1897
perror_plus("close");
1898
}
1899
1900
if(ret_setflags == -1){
1901
errno = ioctl_errno;
1902
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
1903
errno = old_errno;
1904
return ioctl_errno;
1905
}
1906
} else if(debug){
1907
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
1908
interface);
1909
}
1910
1911
errno = old_errno;
1912
return 0;
1913
}
1914
1915
int main(int argc, char *argv[]){
1916
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1917
.priority = "SECURE256:!CTYPE-X.509:"
1918
"+CTYPE-OPENPGP", .current_server = NULL,
1919
.interfaces = NULL, .interfaces_size = 0 };
1920
AvahiSServiceBrowser *sb = NULL;
1921
error_t ret_errno;
1922
int ret;
1923
intmax_t tmpmax;
1924
char *tmp;
1925
int exitcode = EXIT_SUCCESS;
1926
char *interfaces_to_take_down = NULL;
1927
size_t interfaces_to_take_down_size = 0;
1928
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
1929
char old_tempdir[] = "/tmp/mandosXXXXXX";
1930
char *tempdir = NULL;
1931
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1932
const char *seckey = PATHDIR "/" SECKEY;
1933
const char *pubkey = PATHDIR "/" PUBKEY;
1934
char *interfaces_hooks = NULL;
1935
1936
bool gnutls_initialized = false;
1937
bool gpgme_initialized = false;
1938
float delay = 2.5f;
1939
double retry_interval = 10; /* 10s between trying a server and
1940
retrying the same server again */
1941
1942
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
1943
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
1944
1945
uid = getuid();
1946
gid = getgid();
1947
1948
/* Lower any group privileges we might have, just to be safe */
1949
errno = 0;
1950
ret = setgid(gid);
1951
if(ret == -1){
1952
perror_plus("setgid");
1953
}
1954
1955
/* Lower user privileges (temporarily) */
1956
errno = 0;
1957
ret = seteuid(uid);
1958
if(ret == -1){
1959
perror_plus("seteuid");
1960
}
1961
1962
if(quit_now){
1963
goto end;
1964
}
1965
1966
{
1967
struct argp_option options[] = {
1968
{ .name = "debug", .key = 128,
1969
.doc = "Debug mode", .group = 3 },
1970
{ .name = "connect", .key = 'c',
1971
.arg = "ADDRESS:PORT",
1972
.doc = "Connect directly to a specific Mandos server",
1973
.group = 1 },
1974
{ .name = "interface", .key = 'i',
1975
.arg = "NAME",
1976
.doc = "Network interface that will be used to search for"
1977
" Mandos servers",
1978
.group = 1 },
1979
{ .name = "seckey", .key = 's',
1980
.arg = "FILE",
1981
.doc = "OpenPGP secret key file base name",
1982
.group = 1 },
1983
{ .name = "pubkey", .key = 'p',
1984
.arg = "FILE",
1985
.doc = "OpenPGP public key file base name",
1986
.group = 2 },
1987
{ .name = "dh-bits", .key = 129,
1988
.arg = "BITS",
1989
.doc = "Bit length of the prime number used in the"
1990
" Diffie-Hellman key exchange",
1991
.group = 2 },
1992
{ .name = "priority", .key = 130,
1993
.arg = "STRING",
1994
.doc = "GnuTLS priority string for the TLS handshake",
1995
.group = 1 },
1996
{ .name = "delay", .key = 131,
1997
.arg = "SECONDS",
1998
.doc = "Maximum delay to wait for interface startup",
1999
.group = 2 },
2000
{ .name = "retry", .key = 132,
2001
.arg = "SECONDS",
2002
.doc = "Retry interval used when denied by the Mandos server",
2003
.group = 2 },
2004
{ .name = "network-hook-dir", .key = 133,
2005
.arg = "DIR",
2006
.doc = "Directory where network hooks are located",
2007
.group = 2 },
2008
/*
2009
* These reproduce what we would get without ARGP_NO_HELP
2010
*/
2011
{ .name = "help", .key = '?',
2012
.doc = "Give this help list", .group = -1 },
2013
