To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.24.1
- compare with another revision
- download diff
- download tarball
- view history from revision 237.24.1
- Committer: Teddy Hogeborn
- Date: 2015-05-23 20:18:34 UTC
- mto: (237.7.304 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150523201834-e89ex4ito93yni8x
mandos: Use multiprocessing module to run checkers.
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2020 Teddy Hogeborn
13
* Copyright © 2008-2020 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
23
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
23
* General Public License for more details.
26
24
*
27
25
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
29
28
*
30
29
* Contact the authors at <mandos@recompile.se>.
31
30
*/
47
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
47
strtof(), abort() */
49
48
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
53
51
#include <sys/ioctl.h> /* ioctl */
54
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
53
sockaddr_in6, PF_INET6,
59
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
58
inet_pton(), connect(),
61
59
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
63
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
62
*/
65
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
64
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
65
#include <errno.h> /* perror(), errno,
72
66
program_invocation_short_name */
73
67
#include <time.h> /* nanosleep(), time(), sleep() */
74
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
123
117
gnutls_*
124
118
init_gnutls_session(),
125
119
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
120
#include <gnutls/openpgp.h>
128
121
/* gnutls_certificate_set_openpgp_key_file(),
129
122
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
135
123
136
124
/* GPGME */
137
125
#include <gpgme.h> /* All GPGME types, constants and
145
133
#define PATHDIR "/conf/conf.d/mandos"
146
134
#define SECKEY "seckey.txt"
147
135
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
136
#define HOOKDIR "/lib/mandos/network-hooks.d"
151
137
152
138
bool debug = false;
280
266
return true;
281
267
}
282
268
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
335
269
/*
336
270
* Initialize GPGME.
337
271
*/
357
291
return false;
358
292
}
359
293
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
400
perror_plus("clock_settime");
401
}
402
ret = lower_privileges();
403
if(ret != 0){
404
errno = ret;
405
perror_plus("Failed to lower privileges");
406
}
407
} while(false);
408
409
294
rc = gpgme_data_new_from_fd(&pgp_data, fd);
410
295
if(rc != GPG_ERR_NO_ERROR){
411
296
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
419
304
gpgme_strsource(rc), gpgme_strerror(rc));
420
305
return false;
421
306
}
422
{
423
gpgme_import_result_t import_result
424
= gpgme_op_import_result(mc->ctx);
425
if((import_result->imported < 1
426
or import_result->not_imported > 0)
427
and import_result->unchanged == 0){
428
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
429
fprintf_plus(stderr,
430
"The total number of considered keys: %d\n",
431
import_result->considered);
432
fprintf_plus(stderr,
433
"The number of keys without user ID: %d\n",
434
import_result->no_user_id);
435
fprintf_plus(stderr,
436
"The total number of imported keys: %d\n",
437
import_result->imported);
438
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
439
import_result->imported_rsa);
440
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
441
import_result->unchanged);
442
fprintf_plus(stderr, "The number of new user IDs: %d\n",
443
import_result->new_user_ids);
444
fprintf_plus(stderr, "The number of new sub keys: %d\n",
445
import_result->new_sub_keys);
446
fprintf_plus(stderr, "The number of new signatures: %d\n",
447
import_result->new_signatures);
448
fprintf_plus(stderr, "The number of new revocations: %d\n",
449
import_result->new_revocations);
450
fprintf_plus(stderr,
451
"The total number of secret keys read: %d\n",
452
import_result->secret_read);
453
fprintf_plus(stderr,
454
"The number of imported secret keys: %d\n",
455
import_result->secret_imported);
456
fprintf_plus(stderr,
457
"The number of unchanged secret keys: %d\n",
458
import_result->secret_unchanged);
459
fprintf_plus(stderr, "The number of keys not imported: %d\n",
460
import_result->not_imported);
461
for(gpgme_import_status_t import_status
462
= import_result->imports;
463
import_status != NULL;
464
import_status = import_status->next){
465
fprintf_plus(stderr, "Import status for key: %s\n",
466
import_status->fpr);
467
if(import_status->result != GPG_ERR_NO_ERROR){
468
fprintf_plus(stderr, "Import result: %s: %s\n",
469
gpgme_strsource(import_status->result),
470
gpgme_strerror(import_status->result));
471
}
472
fprintf_plus(stderr, "Key status:\n");
473
fprintf_plus(stderr,
474
import_status->status & GPGME_IMPORT_NEW
475
? "The key was new.\n"
476
: "The key was not new.\n");
477
fprintf_plus(stderr,
478
import_status->status & GPGME_IMPORT_UID
479
? "The key contained new user IDs.\n"
480
: "The key did not contain new user IDs.\n");
481
fprintf_plus(stderr,
482
import_status->status & GPGME_IMPORT_SIG
483
? "The key contained new signatures.\n"
484
: "The key did not contain new signatures.\n");
485
fprintf_plus(stderr,
486
import_status->status & GPGME_IMPORT_SUBKEY
487
? "The key contained new sub keys.\n"
488
: "The key did not contain new sub keys.\n");
489
fprintf_plus(stderr,
490
import_status->status & GPGME_IMPORT_SECRET
491
? "The key contained a secret key.\n"
492
: "The key did not contain a secret key.\n");
493
}
494
return false;
495
}
496
}
497
307
498
ret = close(fd);
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
309
if(ret == -1){
500
310
perror_plus("close");
501
311
}
540
350
/* Create new GPGME "context" */
541
351
rc = gpgme_new(&(mc->ctx));
542
352
if(rc != GPG_ERR_NO_ERROR){
543
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
544
gpgme_strsource(rc), gpgme_strerror(rc));
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
545
356
return false;
546
357
}
547
358
583
394
/* Create new empty GPGME data buffer for the plaintext */
584
395
rc = gpgme_data_new(&dh_plain);
585
396
if(rc != GPG_ERR_NO_ERROR){
586
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
587
399
gpgme_strsource(rc), gpgme_strerror(rc));
588
400
gpgme_data_release(dh_crypto);
589
401
return -1;
602
414
if(result == NULL){
603
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
604
416
} else {
605
if(result->unsupported_algorithm != NULL) {
606
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
607
result->unsupported_algorithm);
608
}
609
fprintf_plus(stderr, "Wrong key usage: %s\n",
610
result->wrong_key_usage ? "Yes" : "No");
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
611
421
if(result->file_name != NULL){
612
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
613
423
}
614
615
for(gpgme_recipient_t r = result->recipients; r != NULL;
616
r = r->next){
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
617
427
fprintf_plus(stderr, "Public key algorithm: %s\n",
618
gpgme_pubkey_algo_name(r->pubkey_algo));
619
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
620
431
fprintf_plus(stderr, "Secret key available: %s\n",
621
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
622
435
}
623
436
}
624
437
}
700
513
fprintf_plus(stderr, "GnuTLS: %s", string);
701
514
}
702
515
703
__attribute__((nonnull(1, 2, 4), warn_unused_result))
516
__attribute__((nonnull, warn_unused_result))
704
517
static int init_gnutls_global(const char *pubkeyfilename,
705
518
const char *seckeyfilename,
706
const char *dhparamsfilename,
707
519
mandos_context *mc){
708
520
int ret;
521
unsigned int uret;
709
522
710
523
if(debug){
711
524
fprintf_plus(stderr, "Initializing GnuTLS\n");
712
525
}
713
526
527
ret = gnutls_global_init();
528
if(ret != GNUTLS_E_SUCCESS){
529
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
530
safer_gnutls_strerror(ret));
531
return -1;
532
}
533
714
534
if(debug){
715
535
/* "Use a log level over 10 to enable all debugging options."
