(root)/mandos/release
» Revision
237.24.1
(compared to revision 237.7.314)
: plugins.d/mandos-client.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.24.1
- compare with another revision
- download diff
- download tarball
- view history from revision 237.24.1
- Committer: Teddy Hogeborn
- Date: 2015-05-23 20:18:34 UTC
- mto: (237.7.304 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150523201834-e89ex4ito93yni8x
mandos: Use multiprocessing module to run checkers.
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
- files removed:
- plugin-helpers
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
516
516
__attribute__((nonnull, warn_unused_result))
517
517
static int init_gnutls_global(const char *pubkeyfilename,
518
518
const char *seckeyfilename,
519
const char *dhparamsfilename,
520
519
mandos_context *mc){
521
520
int ret;
522
521
unsigned int uret;
576
575
safer_gnutls_strerror(ret));
577
576
goto globalfail;
578
577
}
579
/* If a Diffie-Hellman parameters file was given, try to use it */
580
if(dhparamsfilename != NULL){
581
gnutls_datum_t params = { .data = NULL, .size = 0 };
582
do {
583
int dhpfile = open(dhparamsfilename, O_RDONLY);
584
if(dhpfile == -1){
585
perror_plus("open");
586
dhparamsfilename = NULL;
587
break;
588
}
589
size_t params_capacity = 0;
578
if(mc->dh_bits == 0){
579
/* Find out the optimal number of DH bits */
580
/* Try to read the private key file */
581
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
582
{
583
int secfile = open(seckeyfilename, O_RDONLY);
584
size_t buffer_capacity = 0;
590
585
while(true){
591
params_capacity = incbuffer((char **)¶ms.data,
592
(size_t)params.size,
593
(size_t)params_capacity);
594
if(params_capacity == 0){
586
buffer_capacity = incbuffer((char **)&buffer.data,
587
(size_t)buffer.size,
588
(size_t)buffer_capacity);
589
if(buffer_capacity == 0){
595
590
perror_plus("incbuffer");
596
free(params.data);
597
params.data = NULL;
598
dhparamsfilename = NULL;
591
free(buffer.data);
592
buffer.data = NULL;
599
593
break;
600
594
}
601
ssize_t bytes_read = read(dhpfile,
602
params.data + params.size,
595
ssize_t bytes_read = read(secfile, buffer.data + buffer.size,
603
596
BUFFER_SIZE);
604
597
/* EOF */
605
598
if(bytes_read == 0){
608
601
/* check bytes_read for failure */
609
602
if(bytes_read < 0){
610
603
perror_plus("read");
611
free(params.data);
612
params.data = NULL;
613
dhparamsfilename = NULL;
614
break;
615
}
616
params.size += (unsigned int)bytes_read;
617
}
618
if(params.data == NULL){
619
dhparamsfilename = NULL;
620
}
621
if(dhparamsfilename == NULL){
622
break;
623
}
624
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
625
GNUTLS_X509_FMT_PEM);
626
if(ret != GNUTLS_E_SUCCESS){
627
fprintf_plus(stderr, "Failed to parse DH parameters in file"
628
" \"%s\": %s\n", dhparamsfilename,
629
safer_gnutls_strerror(ret));
630
dhparamsfilename = NULL;
631
}
632
} while(false);
633
}
634
if(dhparamsfilename == NULL){
635
if(mc->dh_bits == 0){
636
/* Find out the optimal number of DH bits */
637
/* Try to read the private key file */
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
639
do {
640
int secfile = open(seckeyfilename, O_RDONLY);
641
if(secfile == -1){
642
perror_plus("open");
643
break;
644
}
645
size_t buffer_capacity = 0;
646
while(true){
647
buffer_capacity = incbuffer((char **)&buffer.data,
648
(size_t)buffer.size,
649
(size_t)buffer_capacity);
650
if(buffer_capacity == 0){
651
perror_plus("incbuffer");
652
free(buffer.data);
653
buffer.data = NULL;
654
break;
655
}
656
ssize_t bytes_read = read(secfile,
657
buffer.data + buffer.size,
658
BUFFER_SIZE);
659
/* EOF */
660
if(bytes_read == 0){
661
break;
662
}
663
/* check bytes_read for failure */