{ .name = "usage", .key = -3,
2014
.doc = "Give a short usage message", .group = -1 },
2015
{ .name = "version", .key = 'V',
2016
.doc = "Print program version", .group = -1 },
2017
{ .name = NULL }
2018
};
2019
2020
error_t parse_opt(int key, char *arg,
2021
struct argp_state *state){
2022
errno = 0;
2023
switch(key){
2024
case 128: /* --debug */
2025
debug = true;
2026
break;
2027
case 'c': /* --connect */
2028
connect_to = arg;
2029
break;
2030
case 'i': /* --interface */
2031
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2032
arg, (int)',');
2033
if(ret_errno != 0){
2034
argp_error(state, "%s", strerror(ret_errno));
2035
}
2036
break;
2037
case 's': /* --seckey */
2038
seckey = arg;
2039
break;
2040
case 'p': /* --pubkey */
2041
pubkey = arg;
2042
break;
2043
case 129: /* --dh-bits */
2044
errno = 0;
2045
tmpmax = strtoimax(arg, &tmp, 10);
2046
if(errno != 0 or tmp == arg or *tmp != '\0'
2047
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2048
argp_error(state, "Bad number of DH bits");
2049
}
2050
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2051
break;
2052
case 130: /* --priority */
2053
mc.priority = arg;
2054
break;
2055
case 131: /* --delay */
2056
errno = 0;
2057
delay = strtof(arg, &tmp);
2058
if(errno != 0 or tmp == arg or *tmp != '\0'){
2059
argp_error(state, "Bad delay");
2060
}
2061
case 132: /* --retry */
2062
errno = 0;
2063
retry_interval = strtod(arg, &tmp);
2064
if(errno != 0 or tmp == arg or *tmp != '\0'
2065
or (retry_interval * 1000) > INT_MAX
2066
or retry_interval < 0){
2067
argp_error(state, "Bad retry interval");
2068
}
2069
break;
2070
case 133: /* --network-hook-dir */
2071
hookdir = arg;
2072
break;
2073
/*
2074
* These reproduce what we would get without ARGP_NO_HELP
2075
*/
2076
case '?': /* --help */
2077
argp_state_help(state, state->out_stream,
2078
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2079
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2080
case -3: /* --usage */
2081
argp_state_help(state, state->out_stream,
2082
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2083
case 'V': /* --version */
2084
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2085
exit(argp_err_exit_status);
2086
break;
2087
default:
2088
return ARGP_ERR_UNKNOWN;
2089
}
2090
return errno;
2091
}
2092
2093
struct argp argp = { .options = options, .parser = parse_opt,
2094
.args_doc = "",
2095
.doc = "Mandos client -- Get and decrypt"
2096
" passwords from a Mandos server" };
2097
ret = argp_parse(&argp, argc, argv,
2098
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2099
switch(ret){
2100
case 0:
2101
break;
2102
case ENOMEM:
2103
default:
2104
errno = ret;
2105
perror_plus("argp_parse");
2106
exitcode = EX_OSERR;
2107
goto end;
2108
case EINVAL:
2109
exitcode = EX_USAGE;
2110
goto end;
2111
}
2112
}
2113
2114
{
2115
/* Work around Debian bug #633582:
2116
<http://bugs.debian.org/633582> */
2117
2118
/* Re-raise privileges */
2119
ret_errno = raise_privileges();
2120
if(ret_errno != 0){
2121
errno = ret_errno;
2122
perror_plus("Failed to raise privileges");
2123
} else {
2124
struct stat st;
2125
2126
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2127
int seckey_fd = open(seckey, O_RDONLY);
2128
if(seckey_fd == -1){
2129
perror_plus("open");
2130
} else {
2131
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2132
if(ret == -1){
2133
perror_plus("fstat");
2134
} else {
2135
if(S_ISREG(st.st_mode)
2136
and st.st_uid == 0 and st.st_gid == 0){
2137
ret = fchown(seckey_fd, uid, gid);