716
536
* - GnuTLS manual
724
544
if(ret != GNUTLS_E_SUCCESS){
725
545
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
726
546
safer_gnutls_strerror(ret));
547
gnutls_global_deinit();
727
548
return -1;
728
549
}
729
550
730
551
if(debug){
731
fprintf_plus(stderr, "Attempting to use public key %s and"
732
" private key %s as GnuTLS credentials\n",
552
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
553
" secret key %s as GnuTLS credentials\n",
733
554
pubkeyfilename,
734
555
seckeyfilename);
735
556
}
736
557
737
#if GNUTLS_VERSION_NUMBER >= 0x030606
738
ret = gnutls_certificate_set_rawpk_key_file
739
(mc->cred, pubkeyfilename, seckeyfilename,
740
GNUTLS_X509_FMT_PEM, /* format */
741
NULL, /* pass */
742
/* key_usage */
743
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
744
NULL, /* names */
745
0, /* names_length */
746
/* privkey_flags */
747
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
748
0); /* pkcs11_flags */
749
#elif GNUTLS_VERSION_NUMBER < 0x030600
750
558
ret = gnutls_certificate_set_openpgp_key_file
751
559
(mc->cred, pubkeyfilename, seckeyfilename,
752
560
GNUTLS_OPENPGP_FMT_BASE64);
753
#else
754
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
755
#endif
756
561
if(ret != GNUTLS_E_SUCCESS){
757
562
fprintf_plus(stderr,
758
"Error[%d] while reading the key pair ('%s',"
563
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
564
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
760
565
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
761
566
safer_gnutls_strerror(ret));
770
575
safer_gnutls_strerror(ret));
771
576
goto globalfail;
772
577
}
773
/* If a Diffie-Hellman parameters file was given, try to use it */
774
if(dhparamsfilename != NULL){
775
gnutls_datum_t params = { .data = NULL, .size = 0 };
776
do {
777
int dhpfile = open(dhparamsfilename, O_RDONLY);
778
if(dhpfile == -1){
779
perror_plus("open");
780
dhparamsfilename = NULL;
781
break;
782
}
783
size_t params_capacity = 0;
578
if(mc->dh_bits == 0){
579
/* Find out the optimal number of DH bits */
580
/* Try to read the private key file */
581
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
582
{
583
int secfile = open(seckeyfilename, O_RDONLY);
584
size_t buffer_capacity = 0;
784
585
while(true){
785
params_capacity = incbuffer((char **)¶ms.data,
786
(size_t)params.size,
787
(size_t)params_capacity);
788
if(params_capacity == 0){
586
buffer_capacity = incbuffer((char **)&buffer.data,
587
(size_t)buffer.size,
588
(size_t)buffer_capacity);
589
if(buffer_capacity == 0){
789
590
perror_plus("incbuffer");
790
free(params.data);
791
params.data = NULL;
792
dhparamsfilename = NULL;
591
free(buffer.data);
592
buffer.data = NULL;
793
593
break;
794
594
}
795
ssize_t bytes_read = read(dhpfile,
796
params.data + params.size,
595
ssize_t bytes_read = read(secfile, buffer.data + buffer.size,
797
596
BUFFER_SIZE);
798
597
/* EOF */
799
598
if(bytes_read == 0){
802
601
/* check bytes_read for failure */
803
602
if(bytes_read < 0){
804
603
perror_plus("read");
805
free(params.data);
806
params.data = NULL;
807
dhparamsfilename = NULL;
808
break;
809
}
810
params.size += (unsigned int)bytes_read;
811
}
812
ret = close(dhpfile);
813
if(ret == -1){
814
perror_plus("close");
815
}
816
if(params.data == NULL){
817
dhparamsfilename = NULL;
818
}
819
if(dhparamsfilename == NULL){
820
break;
821
}
822
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
823
GNUTLS_X509_FMT_PEM);
824
if(ret != GNUTLS_E_SUCCESS){
825
fprintf_plus(stderr, "Failed to parse DH parameters in file"
826
" \"%s\": %s\n", dhparamsfilename,
827
safer_gnutls_strerror(ret));
828
dhparamsfilename = NULL;
829
}
830
free(params.data);
831
} while(false);
832
}
833
if(dhparamsfilename == NULL){
834
if(mc->dh_bits == 0){
835
#if GNUTLS_VERSION_NUMBER < 0x030600
836
/* Find out the optimal number of DH bits */
837
/* Try to read the private key file */
838
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
839
do {
840
int secfile = open(seckeyfilename, O_RDONLY);
841
if(secfile == -1){
842
perror_plus("open");
843
break;
844
}
845
size_t buffer_capacity = 0;
846
while(true){
847
buffer_capacity = incbuffer((char **)&buffer.data,
848
(size_t)buffer.size,
849
(size_t)buffer_capacity);
850
if(buffer_capacity == 0){
851
perror_plus("incbuffer");
852
free(buffer.data);
853
buffer.data = NULL;
854
break;
855
}
856
ssize_t bytes_read = read(secfile,
857
buffer.data + buffer.size,
858
BUFFER_SIZE);
859
/* EOF */
860
if(bytes_read == 0){
861
break;
862
}
863
/* check bytes_read for failure */
864
if(bytes_read < 0){
865
perror_plus("read");
866
free(buffer.data);
867
buffer.data = NULL;
868
break;
869
}
870
buffer.size += (unsigned int)bytes_read;
871
}
872
close(secfile);
873
} while(false);
874
/* If successful, use buffer to parse private key */
875
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
876
if(buffer.data != NULL){
877
{
878
gnutls_openpgp_privkey_t privkey = NULL;
879
ret = gnutls_openpgp_privkey_init(&privkey);
604
free(buffer.data);
605
buffer.data = NULL;
606
break;
607
}
608
buffer.size += (unsigned int)bytes_read;
609
}
610
close(secfile);
611
}
612
/* If successful, use buffer to parse private key */
613
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
614
if(buffer.data != NULL){
615
{
616
gnutls_openpgp_privkey_t privkey = NULL;
617
ret = gnutls_openpgp_privkey_init(&privkey);
618
if(ret != GNUTLS_E_SUCCESS){
619
fprintf_plus(stderr, "Error initializing OpenPGP key"
620
" structure: %s", safer_gnutls_strerror(ret));
621
free(buffer.data);
622
buffer.data = NULL;
623
} else {
624
ret = gnutls_openpgp_privkey_import(privkey, &buffer,
625
GNUTLS_OPENPGP_FMT_BASE64,
626
"", 0);
880
627
if(ret != GNUTLS_E_SUCCESS){
881
fprintf_plus(stderr, "Error initializing OpenPGP key"
882
" structure: %s",
628
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
883
629
safer_gnutls_strerror(ret));
884
free(buffer.data);
885
buffer.data = NULL;
886
} else {
887
ret = gnutls_openpgp_privkey_import
888