664
if(bytes_read < 0){
665
perror_plus("read");
666
free(buffer.data);
667
buffer.data = NULL;
668
break;
669
}
670
buffer.size += (unsigned int)bytes_read;
671
}
672
close(secfile);
673
} while(false);
674
/* If successful, use buffer to parse private key */
675
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
676
if(buffer.data != NULL){
677
{
678
gnutls_openpgp_privkey_t privkey = NULL;
679
ret = gnutls_openpgp_privkey_init(&privkey);
604
free(buffer.data);
605
buffer.data = NULL;
606
break;
607
}
608
buffer.size += (unsigned int)bytes_read;
609
}
610
close(secfile);
611
}
612
/* If successful, use buffer to parse private key */
613
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
614
if(buffer.data != NULL){
615
{
616
gnutls_openpgp_privkey_t privkey = NULL;
617
ret = gnutls_openpgp_privkey_init(&privkey);
618
if(ret != GNUTLS_E_SUCCESS){
619
fprintf_plus(stderr, "Error initializing OpenPGP key"
620
" structure: %s", safer_gnutls_strerror(ret));
621
free(buffer.data);
622
buffer.data = NULL;
623
} else {
624
ret = gnutls_openpgp_privkey_import(privkey, &buffer,
625
GNUTLS_OPENPGP_FMT_BASE64,
626
"", 0);
680
627
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error initializing OpenPGP key"
682
" structure: %s",
628
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
683
629
safer_gnutls_strerror(ret));
684
free(buffer.data);
685
buffer.data = NULL;
686
} else {
687
ret = gnutls_openpgp_privkey_import
688
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
689
if(ret != GNUTLS_E_SUCCESS){
690
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
691
safer_gnutls_strerror(ret));
692
privkey = NULL;
693
}
694
free(buffer.data);
695
buffer.data = NULL;
696
if(privkey != NULL){
697
/* Use private key to suggest an appropriate
698
sec_param */
699
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
700
gnutls_openpgp_privkey_deinit(privkey);
701
if(debug){
702
fprintf_plus(stderr, "This OpenPGP key implies using"
703
" a GnuTLS security parameter \"%s\".\n",
704
safe_string(gnutls_sec_param_get_name
705
(sec_param)));
706
}
707
}
630
privkey = NULL;
708
631
}
709
}
710
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
711
/* Err on the side of caution */
712
sec_param = GNUTLS_SEC_PARAM_ULTRA;
713
if(debug){
714
fprintf_plus(stderr, "Falling back to security parameter"
715
" \"%s\"\n",
716
safe_string(gnutls_sec_param_get_name
717
(sec_param)));
632
free(buffer.data);
633
buffer.data = NULL;
634
if(privkey != NULL){
635
/* Use private key to suggest an appropriate sec_param */
636
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
637
gnutls_openpgp_privkey_deinit(privkey);
638
if(debug){
639
fprintf_plus(stderr, "This OpenPGP key implies using a"
640
" GnuTLS security parameter \"%s\".\n",
641
safe_string(gnutls_sec_param_get_name
642
(sec_param)));
643
}
718
644
}
719
645
}
720
646
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
if(uret != 0){
723
mc->dh_bits = uret;
647
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
648
/* Err on the side of caution */
649
sec_param = GNUTLS_SEC_PARAM_ULTRA;
724
650
if(debug){
725
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
726
" implies %u DH bits; using that.\n",
651
fprintf_plus(stderr, "Falling back to security parameter"
652
" \"%s\"\n",
727
653
safe_string(gnutls_sec_param_get_name
728
(sec_param)),
729
mc->dh_bits);
654
(sec_param)));
730
655
}
731
} else {
732
fprintf_plus(stderr, "Failed to get implied number of DH"
733
" bits for security parameter \"%s\"): %s\n",
656
}
657
}
658
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
659
if(uret != 0){
660
mc->dh_bits = uret;
661
if(debug){
662
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
663
