To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.25.6
- compare with another revision
- download diff
- download tarball
- view history from revision 237.25.6
- Committer: Teddy Hogeborn
- Date: 2015-07-06 20:09:47 UTC
- mto: (237.7.307 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150706200947-w21u4eq74efgl6r5
Fix minor bugs and typos and add some more debug output.
* Makefile (install-client-nokey): Create plugin-helpers directory and
the mandos-client-iprouteadddel
helper program.
* initramfs-tools-hook (PLUGINHELPERDIR): Fix typo.
* plugins.d/mandos-client.c: Change terminology; routes are "deleted",
not "removed". All occurences changed.
(add_remove_local_route): Renamed to "add_delete_local_route". All
callers changed. Also pass "--debug" flag
to helper if in debug mode.
(add_local_route): Add debugging output.
(remove_local_route): Renamed to "delete_local_route". All callers
changed. Also pass "--debug" flag to helper
if in debug mode.
(start_mandos_communication): Add debug output when adding route.
* Makefile (install-client-nokey): Create plugin-helpers directory and
the mandos-client-iprouteadddel
helper program.
* initramfs-tools-hook (PLUGINHELPERDIR): Fix typo.
* plugins.d/mandos-client.c: Change terminology; routes are "deleted",
not "removed". All occurences changed.
(add_remove_local_route): Renamed to "add_delete_local_route". All
callers changed. Also pass "--debug" flag
to helper if in debug mode.
(add_local_route): Add debugging output.
(remove_local_route): Renamed to "delete_local_route". All callers
changed. Also pass "--debug" flag to helper
if in debug mode.
(start_mandos_communication): Add debug output when adding route.
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files removed:
- ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
/***
2
This file is part of avahi.
3
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
8
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
13
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
17
USA.
18
***/
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
* General Public License for more details.
24
*
25
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
*
29
* Contact the authors at <mandos@recompile.se>.
30
*/
19
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
20
34
#define _LARGEFILE_SOURCE
35
#endif /* not _LARGEFILE_SOURCE */
36
#ifndef _FILE_OFFSET_BITS
21
37
#define _FILE_OFFSET_BITS 64
22
23
#include <stdio.h>
24
#include <assert.h>
25
#include <stdlib.h>
26
#include <time.h>
27
#include <net/if.h> /* if_nametoindex */
28
38
#endif /* not _FILE_OFFSET_BITS */
39
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open(), S_ISREG */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect(),
59
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
*/
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
strtoimax() */
65
#include <errno.h> /* perror(), errno,
66
program_invocation_short_name */
67
#include <time.h> /* nanosleep(), time(), sleep() */
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
69
SIOCSIFFLAGS, if_indextoname(),
70
if_nametoindex(), IF_NAMESIZE */
71
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
*/
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit(),
77
unlinkat() */
78
#include <arpa/inet.h> /* inet_pton(), htons() */
79
#include <iso646.h> /* not, or, and */
80
#include <argp.h> /* struct argp_option, error_t, struct
81
argp_state, struct argp,
82
argp_parse(), ARGP_KEY_ARG,
83
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
84
#include <signal.h> /* sigemptyset(), sigaddset(),
85
sigaction(), SIGTERM, sig_atomic_t,
86
raise() */
87
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
88
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
89
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
90
WEXITSTATUS(), WTERMSIG() */
91
#include <grp.h> /* setgroups() */
92
#include <argz.h> /* argz_add_sep(), argz_next(),
93
argz_delete(), argz_append(),
94
argz_stringify(), argz_add(),
95
argz_count() */
96
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
97
EAI_SYSTEM, gai_strerror() */
98
99
#ifdef __linux__
100
#include <sys/klog.h> /* klogctl() */
101
#endif /* __linux__ */
102
103
/* Avahi */
104
/* All Avahi types, constants and functions
105
Avahi*, avahi_*,
106
AVAHI_* */
29
107
#include <avahi-core/core.h>
30
108
#include <avahi-core/lookup.h>
31
109
#include <avahi-core/log.h>
33
111
#include <avahi-common/malloc.h>
34
112
#include <avahi-common/error.h>
35
113
36
//mandos client part
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
41
42
#include <unistd.h> /* close() */
43
#include <netinet/in.h>
44
#include <stdbool.h> /* true */
45
#include <string.h> /* memset */
46
#include <arpa/inet.h> /* inet_pton() */
47
#include <iso646.h> /* not */
48
49
// gpgme
50
#include <errno.h> /* perror() */
51
#include <gpgme.h>