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
889
if(ret != GNUTLS_E_SUCCESS){
890
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
891
safer_gnutls_strerror(ret));
892
privkey = NULL;
893
}
894
free(buffer.data);
895
buffer.data = NULL;
896
if(privkey != NULL){
897
/* Use private key to suggest an appropriate
898
sec_param */
899
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
900
gnutls_openpgp_privkey_deinit(privkey);
901
if(debug){
902
fprintf_plus(stderr, "This OpenPGP key implies using"
903
" a GnuTLS security parameter \"%s\".\n",
904
safe_string(gnutls_sec_param_get_name
905
(sec_param)));
906
}
907
}
630
privkey = NULL;
908
631
}
909
}
910
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
911
/* Err on the side of caution */
912
sec_param = GNUTLS_SEC_PARAM_ULTRA;
913
if(debug){
914
fprintf_plus(stderr, "Falling back to security parameter"
915
" \"%s\"\n",
916
safe_string(gnutls_sec_param_get_name
917
(sec_param)));
632
free(buffer.data);
633
buffer.data = NULL;
634
if(privkey != NULL){
635
/* Use private key to suggest an appropriate sec_param */
636
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
637
gnutls_openpgp_privkey_deinit(privkey);
638
if(debug){
639
fprintf_plus(stderr, "This OpenPGP key implies using a"
640
" GnuTLS security parameter \"%s\".\n",
641
safe_string(gnutls_sec_param_get_name
642
(sec_param)));
643
}
918
644
}
919
645
}
920
646
}
921
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
922
if(uret != 0){
923
mc->dh_bits = uret;
647
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
648
/* Err on the side of caution */
649
sec_param = GNUTLS_SEC_PARAM_ULTRA;
924
650
if(debug){
925
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
926
" implies %u DH bits; using that.\n",
651
fprintf_plus(stderr, "Falling back to security parameter"
652
" \"%s\"\n",
927
653
safe_string(gnutls_sec_param_get_name
928
(sec_param)),
929
mc->dh_bits);
654
(sec_param)));
930
655
}
931
} else {
932
fprintf_plus(stderr, "Failed to get implied number of DH"
933
" bits for security parameter \"%s\"): %s\n",
656
}
657
}
658
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
659
if(uret != 0){
660
mc->dh_bits = uret;
661
if(debug){
662
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
663
" implies %u DH bits; using that.\n",
934
664
safe_string(gnutls_sec_param_get_name
935
665
(sec_param)),
936
safer_gnutls_strerror(ret));
937
goto globalfail;
938
}
939
#endif
940
} else { /* dh_bits != 0 */
941
if(debug){
942
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
943
666
mc->dh_bits);
944
667
}
945
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
946
if(ret != GNUTLS_E_SUCCESS){
947
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
948
" bits): %s\n", mc->dh_bits,
949
safer_gnutls_strerror(ret));
950
goto globalfail;
951
}
952
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
668
} else {
669
fprintf_plus(stderr, "Failed to get implied number of DH"
670
" bits for security parameter \"%s\"): %s\n",
671
safe_string(gnutls_sec_param_get_name(sec_param)),
672
safer_gnutls_strerror(ret));
673
goto globalfail;
953
674
}
954
}
675
} else if(debug){
676
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
677
mc->dh_bits);
678
}
679
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"
682
" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));
683
goto globalfail;
684
}
685
686
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
955
687
956
688
return 0;
957
689
958
690
globalfail:
959
691
960
692
gnutls_certificate_free_credentials(mc->cred);
693
gnutls_global_deinit();
961
694
gnutls_dh_params_deinit(mc->dh_params);
962
695
return -1;
963
696
}
968
701
int ret;
969
702
/* GnuTLS session creation */
970
703
do {
971
ret = gnutls_init(session, (GNUTLS_SERVER
972
#if GNUTLS_VERSION_NUMBER >= 0x030506
973
| GNUTLS_NO_TICKETS
974
#endif
975
#if GNUTLS_VERSION_NUMBER >= 0x030606
976
| GNUTLS_ENABLE_RAWPK
977
#endif
978
));
704
ret = gnutls_init(session, GNUTLS_SERVER);
979
705
if(quit_now){
980
706
return -1;
981
707
}
1022
748
/* ignore client certificate if any. */
1023
749
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
1024
750
751
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
752
1025
753
return 0;
1026
754
}
1027
755
1029
757
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1030
758
__attribute__((unused)) const char *txt){}
1031
759
1032
/* Helper function to add_local_route() and delete_local_route() */
1033
__attribute__((nonnull, warn_unused_result))
1034
static bool add_delete_local_route(const bool add,
1035
const char *address,
1036
AvahiIfIndex if_index){
1037
int ret;
1038
char helper[] = "mandos-client-iprouteadddel";
1039
char add_arg[] = "add";
1040
char delete_arg[] = "delete";
1041
char debug_flag[] = "--debug";
1042
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1043
if(pluginhelperdir == NULL){
1044
if(debug){
1045
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1046
" variable not set; cannot run helper\n");
1047
}
1048
return false;
1049
}
1050
1051
char interface[IF_NAMESIZE];
1052
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1053
perror_plus("if_indextoname");
1054
return false;
1055
}
1056
1057
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1058
if(devnull == -1){
1059
perror_plus("open(\"/dev/null\", O_RDONLY)");
1060
return false;
1061
}
1062
pid_t pid = fork();
1063
if(pid == 0){
1064
/* Child */
1065
/* Raise privileges */
1066
errno = raise_privileges_permanently();
1067
if(errno != 0){
1068
perror_plus("Failed to raise privileges");
1069
/* _exit(EX_NOPERM); */
1070
} else {
1071
/* Set group */
1072
errno = 0;
1073
ret = setgid(0);
1074
if(ret == -1){
1075
perror_plus("setgid");
1076
close(devnull);
1077
_exit(EX_NOPERM);
1078
}
1079
/* Reset supplementary groups */
1080
errno = 0;
1081
ret = setgroups(0, NULL);
1082
if(ret == -1){
1083
perror_plus("setgroups");
1084
close(devnull);
1085
_exit(EX_NOPERM);
1086
}
1087
}
1088
ret = dup2(devnull, STDIN_FILENO);