" implies %u DH bits; using that.\n",
734
664
safe_string(gnutls_sec_param_get_name
735
665
(sec_param)),
736
safer_gnutls_strerror(ret));
737
goto globalfail;
666
mc->dh_bits);
738
667
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
668
} else {
669
fprintf_plus(stderr, "Failed to get implied number of DH"
670
" bits for security parameter \"%s\"): %s\n",
671
safe_string(gnutls_sec_param_get_name(sec_param)),
747
672
safer_gnutls_strerror(ret));
748
673
goto globalfail;
749
674
}
750
}
675
} else if(debug){
676
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
677
mc->dh_bits);
678
}
679
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"
682
" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));
683
goto globalfail;
684
}
685
751
686
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
752
687
753
688
return 0;
813
748
/* ignore client certificate if any. */
814
749
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
815
750
751
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
752
816
753
return 0;
817
754
}
818
755
820
757
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
821
758
__attribute__((unused)) const char *txt){}
822
759
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
/* Helper function to add_local_route() and delete_local_route() */
876
__attribute__((nonnull, warn_unused_result))
877
static bool add_delete_local_route(const bool add,
878
const char *address,
879
AvahiIfIndex if_index){
880
int ret;
881
char helper[] = "mandos-client-iprouteadddel";
882
char add_arg[] = "add";
883
char delete_arg[] = "delete";
884
char debug_flag[] = "--debug";
885
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
886
if(pluginhelperdir == NULL){
887
if(debug){
888
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
889
" variable not set; cannot run helper\n");
890
}
891
return false;
892
}
893
894
char interface[IF_NAMESIZE];
895
if(if_indextoname((unsigned int)if_index, interface) == NULL){
896
perror_plus("if_indextoname");
897
return false;
898
}
899
900
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
901
if(devnull == -1){
902
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
return false;
904
}
905
pid_t pid = fork();
906
if(pid == 0){
907
/* Child */
908
/* Raise privileges */
909
errno = raise_privileges_permanently();
910
if(errno != 0){
911
perror_plus("Failed to raise privileges");
912
/* _exit(EX_NOPERM); */
913
} else {
914
/* Set group */
915
errno = 0;
916
ret = setgid(0);
917
if(ret == -1){
918
perror_plus("setgid");
919
_exit(EX_NOPERM);
920
}
921
/* Reset supplementary groups */
922
errno = 0;
923
ret = setgroups(0, NULL);
924
if(ret == -1){
925
perror_plus("setgroups");
926
_exit(EX_NOPERM);
927
}
928
}
929
ret = dup2(devnull, STDIN_FILENO);
930
if(ret == -1){
931
perror_plus("dup2(devnull, STDIN_FILENO)");
932
_exit(EX_OSERR);
933
}
934
ret = (int)TEMP_FAILURE_RETRY(close(devnull));
935
if(ret == -1){
936
perror_plus("close");
937
_exit(EX_OSERR);
938
}
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
if(ret == -1){
941
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
942
_exit(EX_OSERR);
943
}
944
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
O_RDONLY
946
| O_DIRECTORY
947
| O_PATH
948
| O_CLOEXEC));
949
if(helperdir_fd == -1){
950
perror_plus("open");
951
_exit(EX_UNAVAILABLE);
952
}
953
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
954
helper, O_RDONLY));
955
if(helper_fd == -1){
956
perror_plus("openat");
957
_exit(EX_UNAVAILABLE);
958
}
959
TEMP_FAILURE_RETRY(close(helperdir_fd));
960
#ifdef __GNUC__
961
#pragma GCC diagnostic push
962
#pragma GCC diagnostic ignored "-Wcast-qual"
963
#endif
964
if(fexecve(helper_fd, (char *const [])
965