52
53
54
#ifndef CERT_ROOT
55
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
56
#endif
57
#define CERTFILE CERT_ROOT "openpgp-client.txt"
58
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
114
/* GnuTLS */
115
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
116
functions:
117
gnutls_*
118
init_gnutls_session(),
119
GNUTLS_* */
120
#include <gnutls/openpgp.h>
121
/* gnutls_certificate_set_openpgp_key_file(),
122
GNUTLS_OPENPGP_FMT_BASE64 */
123
124
/* GPGME */
125
#include <gpgme.h> /* All GPGME types, constants and
126
functions:
127
gpgme_*
128
GPGME_PROTOCOL_OpenPGP,
129
GPG_ERR_NO_* */
130
59
131
#define BUFFER_SIZE 256
60
#define DH_BITS 1024
61
62
bool debug;
63
132
133
#define PATHDIR "/conf/conf.d/mandos"
134
#define SECKEY "seckey.txt"
135
#define PUBKEY "pubkey.txt"
136
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
138
bool debug = false;
139
static const char mandos_protocol_version[] = "1";
140
const char *argp_program_version = "mandos-client " VERSION;
141
const char *argp_program_bug_address = "<mandos@recompile.se>";
142
static const char sys_class_net[] = "/sys/class/net";
143
char *connect_to = NULL;
144
const char *hookdir = HOOKDIR;
145
int hookdir_fd = -1;
146
uid_t uid = 65534;
147
gid_t gid = 65534;
148
149
/* Doubly linked list that need to be circularly linked when used */
150
typedef struct server{
151
const char *ip;
152
in_port_t port;
153
AvahiIfIndex if_index;
154
int af;
155
struct timespec last_seen;
156
struct server *next;
157
struct server *prev;
158
} server;
159
160
/* Used for passing in values through the Avahi callback functions */
64
161
typedef struct {
65
gnutls_session_t session;
162
AvahiServer *server;
66
163
gnutls_certificate_credentials_t cred;
164
unsigned int dh_bits;
67
165
gnutls_dh_params_t dh_params;
68
} encrypted_session;
69
70
71
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
72
gpgme_data_t dh_crypto, dh_plain;
166
const char *priority;
73
167
gpgme_ctx_t ctx;
168
server *current_server;
169
char *interfaces;
170
size_t interfaces_size;
171
} mandos_context;
172
173
/* global so signal handler can reach it*/
174
AvahiSimplePoll *simple_poll;
175
176
sig_atomic_t quit_now = 0;
177
int signal_received = 0;
178
179
/* Function to use when printing errors */
180
void perror_plus(const char *print_text){
181
int e = errno;
182
fprintf(stderr, "Mandos plugin %s: ",
183
program_invocation_short_name);
184
errno = e;
185
perror(print_text);
186
}
187
188
__attribute__((format (gnu_printf, 2, 3), nonnull))
189
int fprintf_plus(FILE *stream, const char *format, ...){
190
va_list ap;
191
va_start (ap, format);
192
193
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
194
program_invocation_short_name));
195
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
196
}
197
198
/*
199
* Make additional room in "buffer" for at least BUFFER_SIZE more
200
* bytes. "buffer_capacity" is how much is currently allocated,
201
* "buffer_length" is how much is already used.
202
*/
203
__attribute__((nonnull, warn_unused_result))
204
size_t incbuffer(char **buffer, size_t buffer_length,
205
size_t buffer_capacity){
206
if(buffer_length + BUFFER_SIZE > buffer_capacity){
207
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
208
if(new_buf == NULL){
209
int old_errno = errno;
210
free(*buffer);
211
errno = old_errno;
212
*buffer = NULL;
213
return 0;
214
}
215
*buffer = new_buf;
216
buffer_capacity += BUFFER_SIZE;
217
}
218
return buffer_capacity;
219
}
220
221
/* Add server to set of servers to retry periodically */
222
__attribute__((nonnull, warn_unused_result))
223
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
224
int af, server **current_server){
225
int ret;
226
server *new_server = malloc(sizeof(server));
227
if(new_server == NULL){
228
perror_plus("malloc");
229
return false;
230
}
231
*new_server = (server){ .ip = strdup(ip),
232
.port = port,
233
.if_index = if_index,
234
.af = af };
235
if(new_server->ip == NULL){
236
perror_plus("strdup");
237
free(new_server);
238
return false;
239
}
240
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
241
if(ret == -1){
242
perror_plus("clock_gettime");
243
#ifdef __GNUC__
244
#pragma GCC diagnostic push
245
#pragma GCC diagnostic ignored "-Wcast-qual"
246
#endif
247
free((char *)(new_server->ip));
248
#ifdef __GNUC__
249
#pragma GCC diagnostic pop
250
#endif
251
free(new_server);
252
return false;
253
}
254
/* Special case of first server */
255
if(*current_server == NULL){
256
new_server->next = new_server;
257
new_server->prev = new_server;
258
*current_server = new_server;
259
} else {
260
/* Place the new server last in the list */
261
new_server->next = *current_server;
262
new_server->prev = (*current_server)->prev;
263
new_server->prev->next = new_server;
264
(*current_server)->prev = new_server;
265
}
266
return true;
267
}
268
269
/*
270
* Initialize GPGME.