2138
if(ret == -1){
2139
perror_plus("fchown");
2140
}
2141
}
2142
}
2143
TEMP_FAILURE_RETRY(close(seckey_fd));
2144
}
2145
}
2146
2147
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2148
int pubkey_fd = open(pubkey, O_RDONLY);
2149
if(pubkey_fd == -1){
2150
perror_plus("open");
2151
} else {
2152
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2153
if(ret == -1){
2154
perror_plus("fstat");
2155
} else {
2156
if(S_ISREG(st.st_mode)
2157
and st.st_uid == 0 and st.st_gid == 0){
2158
ret = fchown(pubkey_fd, uid, gid);
2159
if(ret == -1){
2160
perror_plus("fchown");
2161
}
2162
}
2163
}
2164
TEMP_FAILURE_RETRY(close(pubkey_fd));
2165
}
2166
}
2167
2168
/* Lower privileges */
2169
ret_errno = lower_privileges();
2170
if(ret_errno != 0){
2171
errno = ret_errno;
2172
perror_plus("Failed to lower privileges");
2173
}
2174
}
2175
}
2176
2177
/* Remove invalid interface names (except "none") */
2178
{
2179
char *interface = NULL;
2180
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2181
interface))){
2182
if(strcmp(interface, "none") != 0
2183
and if_nametoindex(interface) == 0){
2184
if(interface[0] != '\0'){
2185
fprintf_plus(stderr, "Not using nonexisting interface"
2186
" \"%s\"\n", interface);
2187
}
2188
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2189
interface = NULL;
2190
}
2191
}
2192
}
2193
2194
/* Run network hooks */
2195
{
2196
if(mc.interfaces != NULL){
2197
interfaces_hooks = malloc(mc.interfaces_size);
2198
if(interfaces_hooks == NULL){
2199
perror_plus("malloc");
2200
goto end;
2201
}
2202
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2203
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2204
}
2205
run_network_hooks("start", interfaces_hooks != NULL ?
2206
interfaces_hooks : "", delay);
2207
}
2208
2209
if(not debug){
2210
avahi_set_log_function(empty_log);
2211
}
2212
2213
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2214
from the signal handler */
2215
/* Initialize the pseudo-RNG for Avahi */
2216
srand((unsigned int) time(NULL));
2217
simple_poll = avahi_simple_poll_new();
2218
if(simple_poll == NULL){
2219
fprintf_plus(stderr,
2220
"Avahi: Failed to create simple poll object.\n");
2221
exitcode = EX_UNAVAILABLE;
2222
goto end;
2223
}
2224
2225
sigemptyset(&sigterm_action.sa_mask);
2226
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2227
if(ret == -1){
2228
perror_plus("sigaddset");
2229
exitcode = EX_OSERR;
2230
goto end;
2231
}
2232
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2233
if(ret == -1){
2234
perror_plus("sigaddset");
2235
exitcode = EX_OSERR;
2236
goto end;
2237
}
2238
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2239
if(ret == -1){
2240
perror_plus("sigaddset");
2241
exitcode = EX_OSERR;
2242
goto end;
2243
}
2244
/* Need to check if the handler is SIG_IGN before handling:
2245
| [[info:libc:Initial Signal Actions]] |
2246
| [[info:libc:Basic Signal Handling]] |
2247
*/
2248
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2249
if(ret == -1){
2250
perror_plus("sigaction");
2251
return EX_OSERR;
2252
}
2253
if(old_sigterm_action.sa_handler != SIG_IGN){
2254
ret = sigaction(SIGINT, &sigterm_action, NULL);
2255
if(ret == -1){
2256
perror_plus("sigaction");
2257
exitcode = EX_OSERR;
2258
goto end;
2259
}
2260
}
2261
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2262
if(ret == -1){
2263
perror_plus("sigaction");
2264
return EX_OSERR;
2265
}
2266
if(old_sigterm_action.sa_handler != SIG_IGN){
2267
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2268