{ helper, add ? add_arg : delete_arg, (char *)address,
966
interface, debug ? debug_flag : NULL, NULL },
967
environ) == -1){
968
#ifdef __GNUC__
969
#pragma GCC diagnostic pop
970
#endif
971
perror_plus("fexecve");
972
_exit(EXIT_FAILURE);
973
}
974
}
975
if(pid == -1){
976
perror_plus("fork");
977
return false;
978
}
979
int status;
980
pid_t pret = -1;
981
errno = 0;
982
do {
983
pret = waitpid(pid, &status, 0);
984
if(pret == -1 and errno == EINTR and quit_now){
985
int errno_raising = 0;
986
if((errno = raise_privileges()) != 0){
987
errno_raising = errno;
988
perror_plus("Failed to raise privileges in order to"
989
" kill helper program");
990
}
991
if(kill(pid, SIGTERM) == -1){
992
perror_plus("kill");
993
}
994
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
995
perror_plus("Failed to lower privileges after killing"
996
" helper program");
997
}
998
return false;
999
}
1000
} while(pret == -1 and errno == EINTR);
1001
if(pret == -1){
1002
perror_plus("waitpid");
1003
return false;
1004
}
1005
if(WIFEXITED(status)){
1006
if(WEXITSTATUS(status) != 0){
1007
fprintf_plus(stderr, "Error: iprouteadddel exited"
1008
" with status %d\n", WEXITSTATUS(status));
1009
return false;
1010
}
1011
return true;
1012
}
1013
if(WIFSIGNALED(status)){
1014
fprintf_plus(stderr, "Error: iprouteadddel died by"
1015
" signal %d\n", WTERMSIG(status));
1016
return false;
1017
}
1018
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1019
return false;
1020
}
1021
1022
__attribute__((nonnull, warn_unused_result))
1023
static bool add_local_route(const char *address,
1024
AvahiIfIndex if_index){
1025
if(debug){
1026
fprintf_plus(stderr, "Adding route to %s\n", address);
1027
}
1028
return add_delete_local_route(true, address, if_index);
1029
}
1030
1031
__attribute__((nonnull, warn_unused_result))
1032
static bool delete_local_route(const char *address,
1033
AvahiIfIndex if_index){
1034
if(debug){
1035
fprintf_plus(stderr, "Removing route to %s\n", address);
1036
}
1037
return add_delete_local_route(false, address, if_index);
1038
}
1039
1040
760
/* Called when a Mandos server is found */
1041
761
__attribute__((nonnull, warn_unused_result))
1042
762
static int start_mandos_communication(const char *ip, in_port_t port,
1053
773
int retval = -1;
1054
774
gnutls_session_t session;
1055
775
int pf; /* Protocol family */
1056
bool route_added = false;
1057
776
1058
777
errno = 0;
1059
778
1117
836
PRIuMAX "\n", ip, (uintmax_t)port);
1118
837
}
1119
838
1120
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
839
tcp_sd = socket(pf, SOCK_STREAM, 0);
1121
840
if(tcp_sd < 0){
1122
841
int e = errno;
1123
842
perror_plus("socket");
1212
931
goto mandos_end;
1213
932
}
1214
933
1215
while(true){
1216
if(af == AF_INET6){
1217
ret = connect(tcp_sd, (struct sockaddr *)&to,
1218
sizeof(struct sockaddr_in6));
1219
} else {
1220
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1221
sizeof(struct sockaddr_in));
1222
}
1223
if(ret < 0){
1224
if(errno == ENETUNREACH
1225
and if_index != AVAHI_IF_UNSPEC
1226
and connect_to == NULL
1227
and not route_added and
1228
((af == AF_INET6 and not
1229
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1230
&to)->sin6_addr)))
1231
or (af == AF_INET and
1232
/* Not a a IPv4LL address */
1233
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1234
& 0xFFFF0000L) != 0xA9FE0000L))){
1235
/* Work around Avahi bug - Avahi does not announce link-local
1236
addresses if it has a global address, so local hosts with
1237
*only* a link-local address (e.g. Mandos clients) cannot
1238
connect to a Mandos server announced by Avahi on a server
1239
host with a global address. Work around this by retrying
1240
with an explicit route added with the server's address.