1089
if(ret == -1){
1090
perror_plus("dup2(devnull, STDIN_FILENO)");
1091
close(devnull);
1092
_exit(EX_OSERR);
1093
}
1094
ret = close(devnull);
1095
if(ret == -1){
1096
perror_plus("close");
1097
}
1098
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1099
if(ret == -1){
1100
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1101
_exit(EX_OSERR);
1102
}
1103
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1104
O_RDONLY
1105
| O_DIRECTORY
1106
| O_PATH
1107
| O_CLOEXEC));
1108
if(helperdir_fd == -1){
1109
perror_plus("open");
1110
_exit(EX_UNAVAILABLE);
1111
}
1112
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1113
helper, O_RDONLY));
1114
if(helper_fd == -1){
1115
perror_plus("openat");
1116
close(helperdir_fd);
1117
_exit(EX_UNAVAILABLE);
1118
}
1119
close(helperdir_fd);
1120
#ifdef __GNUC__
1121
#pragma GCC diagnostic push
1122
#pragma GCC diagnostic ignored "-Wcast-qual"
1123
#endif
1124
if(fexecve(helper_fd, (char *const [])
1125
{ helper, add ? add_arg : delete_arg, (char *)address,
1126
interface, debug ? debug_flag : NULL, NULL },
1127
environ) == -1){
1128
#ifdef __GNUC__
1129
#pragma GCC diagnostic pop
1130
#endif
1131
perror_plus("fexecve");
1132
_exit(EXIT_FAILURE);
1133
}
1134
}
1135
if(pid == -1){
1136
perror_plus("fork");
1137
close(devnull);
1138
return false;
1139
}
1140
ret = close(devnull);
1141
if(ret == -1){
1142
perror_plus("close");
1143
}
1144
int status;
1145
pid_t pret = -1;
1146
errno = 0;
1147
do {
1148
pret = waitpid(pid, &status, 0);
1149
if(pret == -1 and errno == EINTR and quit_now){
1150
int errno_raising = 0;
1151
if((errno = raise_privileges()) != 0){
1152
errno_raising = errno;
1153
perror_plus("Failed to raise privileges in order to"
1154
" kill helper program");
1155
}
1156
if(kill(pid, SIGTERM) == -1){
1157
perror_plus("kill");
1158
}
1159
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1160
perror_plus("Failed to lower privileges after killing"
1161
" helper program");
1162
}
1163
return false;
1164
}
1165
} while(pret == -1 and errno == EINTR);
1166
if(pret == -1){
1167
perror_plus("waitpid");
1168
return false;
1169
}
1170
if(WIFEXITED(status)){
1171
if(WEXITSTATUS(status) != 0){
1172
fprintf_plus(stderr, "Error: iprouteadddel exited"
1173
" with status %d\n", WEXITSTATUS(status));
1174
return false;
1175
}
1176
return true;
1177
}
1178
if(WIFSIGNALED(status)){
1179
fprintf_plus(stderr, "Error: iprouteadddel died by"
1180
" signal %d\n", WTERMSIG(status));
1181
return false;
1182
}
1183
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1184
return false;
1185
}
1186
1187
__attribute__((nonnull, warn_unused_result))
1188
static bool add_local_route(const char *address,
1189
AvahiIfIndex if_index){
1190
if(debug){
1191
fprintf_plus(stderr, "Adding route to %s\n", address);
1192
}
1193
return add_delete_local_route(true, address, if_index);
1194
}
1195
1196
__attribute__((nonnull, warn_unused_result))
1197
static bool delete_local_route(const char *address,
1198
AvahiIfIndex if_index){
1199
if(debug){
1200
fprintf_plus(stderr, "Removing route to %s\n", address);
1201
}
1202
return add_delete_local_route(false, address, if_index);
1203
}
1204
1205
760
/* Called when a Mandos server is found */
1206
761
__attribute__((nonnull, warn_unused_result))
1207
762
static int start_mandos_communication(const char *ip, in_port_t port,
1218
773
int retval = -1;
1219
774
gnutls_session_t session;
1220
775
int pf; /* Protocol family */
1221
bool route_added = false;
1222
776
1223
777
errno = 0;
1224
778
1246
800
bool match = false;
1247
801
{
1248
802
char *interface = NULL;
1249
while((interface = argz_next(mc->interfaces,
1250
mc->interfaces_size,
1251
interface))){
803
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
804
interface))){
1252
805
if(if_nametoindex(interface) == (unsigned int)if_index){
1253
806
match = true;
1254
807
break;
1283
836
PRIuMAX "\n", ip, (uintmax_t)port);
1284
837
}
1285
838
1286
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
839
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
840
if(tcp_sd < 0){
1288
841
int e = errno;
1289
842
perror_plus("socket");
1296
849
goto mandos_end;
1297
850
}
1298
851
852
memset(&to, 0, sizeof(to));
1299
853
if(af == AF_INET6){
1300
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1301
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1302
ret = inet_pton(af, ip, &to6->sin6_addr);
854
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
855
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1303
856
} else { /* IPv4 */
1304
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1305
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1306
ret = inet_pton(af, ip, &to4->sin_addr);
857
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
858
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1307
859
}
1308
860
if(ret < 0 ){
1309
861
int e = errno;
1379
931
goto mandos_end;
1380
932
}
1381
933
1382
while(true){
1383
if(af == AF_INET6){
1384
ret = connect(tcp_sd, (struct sockaddr *)&to,
1385
sizeof(struct sockaddr_in6));
1386
} else {
1387
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1388
sizeof(struct sockaddr_in));
1389
}
1390
if(ret < 0){
1391
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1392
and if_index != AVAHI_IF_UNSPEC
1393
and connect_to == NULL
1394
and not route_added and
1395
((af == AF_INET6 and not
1396
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1397
&to)->sin6_addr)))
1398
or (af == AF_INET and
1399
/* Not a a IPv4LL address */
1400
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1401
& 0xFFFF0000L) != 0xA9FE0000L))){
1402
/* Work around Avahi bug - Avahi does not announce link-local
1403
addresses if it has a global address, so local hosts with
1404
*only* a link-local address (e.g. Mandos clients) cannot
1405
connect to a Mandos server announced by Avahi on a server
1406
host with a global address. Work around this by retrying
1407
with an explicit route added with the server's address.