if(ret == -1){
2269
perror_plus("sigaction");
2270
exitcode = EX_OSERR;
2271
goto end;
2272
}
2273
}
2274
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2275
if(ret == -1){
2276
perror_plus("sigaction");
2277
return EX_OSERR;
2278
}
2279
if(old_sigterm_action.sa_handler != SIG_IGN){
2280
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2281
if(ret == -1){
2282
perror_plus("sigaction");
2283
exitcode = EX_OSERR;
2284
goto end;
2285
}
2286
}
2287
2288
/* If no interfaces were specified, make a list */
2289
if(mc.interfaces == NULL){
2290
struct dirent **direntries;
2291
/* Look for any good interfaces */
2292
ret = scandir(sys_class_net, &direntries, good_interface,
2293
alphasort);
2294
if(ret >= 1){
2295
/* Add all found interfaces to interfaces list */
2296
for(int i = 0; i < ret; ++i){
2297
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2298
direntries[i]->d_name);
2299
if(ret_errno != 0){
2300
errno = ret_errno;
2301
perror_plus("argz_add");
2302
continue;
2303
}
2304
if(debug){
2305
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2306
direntries[i]->d_name);
2307
}
2308
}
2309
free(direntries);
2310
} else {
2311
free(direntries);
2312
fprintf_plus(stderr, "Could not find a network interface\n");
2313
exitcode = EXIT_FAILURE;
2314
goto end;
2315
}
2316
}
2317
2318
/* Bring up interfaces which are down, and remove any "none"s */
2319
{
2320
char *interface = NULL;
2321
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2322
interface))){
2323
/* If interface name is "none", stop bringing up interfaces.
2324
Also remove all instances of "none" from the list */
2325
if(strcmp(interface, "none") == 0){
2326
argz_delete(&mc.interfaces, &mc.interfaces_size,
2327
interface);
2328
interface = NULL;
2329
while((interface = argz_next(mc.interfaces,
2330
mc.interfaces_size, interface))){
2331
if(strcmp(interface, "none") == 0){
2332
argz_delete(&mc.interfaces, &mc.interfaces_size,
2333
interface);
2334
interface = NULL;
2335
}
2336
}
2337
break;
2338
}
2339
bool interface_was_up = interface_is_up(interface);
2340
errno = bring_up_interface(interface, delay);
2341
if(not interface_was_up){
2342
if(errno != 0){
2343
perror_plus("Failed to bring up interface");
2344
} else {
2345
errno = argz_add(&interfaces_to_take_down,
2346
&interfaces_to_take_down_size,
2347
interface);
2348
if(errno != 0){
2349
perror_plus("argz_add");
2350
}
2351
}
2352
}
2353
}
2354
if(debug and (interfaces_to_take_down == NULL)){
2355
fprintf_plus(stderr, "No interfaces were brought up\n");
2356
}
2357
}
2358
2359
/* If we only got one interface, explicitly use only that one */
2360
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2361
if(debug){
2362
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2363
mc.interfaces);
2364
}
2365
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2366
}
2367
2368
if(quit_now){
2369
goto end;
2370
}
2371
2372
ret = init_gnutls_global(pubkey, seckey, &mc);
2373
if(ret == -1){
2374
fprintf_plus(stderr, "init_gnutls_global failed\n");
2375
exitcode = EX_UNAVAILABLE;
2376
goto end;
2377
} else {
2378
gnutls_initialized = true;
2379
}
2380
2381
if(quit_now){
2382
goto end;
2383
}
2384
2385
/* Try /run/tmp before /tmp */
2386
tempdir = mkdtemp(run_tempdir);
2387
if(tempdir == NULL and errno == ENOENT){
2388
if(debug){
2389
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2390
run_tempdir, old_tempdir);
2391
}
2392
tempdir = mkdtemp(old_tempdir);
2393
}
2394
if(tempdir == NULL){
2395