1241
1242
Avahi bug reference:
1243
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1244
https://bugs.debian.org/587961
1245
*/
1246
if(debug){
1247
fprintf_plus(stderr, "Mandos server unreachable, trying"
1248
" direct route\n");
1249
}
1250
int e = errno;
1251
route_added = add_local_route(ip, if_index);
1252
if(route_added){
1253
continue;
1254
}
1255
errno = e;
1256
}
1257
if(errno != ECONNREFUSED or debug){
1258
int e = errno;
1259
perror_plus("connect");
1260
errno = e;
1261
}
1262
goto mandos_end;
1263
}
1264
1265
if(quit_now){
1266
errno = EINTR;
1267
goto mandos_end;
1268
}
1269
break;
934
if(af == AF_INET6){
935
ret = connect(tcp_sd, (struct sockaddr *)&to,
936
sizeof(struct sockaddr_in6));
937
} else {
938
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
939
sizeof(struct sockaddr_in));
940
}
941
if(ret < 0){
942
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
943
int e = errno;
944
perror_plus("connect");
945
errno = e;
946
}
947
goto mandos_end;
948
}
949
950
if(quit_now){
951
errno = EINTR;
952
goto mandos_end;
1270
953
}
1271
954
1272
955
const char *out = mandos_protocol_version;
1455
1138
1456
1139
mandos_end:
1457
1140
{
1458
if(route_added){
1459
if(not delete_local_route(ip, if_index)){
1460
fprintf_plus(stderr, "Failed to delete local route to %s on"
1461
" interface %d", ip, if_index);
1462
}
1463
}
1464
1141
int e = errno;
1465
1142
free(decrypted_buffer);
1466
1143
free(buffer);
1892
1569
}
1893
1570
}
1894
1571
1572
/* Set effective uid to 0, return errno */
1573
__attribute__((warn_unused_result))
1574
error_t raise_privileges(void){
1575
error_t old_errno = errno;
1576
error_t ret_errno = 0;
1577
if(seteuid(0) == -1){
1578
ret_errno = errno;
1579
}
1580
errno = old_errno;
1581
return ret_errno;
1582
}
1583
1584
/* Set effective and real user ID to 0. Return errno. */
1585
__attribute__((warn_unused_result))
1586
error_t raise_privileges_permanently(void){
1587
error_t old_errno = errno;
1588
error_t ret_errno = raise_privileges();
1589
if(ret_errno != 0){
1590
errno = old_errno;
1591
return ret_errno;
1592
}
1593
if(setuid(0) == -1){
1594
ret_errno = errno;
1595
}
1596
errno = old_errno;
1597
return ret_errno;
1598
}
1599
1600
/* Set effective user ID to unprivileged saved user ID */
1601
__attribute__((warn_unused_result))
1602
error_t lower_privileges(void){
1603
error_t old_errno = errno;
1604
error_t ret_errno = 0;
1605
if(seteuid(uid) == -1){
1606
ret_errno = errno;
1607
}
1608
errno = old_errno;
1609
return ret_errno;
1610
}
1611
1612
/* Lower privileges permanently */
1613
__attribute__((warn_unused_result))
1614
error_t lower_privileges_permanently(void){
1615
error_t old_errno = errno;
1616
error_t ret_errno = 0;
1617
if(setuid(uid) == -1){
1618
ret_errno = errno;
1619
}
1620
errno = old_errno;
1621
return ret_errno;
1622
}
1623
1895
1624
__attribute__((nonnull))
1896
1625
void run_network_hooks(const char *mode, const char *interface,
1897
1626
const float delay){
1898
1627
struct dirent **direntries = NULL;
1899
1628
if(hookdir_fd == -1){
1900
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1901
| O_CLOEXEC);
1629
hookdir_fd = open(hookdir, O_RDONLY);
1902
1630
if(hookdir_fd == -1){
1903
1631
if(errno == ENOENT){
1904
1632
if(debug){
1929
1657
}
1930
1658
struct dirent *direntry;
1931
1659
int ret;
1932
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1933
if(devnull == -1){
1934
perror_plus("open(\"/dev/null\", O_RDONLY)");
1935
return;
1936
}
1660
int devnull = open("/dev/null", O_RDONLY);
1937
1661
for(int i = 0; i < numhooks; i++){
1938
1662
direntry = direntries[i];
1939
1663
if(debug){
1963
1687
perror_plus("setgroups");
1964
1688
_exit(EX_NOPERM);
1965
1689
}
1690
ret = dup2(devnull, STDIN_FILENO);
1691
if(ret == -1){
1692
perror_plus("dup2(devnull, STDIN_FILENO)");
1693
_exit(EX_OSERR);
1694
}
1695
ret = close(devnull);
1696
if(ret == -1){
1697
perror_plus("close");
1698
_exit(EX_OSERR);
1699
}
1700
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1701
if(ret == -1){