1408
1409
Avahi bug reference:
1410
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1411
https://bugs.debian.org/587961
1412
*/
1413
if(debug){
1414
fprintf_plus(stderr, "Mandos server unreachable, trying"
1415
" direct route\n");
1416
}
1417
int e = errno;
1418
route_added = add_local_route(ip, if_index);
1419
if(route_added){
1420
continue;
1421
}
1422
errno = e;
1423
}
1424
if(errno != ECONNREFUSED or debug){
1425
int e = errno;
1426
perror_plus("connect");
1427
errno = e;
1428
}
1429
goto mandos_end;
1430
}
1431
1432
if(quit_now){
1433
errno = EINTR;
1434
goto mandos_end;
1435
}
1436
break;
934
if(af == AF_INET6){
935
ret = connect(tcp_sd, (struct sockaddr *)&to,
936
sizeof(struct sockaddr_in6));
937
} else {
938
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
939
sizeof(struct sockaddr_in));
940
}
941
if(ret < 0){
942
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
943
int e = errno;
944
perror_plus("connect");
945
errno = e;
946
}
947
goto mandos_end;
948
}
949
950
if(quit_now){
951
errno = EINTR;
952
goto mandos_end;
1437
953
}
1438
954
1439
955
const char *out = mandos_protocol_version;
1593
1109
&decrypted_buffer, mc);
1594
1110
if(decrypted_buffer_size >= 0){
1595
1111
1596
clearerr(stdout);
1597
1112
written = 0;
1598
1113
while(written < (size_t) decrypted_buffer_size){
1599
1114
if(quit_now){
1615
1130
}
1616
1131
written += (size_t)ret;
1617
1132
}
1618
ret = fflush(stdout);
1619
if(ret != 0){
1620
int e = errno;
1621
if(debug){
1622
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1623
strerror(errno));
1624
}
1625
errno = e;
1626
goto mandos_end;
1627
}
1628
1133
retval = 0;
1629
1134
}
1630
1135
}
1633
1138
1634
1139
mandos_end:
1635
1140
{
1636
if(route_added){
1637
if(not delete_local_route(ip, if_index)){
1638
fprintf_plus(stderr, "Failed to delete local route to %s on"
1639
" interface %d", ip, if_index);
1640
}
1641
}
1642
1141
int e = errno;
1643
1142
free(decrypted_buffer);
1644
1143
free(buffer);
1645
1144
if(tcp_sd >= 0){
1646
ret = close(tcp_sd);
1145
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
1146
}
1648
1147
if(ret == -1){
1649
1148
if(e == 0){
1661
1160
return retval;
1662
1161
}
1663
1162
1163
__attribute__((nonnull))
1664
1164
static void resolve_callback(AvahiSServiceResolver *r,
1665
1165
AvahiIfIndex interface,
1666
1166
AvahiProtocol proto,
1803
1303
__attribute__((nonnull, warn_unused_result))
1804
1304
bool get_flags(const char *ifname, struct ifreq *ifr){
1805
1305
int ret;
1806
int old_errno;
1306
error_t ret_errno;
1807
1307
1808
1308
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1809
1309
if(s < 0){
1810
old_errno = errno;
1310
ret_errno = errno;
1811
1311
perror_plus("socket");
1812
errno = old_errno;
1312
errno = ret_errno;
1813
1313
return false;
1814
1314
}
1815
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1816
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1315
strcpy(ifr->ifr_name, ifname);
1817
1316
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1818
1317
if(ret == -1){
1819
1318
if(debug){
1820
old_errno = errno;
1319
ret_errno = errno;
1821
1320
perror_plus("ioctl SIOCGIFFLAGS");
1822
errno = old_errno;
1823
}
1824
if((close(s) == -1) and debug){
1825
old_errno = errno;
1826
perror_plus("close");
1827
errno = old_errno;
1321
errno = ret_errno;
1828
1322
}
1829
1323
return false;
1830
1324
}
1831
if((close(s) == -1) and debug){
1832
old_errno = errno;
1833
perror_plus("close");
1834
errno = old_errno;
1835
}
1836
1325
return true;
1837
1326
}
1838
1327
2080
1569
}
2081
1570
}
2082
1571
1572
/* Set effective uid to 0, return errno */
1573
__attribute__((warn_unused_result))
1574
error_t raise_privileges(void){
1575
error_t old_errno = errno;
1576
error_t ret_errno = 0;
1577
if(seteuid(0) == -1){
1578
ret_errno = errno;
1579
}
1580
errno = old_errno;
1581
return ret_errno;
1582
}
1583
1584
/* Set effective and real user ID to 0. Return errno. */
1585
__attribute__((warn_unused_result))
1586
error_t raise_privileges_permanently(void){
1587
error_t old_errno = errno;
1588
error_t ret_errno = raise_privileges();
1589
if(ret_errno != 0){
1590
errno = old_errno;
1591
return ret_errno;
1592
}
1593
if(setuid(0) == -1){
1594
ret_errno = errno;
1595
}
1596
errno = old_errno;
1597
return ret_errno;
1598
}
1599
1600
/* Set effective user ID to unprivileged saved user ID */
1601
__attribute__((warn_unused_result))
1602
error_t lower_privileges(void){
1603
error_t old_errno = errno;
1604
error_t ret_errno = 0;
1605
if(seteuid(uid) == -1){
1606
ret_errno = errno;
1607
}
1608
errno = old_errno;
1609
return ret_errno;
1610
}
1611
1612
/* Lower privileges permanently */
1613