perror_plus("mkdtemp");
2396
goto end;
2397
}
2398
2399
if(quit_now){
2400
goto end;
2401
}
2402
2403
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2404
fprintf_plus(stderr, "init_gpgme failed\n");
2405
exitcode = EX_UNAVAILABLE;
2406
goto end;
2407
} else {
2408
gpgme_initialized = true;
2409
}
2410
2411
if(quit_now){
2412
goto end;
2413
}
2414
2415
if(connect_to != NULL){
2416
/* Connect directly, do not use Zeroconf */
2417
/* (Mainly meant for debugging) */
2418
char *address = strrchr(connect_to, ':');
2419
2420
if(address == NULL){
2421
fprintf_plus(stderr, "No colon in address\n");
2422
exitcode = EX_USAGE;
2423
goto end;
2424
}
2425
2426
if(quit_now){
2427
goto end;
2428
}
2429
2430
in_port_t port;
2431
errno = 0;
2432
tmpmax = strtoimax(address+1, &tmp, 10);
2433
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2434
or tmpmax != (in_port_t)tmpmax){
2435
fprintf_plus(stderr, "Bad port number\n");
2436
exitcode = EX_USAGE;
2437
goto end;
2438
}
2439
2440
if(quit_now){
2441
goto end;
2442
}
2443
2444
port = (in_port_t)tmpmax;
2445
*address = '\0';
2446
/* Colon in address indicates IPv6 */
2447
int af;
2448
if(strchr(connect_to, ':') != NULL){
2449
af = AF_INET6;
2450
/* Accept [] around IPv6 address - see RFC 5952 */
2451
if(connect_to[0] == '[' and address[-1] == ']')
2452
{
2453
connect_to++;
2454
address[-1] = '\0';
2455
}
2456
} else {
2457
af = AF_INET;
2458
}
2459
address = connect_to;
2460
2461
if(quit_now){
2462
goto end;
2463
}
2464
2465
while(not quit_now){
2466
ret = start_mandos_communication(address, port, if_index, af,
2467
&mc);
2468
if(quit_now or ret == 0){
2469
break;
2470
}
2471
if(debug){
2472
fprintf_plus(stderr, "Retrying in %d seconds\n",
2473
(int)retry_interval);
2474
}
2475
sleep((unsigned int)retry_interval);
2476
}
2477
2478
if(not quit_now){
2479
exitcode = EXIT_SUCCESS;
2480
}
2481
2482
goto end;
2483
}
2484
2485
if(quit_now){
2486
goto end;
2487
}
2488
2489
{
2490
AvahiServerConfig config;
2491
/* Do not publish any local Zeroconf records */
2492
avahi_server_config_init(&config);
2493
config.publish_hinfo = 0;
2494
config.publish_addresses = 0;
2495
config.publish_workstation = 0;
2496
config.publish_domain = 0;
2497
2498
/* Allocate a new server */
2499
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2500
&config, NULL, NULL, &ret_errno);
2501
2502
/* Free the Avahi configuration data */
2503
avahi_server_config_free(&config);
2504
}
2505
2506
/* Check if creating the Avahi server object succeeded */
2507
if(mc.server == NULL){
2508
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2509
avahi_strerror(ret_errno));
2510
exitcode = EX_UNAVAILABLE;
2511
goto end;
2512
}
2513
2514
if(quit_now){
2515
goto end;
2516
}
2517
2518
/* Create the Avahi service browser */
2519
sb = avahi_s_service_browser_new(mc.server, if_index,
2520
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2521
NULL, 0, browse_callback,
2522
(void *)&mc);
2523
if(sb == NULL){
2524
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2525
avahi_strerror(avahi_server_errno(mc.server)));
2526
exitcode = EX_UNAVAILABLE;
2527
goto end;
2528
}
2529
2530
if(quit_now){
2531
goto end;
2532
}
2533
2534
/* Run the main loop */
2535
2536
if(debug){
2537
fprintf_plus(stderr, "Starting Avahi loop search\n");
2538
}
2539
2540
ret = avahi_loop_with_timeout(simple_poll,
2541
(int)(retry_interval * 1000), &mc);
2542
if(debug){
2543
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2544
(ret == 0) ? "successfully" : "with error");
2545
}