1702
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1703
_exit(EX_OSERR);
1704
}
1966
1705
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1967
1706
if(ret == -1){
1968
1707
perror_plus("setenv");
2003
1742
_exit(EX_OSERR);
2004
1743
}
2005
1744
}
2006
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2007
direntry->d_name,
2008
O_RDONLY));
1745
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2009
1746
if(hook_fd == -1){
2010
1747
perror_plus("openat");
2011
1748
_exit(EXIT_FAILURE);
2014
1751
perror_plus("close");
2015
1752
_exit(EXIT_FAILURE);
2016
1753
}
2017
ret = dup2(devnull, STDIN_FILENO);
2018
if(ret == -1){
2019
perror_plus("dup2(devnull, STDIN_FILENO)");
2020
_exit(EX_OSERR);
2021
}
2022
ret = (int)TEMP_FAILURE_RETRY(close(devnull));
2023
if(ret == -1){
2024
perror_plus("close");
2025
_exit(EX_OSERR);
2026
}
2027
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2028
if(ret == -1){
2029
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2030
_exit(EX_OSERR);
2031
}
2032
1754
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2033
1755
environ) == -1){
2034
1756
perror_plus("fexecve");
2303
2025
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2304
2026
const char *seckey = PATHDIR "/" SECKEY;
2305
2027
const char *pubkey = PATHDIR "/" PUBKEY;
2306
const char *dh_params_file = NULL;
2307
2028
char *interfaces_hooks = NULL;
2308
2029
2309
2030
bool gnutls_initialized = false;
2362
2083
.doc = "Bit length of the prime number used in the"
2363
2084
" Diffie-Hellman key exchange",
2364
2085
.group = 2 },
2365
{ .name = "dh-params", .key = 134,
2366
.arg = "FILE",
2367
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2368
" for the Diffie-Hellman key exchange",
2369
.group = 2 },
2370
2086
{ .name = "priority", .key = 130,
2371
2087
.arg = "STRING",
2372
2088
.doc = "GnuTLS priority string for the TLS handshake",
2427
2143
}
2428
2144
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2429
2145
break;
2430
case 134: /* --dh-params */
2431
dh_params_file = arg;
2432
break;
2433
2146
case 130: /* --priority */
2434
2147
mc.priority = arg;
2435
2148
break;
2491
2204
goto end;
2492
2205
}
2493
2206
}
2494
2207
2495
2208
{
2496
2209
/* Work around Debian bug #633582:
2497
2210
<http://bugs.debian.org/633582> */
2524
2237
TEMP_FAILURE_RETRY(close(seckey_fd));
2525
2238
}
2526
2239
}
2527
2240
2528
2241
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2529
2242
int pubkey_fd = open(pubkey, O_RDONLY);
2530
2243
if(pubkey_fd == -1){
2545
2258
TEMP_FAILURE_RETRY(close(pubkey_fd));
2546
2259
}
2547
2260
}
2548
2549
if(strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2550
int dhparams_fd = open(dh_params_file, O_RDONLY);
2551
if(dhparams_fd == -1){
2552
perror_plus("open");
2553
} else {
2554
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2555
if(ret == -1){
2556
perror_plus("fstat");
2557
} else {
2558
if(S_ISREG(st.st_mode)
2559
and st.st_uid == 0 and st.st_gid == 0){
2560
ret = fchown(dhparams_fd, uid, gid);
2561
if(ret == -1){
2562
perror_plus("fchown");
2563
}
2564
}
2565
}
2566
TEMP_FAILURE_RETRY(close(dhparams_fd));
2567
}
2568
}
2569
2261
2570
2262
/* Lower privileges */
2571
2263
ret_errno = lower_privileges();
2572
2264
if(ret_errno != 0){
2775
2467
goto end;
2776
2468
}
2777
2469
2778
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2470
ret = init_gnutls_global(pubkey, seckey, &mc);
2779
2471
if(ret == -1){
2780
2472
fprintf_plus(stderr, "init_gnutls_global failed\n");
2781
2473
exitcode = EX_UNAVAILABLE;
3041
2733
/* Removes the GPGME temp directory and all files inside */
3042
2734
if(tempdir != NULL){
3043
2735
struct dirent **direntries = NULL;
3044
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3045
| O_NOFOLLOW
3046
| O_DIRECTORY
3047
| O_PATH));
2736
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2737
O_NOFOLLOW));
3048
2738
if(tempdir_fd == -1){
3049
2739
perror_plus("open");
3050
2740
} else {
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0