__attribute__((warn_unused_result))
1614
error_t lower_privileges_permanently(void){
1615
error_t old_errno = errno;
1616
error_t ret_errno = 0;
1617
if(setuid(uid) == -1){
1618
ret_errno = errno;
1619
}
1620
errno = old_errno;
1621
return ret_errno;
1622
}
1623
2083
1624
__attribute__((nonnull))
2084
1625
void run_network_hooks(const char *mode, const char *interface,
2085
1626
const float delay){
2086
1627
struct dirent **direntries = NULL;
2087
1628
if(hookdir_fd == -1){
2088
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2089
| O_CLOEXEC);
1629
hookdir_fd = open(hookdir, O_RDONLY);
2090
1630
if(hookdir_fd == -1){
2091
1631
if(errno == ENOENT){
2092
1632
if(debug){
2099
1639
return;
2100
1640
}
2101
1641
}
2102
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2103
if(devnull == -1){
2104
perror_plus("open(\"/dev/null\", O_RDONLY)");
2105
return;
2106
}
1642
#ifdef __GLIBC__
1643
#if __GLIBC_PREREQ(2, 15)
2107
1644
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2108
1645
runnable_hook, alphasort);
1646
#else /* not __GLIBC_PREREQ(2, 15) */
1647
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1648
alphasort);
1649
#endif /* not __GLIBC_PREREQ(2, 15) */
1650
#else /* not __GLIBC__ */
1651
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1652
alphasort);
1653
#endif /* not __GLIBC__ */
2109
1654
if(numhooks == -1){
2110
1655
perror_plus("scandir");
2111
close(devnull);
2112
1656
return;
2113
1657
}
2114
1658
struct dirent *direntry;
2115
1659
int ret;
1660
int devnull = open("/dev/null", O_RDONLY);
2116
1661
for(int i = 0; i < numhooks; i++){
2117
1662
direntry = direntries[i];
2118
1663
if(debug){
2142
1687
perror_plus("setgroups");
2143
1688
_exit(EX_NOPERM);
2144
1689
}
1690
ret = dup2(devnull, STDIN_FILENO);
1691
if(ret == -1){
1692
perror_plus("dup2(devnull, STDIN_FILENO)");
1693
_exit(EX_OSERR);
1694
}
1695
ret = close(devnull);
1696
if(ret == -1){
1697
perror_plus("close");
1698
_exit(EX_OSERR);
1699
}
1700
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1701
if(ret == -1){
1702
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1703
_exit(EX_OSERR);
1704
}
2145
1705
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2146
1706
if(ret == -1){
2147
1707
perror_plus("setenv");
2182
1742
_exit(EX_OSERR);
2183
1743
}
2184
1744
}
2185
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2186
direntry->d_name,
2187
O_RDONLY));
1745
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2188
1746
if(hook_fd == -1){
2189
1747
perror_plus("openat");
2190
1748
_exit(EXIT_FAILURE);
2191
1749
}
2192
if(close(hookdir_fd) == -1){
1750
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2193
1751
perror_plus("close");
2194
1752
_exit(EXIT_FAILURE);
2195
1753
}
2196
ret = dup2(devnull, STDIN_FILENO);
2197
if(ret == -1){
2198
perror_plus("dup2(devnull, STDIN_FILENO)");
2199
_exit(EX_OSERR);
2200
}
2201
ret = close(devnull);
2202
if(ret == -1){
2203
perror_plus("close");
2204
_exit(EX_OSERR);
2205
}
2206
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2207
if(ret == -1){
2208
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2209
_exit(EX_OSERR);
2210
}
2211
1754
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2212
1755
environ) == -1){
2213
1756
perror_plus("fexecve");
2253
1796
free(direntry);
2254
1797
}
2255
1798
free(direntries);
2256
if(close(hookdir_fd) == -1){
1799
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2257
1800
perror_plus("close");
2258
1801
} else {
2259
1802
hookdir_fd = -1;
2262
1805
}
2263
1806
2264
1807
__attribute__((nonnull, warn_unused_result))
2265
int bring_up_interface(const char *const interface,
2266
const float delay){
2267
int old_errno = errno;
1808
error_t bring_up_interface(const char *const interface,
1809
const float delay){
1810
error_t old_errno = errno;
2268
1811
int ret;
2269
1812
struct ifreq network;
2270
1813
unsigned int if_index = if_nametoindex(interface);
2280
1823
}
2281
1824
2282
1825
if(not interface_is_up(interface)){
2283
int ret_errno = 0;
2284
int ioctl_errno = 0;
1826
error_t ret_errno = 0, ioctl_errno = 0;
2285
1827
if(not get_flags(interface, &network)){
2286
1828
ret_errno = errno;
2287
1829
fprintf_plus(stderr, "Failed to get flags for interface "
2300
1842
}
2301
1843
2302
1844
if(quit_now){
2303
ret = close(sd);
1845
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2304
1846
if(ret == -1){
2305
1847
perror_plus("close");
2306
1848
}
2356
1898
}
2357
1899
2358
1900
/* Close the socket */
2359
ret = close(sd);
1901
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
1902
if(ret == -1){
2361
1903
perror_plus("close");
2362
1904
}
2374
1916
2375
1917
/* Sleep checking until interface is running.