2546
2547
end:
2548
2549
if(debug){
2550
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2551
}
2552
2553
/* Cleanup things */
2554
free(mc.interfaces);
2555
2556
if(sb != NULL)
2557
avahi_s_service_browser_free(sb);
2558
2559
if(mc.server != NULL)
2560
avahi_server_free(mc.server);
2561
2562
if(simple_poll != NULL)
2563
avahi_simple_poll_free(simple_poll);
2564
2565
if(gnutls_initialized){
2566
gnutls_certificate_free_credentials(mc.cred);
2567
gnutls_global_deinit();
2568
gnutls_dh_params_deinit(mc.dh_params);
2569
}
2570
2571
if(gpgme_initialized){
2572
gpgme_release(mc.ctx);
2573
}
2574
2575
/* Cleans up the circular linked list of Mandos servers the client
2576
has seen */
2577
if(mc.current_server != NULL){
2578
mc.current_server->prev->next = NULL;
2579
while(mc.current_server != NULL){
2580
server *next = mc.current_server->next;
2581
free(mc.current_server);
2582
mc.current_server = next;
2583
}
2584
}
2585
2586
/* Re-raise privileges */
2587
{
2588
ret_errno = raise_privileges();
2589
if(ret_errno != 0){
2590
perror_plus("Failed to raise privileges");
2591
} else {
2592
2593
/* Run network hooks */
2594
run_network_hooks("stop", interfaces_hooks != NULL ?
2595
interfaces_hooks : "", delay);
2596
2597
/* Take down the network interfaces which were brought up */
2598
{
2599
char *interface = NULL;
2600
while((interface=argz_next(interfaces_to_take_down,
2601
interfaces_to_take_down_size,
2602
interface))){
2603
ret_errno = take_down_interface(interface);
2604
if(ret_errno != 0){
2605
errno = ret_errno;
2606
perror_plus("Failed to take down interface");
2607
}
2608
}
2609
if(debug and (interfaces_to_take_down == NULL)){
2610
fprintf_plus(stderr, "No interfaces needed to be taken"
2611
" down\n");
2612
}
2613
}
2614
}
2615
2616
ret_errno = lower_privileges_permanently();
2617
if(ret_errno != 0){
2618
perror_plus("Failed to lower privileges permanently");
2619
}
2620
}
2621
2622
free(interfaces_to_take_down);
2623
free(interfaces_hooks);
2624
2625
/* Removes the GPGME temp directory and all files inside */
2626
if(tempdir != NULL){
2627
struct dirent **direntries = NULL;
2628
struct dirent *direntry = NULL;
2629
int numentries = scandir(tempdir, &direntries, notdotentries,
2630
alphasort);
2631
if(numentries > 0){
2632
for(int i = 0; i < numentries; i++){
2633
direntry = direntries[i];
2634
char *fullname = NULL;
2635
ret = asprintf(&fullname, "%s/%s", tempdir,
2636
direntry->d_name);
2637
if(ret < 0){
2638
perror_plus("asprintf");
2639
continue;
2640
}
2641
ret = remove(fullname);
2642
if(ret == -1){
2643
fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2644
strerror(errno));
2645
}
2646
free(fullname);
2647
}
2648
}
2649
2650
/* need to clean even if 0 because man page doesn't specify */
2651
free(direntries);
2652
if(numentries == -1){
2653
perror_plus("scandir");
2654
}
2655
ret = rmdir(tempdir);
2656
if(ret == -1 and errno != ENOENT){
2657
perror_plus("rmdir");
2658
}
2659
}
2660
2661
if(quit_now){
2662
sigemptyset(&old_sigterm_action.sa_mask);
2663
old_sigterm_action.sa_handler = SIG_DFL;
2664
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
2665
&old_sigterm_action,
2666
NULL));
2667
if(ret == -1){
2668
perror_plus("sigaction");
2669
}
2670
do {
2671
ret = raise(signal_received);
2672
} while(ret != 0 and errno == EINTR);
2673
if(ret != 0){
2674
perror_plus("raise");
2675
abort();
2676
}
2677
TEMP_FAILURE_RETRY(pause());
2678
}
2679
2680
return exitcode;
2681
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0