2376
1918
Check every 0.25s, up to total time of delay */
2377
for(int i = 0; i < delay * 4; i++){
1919
for(int i=0; i < delay * 4; i++){
2378
1920
if(interface_is_running(interface)){
2379
1921
break;
2380
1922
}
2390
1932
}
2391
1933
2392
1934
__attribute__((nonnull, warn_unused_result))
2393
int take_down_interface(const char *const interface){
2394
int old_errno = errno;
1935
error_t take_down_interface(const char *const interface){
1936
error_t old_errno = errno;
2395
1937
struct ifreq network;
2396
1938
unsigned int if_index = if_nametoindex(interface);
2397
1939
if(if_index == 0){
2400
1942
return ENXIO;
2401
1943
}
2402
1944
if(interface_is_up(interface)){
2403
int ret_errno = 0;
2404
int ioctl_errno = 0;
1945
error_t ret_errno = 0, ioctl_errno = 0;
2405
1946
if(not get_flags(interface, &network) and debug){
2406
1947
ret_errno = errno;
2407
1948
fprintf_plus(stderr, "Failed to get flags for interface "
2445
1986
}
2446
1987
2447
1988
/* Close the socket */
2448
int ret = close(sd);
1989
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
1990
if(ret == -1){
2450
1991
perror_plus("close");
2451
1992
}
2467
2008
2468
2009
int main(int argc, char *argv[]){
2469
2010
mandos_context mc = { .server = NULL, .dh_bits = 0,
2470
#if GNUTLS_VERSION_NUMBER >= 0x030606
2471
.priority = "SECURE128:!CTYPE-X.509"
2472
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2473
":%PROFILE_ULTRA",
2474
#elif GNUTLS_VERSION_NUMBER < 0x030600
2475
.priority = "SECURE256:!CTYPE-X.509"
2476
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2477
#else
2478
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2479
#endif
2480
.current_server = NULL, .interfaces = NULL,
2481
.interfaces_size = 0 };
2011
.priority = "SECURE256:!CTYPE-X.509:"
2012
"+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2013
.interfaces = NULL, .interfaces_size = 0 };
2482
2014
AvahiSServiceBrowser *sb = NULL;
2483
2015
error_t ret_errno;
2484
2016
int ret;
2493
2025
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2494
2026
const char *seckey = PATHDIR "/" SECKEY;
2495
2027
const char *pubkey = PATHDIR "/" PUBKEY;
2496
#if GNUTLS_VERSION_NUMBER >= 0x030606
2497
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2498
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2499
#endif
2500
const char *dh_params_file = NULL;
2501
2028
char *interfaces_hooks = NULL;
2502
2029
2503
2030
bool gnutls_initialized = false;
2550
2077
{ .name = "pubkey", .key = 'p',
2551
2078
.arg = "FILE",
2552
2079
.doc = "OpenPGP public key file base name",
2553
.group = 1 },
2554
{ .name = "tls-privkey", .key = 't',
2555
.arg = "FILE",
2556
#if GNUTLS_VERSION_NUMBER >= 0x030606
2557
.doc = "TLS private key file base name",
2558
#else
2559
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2560
#endif
2561
.group = 1 },
2562
{ .name = "tls-pubkey", .key = 'T',
2563
.arg = "FILE",
2564
#if GNUTLS_VERSION_NUMBER >= 0x030606
2565
.doc = "TLS public key file base name",
2566
#else
2567
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2568
#endif
2569
.group = 1 },
2080
.group = 2 },
2570
2081
{ .name = "dh-bits", .key = 129,
2571
2082
.arg = "BITS",
2572
2083
.doc = "Bit length of the prime number used in the"
2573
2084
" Diffie-Hellman key exchange",
2574
2085
.group = 2 },
2575
{ .name = "dh-params", .key = 134,
2576
.arg = "FILE",
2577
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2578
" for the Diffie-Hellman key exchange",
2579
.group = 2 },
2580
2086
{ .name = "priority", .key = 130,
2581
2087
.arg = "STRING",
2582
2088
.doc = "GnuTLS priority string for the TLS handshake",
2628
2134
case 'p': /* --pubkey */
2629
2135
pubkey = arg;
2630
2136
break;
2631
case 't': /* --tls-privkey */
2632
#if GNUTLS_VERSION_NUMBER >= 0x030606
2633
tls_privkey = arg;
2634
#endif
2635
break;
2636
case 'T': /* --tls-pubkey */
2637
#if GNUTLS_VERSION_NUMBER >= 0x030606
2638
tls_pubkey = arg;
2639
#endif
2640
break;
2641
2137
case 129: /* --dh-bits */
2642
2138
errno = 0;
2643
2139
tmpmax = strtoimax(arg, &tmp, 10);
2647
2143
}
2648
2144
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2649
2145
break;
2650
case 134: /* --dh-params */
2651
dh_params_file = arg;
2652
break;
2653
2146
case 130: /* --priority */
2654
2147
mc.priority = arg;
2655
2148
break;
2678
2171
argp_state_help(state, state->out_stream,
2679
2172
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2680
2173
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2681
__builtin_unreachable();
2682
2174
case -3: /* --usage */
2683
2175
argp_state_help(state, state->out_stream,
2684
2176
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2685
__builtin_unreachable();
2686
2177
case 'V': /* --version */
2687
2178
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2688
2179
exit(argp_err_exit_status);
2697
2188
.args_doc = "",
2698
2189
.doc = "Mandos client -- Get and decrypt"
2699
2190
" passwords from a Mandos server" };
2700
ret_errno = argp_parse(&argp, argc, argv,
2701
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2702
switch(ret_errno){
2191
ret = argp_parse(&argp, argc, argv,
2192
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2193
switch(ret){
2703
2194
case 0:
2704
2195
break;
2705
2196
case ENOMEM:
2706
2197
default:
2707
errno = ret_errno;
2198
errno = ret;
2708
2199
perror_plus("argp_parse");
2709
2200
exitcode = EX_OSERR;
2710
2201
goto end;
2713
2204
goto end;
2714
2205
}
2715
2206
}
2716
2207
2717
2208
{
2718
2209
/* Work around Debian bug #633582:
2719
<https://bugs.debian.org/633582> */
2210
<http://bugs.debian.org/633582> */
2720
2211
2721
2212
/* Re-raise privileges */
2722
ret = raise_privileges();
2723
if(ret != 0){
2724
errno = ret;
2213
ret_errno = raise_privileges();
2214
if(ret_errno != 0){
2215
errno = ret_errno;
2725
2216
perror_plus("Failed to raise privileges");
2726
2217
} else {
2727
2218
struct stat st;
2743
2234
}
2744
2235
}
2745
2236
}
2746
close(seckey_fd);
2237
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
2238
}
2748
2239
}
2749
2240
2750
2241
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2751
2242
int pubkey_fd = open(pubkey, O_RDONLY);
2752
2243
if(pubkey_fd == -1){
2764
2255
}
2765
2256
}
2766
2257
}
2767
close(pubkey_fd);
2768
}
2769
}
2770
2771
if(dh_params_file != NULL
2772
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2773
int dhparams_fd = open(dh_params_file, O_RDONLY);
2774
if(dhparams_fd == -1){
2775
perror_plus("open");
2776
} else {
2777
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2778
if(ret == -1){
2779
perror_plus("fstat");
2780
} else {
2781
if(S_ISREG(st.st_mode)
2782
and st.st_uid == 0 and st.st_gid == 0){
2783
ret = fchown(dhparams_fd, uid, gid);
2784
if(ret == -1){
2785
perror_plus("fchown");
2786
}
2787
}
2788
}
2789
close(dhparams_fd);
2790
}
2791
}
2792
2258
TEMP_FAILURE_RETRY(close(pubkey_fd));
2259
}
2260
}
2261
2793
2262
/* Lower privileges */
2794
ret = lower_privileges();
2795
if(ret != 0){
2796
errno = ret;
2263
ret_errno = lower_privileges();
2264
if(ret_errno != 0){
2265
errno = ret_errno;
2797
2266
perror_plus("Failed to lower privileges");
2798
2267
}
2799
2268
}
2969
2438
errno = bring_up_interface(interface, delay);
2970
2439
if(not interface_was_up){
2971
2440
if(errno != 0){
2972
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2973
" %s\n", interface, strerror(errno));
2441
perror_plus("Failed to bring up interface");
2974
2442
} else {
2975
2443
errno = argz_add(&interfaces_to_take_down,
2976
2444
&interfaces_to_take_down_size,
2999
2467
goto end;
3000
2468
}
3001
2469
3002
#if GNUTLS_VERSION_NUMBER >= 0x030606
3003
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3004
#elif GNUTLS_VERSION_NUMBER < 0x030600
3005
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3006
#else
3007
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3008
#endif
2470
ret = init_gnutls_global(pubkey, seckey, &mc);
3009
2471
if(ret == -1){
3010
2472
fprintf_plus(stderr, "init_gnutls_global failed\n");
3011
2473
exitcode = EX_UNAVAILABLE;
3133
2595
3134
2596
/* Allocate a new server */
3135
2597
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3136
&config, NULL, NULL, &ret);
2598
&config, NULL, NULL, &ret_errno);
3137
2599
3138
2600
/* Free the Avahi configuration data */
3139
2601
avahi_server_config_free(&config);
3142
2604
/* Check if creating the Avahi server object succeeded */
3143
2605
if(mc.server == NULL){
3144
2606
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3145
avahi_strerror(ret));
2607
avahi_strerror(ret_errno));
3146
2608
exitcode = EX_UNAVAILABLE;
3147
2609
goto end;
3148
2610
}
3183
2645
end:
3184
2646
3185
2647
if(debug){
3186
if(signal_received){
3187
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3188
argv[0], signal_received,
3189
strsignal(signal_received));
3190
} else {
3191
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3192
}
2648
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
2649
}
3194
2650
3195
2651
/* Cleanup things */
3206
2662
3207
2663
if(gnutls_initialized){
3208
2664
gnutls_certificate_free_credentials(mc.cred);
2665
gnutls_global_deinit();
3209
2666
gnutls_dh_params_deinit(mc.dh_params);
3210
2667
}
3211
2668
3234
2691
3235
2692
/* Re-raise privileges */
3236
2693
{
3237
ret = raise_privileges();
3238
if(ret != 0){
3239
errno = ret;
2694
ret_errno = raise_privileges();
2695
if(ret_errno != 0){
2696
errno = ret_errno;
3240
2697
perror_plus("Failed to raise privileges");
3241
2698
} else {
3242
2699
3247
2704
/* Take down the network interfaces which were brought up */
3248
2705
{
3249
2706
char *interface = NULL;
3250
while((interface = argz_next(interfaces_to_take_down,
3251
interfaces_to_take_down_size,
3252
interface))){
3253
ret = take_down_interface(interface);
3254
if(ret != 0){
3255
errno = ret;
2707
while((interface=argz_next(interfaces_to_take_down,
2708
interfaces_to_take_down_size,
2709
interface))){
2710
ret_errno = take_down_interface(interface);
2711
if(ret_errno != 0){
2712
errno = ret_errno;
3256
2713
perror_plus("Failed to take down interface");
3257
2714
}
3258
2715
}
3263
2720
}
3264
2721
}
3265
2722
3266
ret = lower_privileges_permanently();
3267
if(ret != 0){
3268
errno = ret;
2723
ret_errno = lower_privileges_permanently();
2724
if(ret_errno != 0){
2725
errno = ret_errno;
3269
2726
perror_plus("Failed to lower privileges permanently");
3270
2727
}
3271
2728
}
3273
2730
free(interfaces_to_take_down);
3274
2731
free(interfaces_hooks);
3275
2732
3276
void clean_dir_at(int base, const char * const dirname,
3277
uintmax_t level){
3278
struct dirent **direntries = NULL;
3279
int dret;
3280
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3281
O_RDONLY
3282
| O_NOFOLLOW
3283
| O_DIRECTORY
3284
| O_PATH));
3285
if(dir_fd == -1){
3286
perror_plus("open");
3287
return;
3288
}
3289
int numentries = scandirat(dir_fd, ".", &direntries,
3290
notdotentries, alphasort);
3291
if(numentries >= 0){
3292
for(int i = 0; i < numentries; i++){
3293
if(debug){
3294
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3295
dirname, direntries[i]->d_name);
3296
}
3297
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3298
if(dret == -1){
3299
if(errno == EISDIR){
3300
dret = unlinkat(dir_fd, direntries[i]->d_name,
3301
AT_REMOVEDIR);
3302
}
3303
if((dret == -1) and (errno == ENOTEMPTY)
3304
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3305
== 0) and (level == 0)){
3306
/* Recurse only in this special case */
3307
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3308
dret = 0;
3309
}
3310
if((dret == -1) and (errno != ENOENT)){
3311
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3312
direntries[i]->d_name, strerror(errno));
3313
}
3314
}
3315
free(direntries[i]);
3316
}
3317
3318
/* need to clean even if 0 because man page doesn't specify */
3319
free(direntries);
3320
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3321
if(dret == -1 and errno != ENOENT){
3322
perror_plus("rmdir");
3323
}
3324
} else {
3325
perror_plus("scandirat");
3326
}
3327
close(dir_fd);
3328
}
3329
3330
2733
/* Removes the GPGME temp directory and all files inside */
3331
2734
if(tempdir != NULL){
3332
clean_dir_at(-1, tempdir, 0);
2735
struct dirent **direntries = NULL;
2736
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2737
O_NOFOLLOW));
2738
if(tempdir_fd == -1){
2739
perror_plus("open");
2740
} else {
2741
#ifdef __GLIBC__
2742
#if __GLIBC_PREREQ(2, 15)
2743
int numentries = scandirat(tempdir_fd, ".", &direntries,
2744
notdotentries, alphasort);
2745
#else /* not __GLIBC_PREREQ(2, 15) */
2746
int numentries = scandir(tempdir, &direntries, notdotentries,
2747
alphasort);
2748
#endif /* not __GLIBC_PREREQ(2, 15) */
2749
#else /* not __GLIBC__ */
2750
int numentries = scandir(tempdir, &direntries, notdotentries,
2751
alphasort);
2752
#endif /* not __GLIBC__ */
2753
if(numentries >= 0){
2754
for(int i = 0; i < numentries; i++){
2755
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2756
if(ret == -1){
2757
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2758
" \"%s\", 0): %s\n", tempdir,
2759
direntries[i]->d_name, strerror(errno));
2760
}
2761
free(direntries[i]);
2762
}
2763
2764
/* need to clean even if 0 because man page doesn't specify */
2765
free(direntries);
2766
if(numentries == -1){
2767
perror_plus("scandir");
2768
}
2769
ret = rmdir(tempdir);
2770
if(ret == -1 and errno != ENOENT){
2771
perror_plus("rmdir");
2772
}
2773
}
2774
TEMP_FAILURE_RETRY(close(tempdir_fd));
2775
}
3333
2776
}
3334
2777
3335
2778
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0