271
*/
272
__attribute__((nonnull, warn_unused_result))
273
static bool init_gpgme(const char * const seckey,
274
const char * const pubkey,
275
const char * const tempdir,
276
mandos_context *mc){
74
277
gpgme_error_t rc;
75
ssize_t ret;
76
size_t new_packet_capacity = 0;
77
size_t new_packet_length = 0;
78
278
gpgme_engine_info_t engine_info;
79
80
if (debug){
81
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
279
280
/*
281
* Helper function to insert pub and seckey to the engine keyring.
282
*/
283
bool import_key(const char * const filename){
284
int ret;
285
int fd;
286
gpgme_data_t pgp_data;
287
288
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
289
if(fd == -1){
290
perror_plus("open");
291
return false;
292
}
293
294
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
if(rc != GPG_ERR_NO_ERROR){
296
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
297
gpgme_strsource(rc), gpgme_strerror(rc));
298
return false;
299
}
300
301
rc = gpgme_op_import(mc->ctx, pgp_data);
302
if(rc != GPG_ERR_NO_ERROR){
303
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
304
gpgme_strsource(rc), gpgme_strerror(rc));
305
return false;
306
}
307
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
309
if(ret == -1){
310
perror_plus("close");
311
}
312
gpgme_data_release(pgp_data);
313
return true;
314
}
315
316
if(debug){
317
fprintf_plus(stderr, "Initializing GPGME\n");
82
318
}
83
319
84
320
/* Init GPGME */
85
321
gpgme_check_version(NULL);
86
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
322
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
323
if(rc != GPG_ERR_NO_ERROR){
324
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
325
gpgme_strsource(rc), gpgme_strerror(rc));
326
return false;
327
}
87
328
88
/* Set GPGME home directory */
89
rc = gpgme_get_engine_info (&engine_info);
90
if (rc != GPG_ERR_NO_ERROR){
91
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
92
gpgme_strsource(rc), gpgme_strerror(rc));
93
return -1;
329
/* Set GPGME home directory for the OpenPGP engine only */
330
rc = gpgme_get_engine_info(&engine_info);
331
if(rc != GPG_ERR_NO_ERROR){
332
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
333
gpgme_strsource(rc), gpgme_strerror(rc));
334
return false;
94
335
}
95
336
while(engine_info != NULL){
96
337
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
97
338
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
98
engine_info->file_name, homedir);
339
engine_info->file_name, tempdir);
99
340
break;
100
341
}
101
342
engine_info = engine_info->next;
102
343
}
103
344
if(engine_info == NULL){
104
fprintf(stderr, "Could not set home dir to %s\n", homedir);
105
return -1;
106
}
107
108
/* Create new GPGME data buffer from packet buffer */
109
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
110
if (rc != GPG_ERR_NO_ERROR){
111
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
112
gpgme_strsource(rc), gpgme_strerror(rc));
345
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
346
tempdir);
347
return false;
348
}
349
350
/* Create new GPGME "context" */
351
rc = gpgme_new(&(mc->ctx));
352
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
356
return false;
357
}
358
359
if(not import_key(pubkey) or not import_key(seckey)){
360
return false;
361
}
362
363
return true;
364
}
365
366
/*
367
* Decrypt OpenPGP data.
368
* Returns -1 on error
369
*/
370
__attribute__((nonnull, warn_unused_result))
371
static ssize_t pgp_packet_decrypt(const char *cryptotext,
372
size_t crypto_size,
373
char **plaintext,
374
mandos_context *mc){
375
gpgme_data_t dh_crypto, dh_plain;
376
gpgme_error_t rc;
377
ssize_t ret;
378
size_t plaintext_capacity = 0;
379
ssize_t plaintext_length = 0;
380
381
if(debug){
382
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
383
}
384
385
/* Create new GPGME data buffer from memory cryptotext */
386
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
387
0);
388
if(rc != GPG_ERR_NO_ERROR){
389
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
390
gpgme_strsource(rc), gpgme_strerror(rc));
113
391
return -1;
114
392
}
115
393
116
394
/* Create new empty GPGME data buffer for the plaintext */
117
395
rc = gpgme_data_new(&dh_plain);
118
if (rc != GPG_ERR_NO_ERROR){
119
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
120
gpgme_strsource(rc), gpgme_strerror(rc));
121
return -1;
122
}
123
124
/* Create new GPGME "context" */
125
rc = gpgme_new(&ctx);
126
if (rc != GPG_ERR_NO_ERROR){
127
fprintf(stderr, "bad gpgme_new: %s: %s\n",
128
gpgme_strsource(rc), gpgme_strerror(rc));
129
return -1;
130
}
131
132
/* Decrypt data from the FILE pointer to the plaintext data buffer */
133
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
134
if (rc != GPG_ERR_NO_ERROR){
135
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
136
gpgme_strsource(rc), gpgme_strerror(rc));
137
return -1;
138
}
139
140
if(debug){
141
fprintf(stderr, "decryption of gpg packet succeeded\n");
142
}
143
144
if (debug){
145
gpgme_decrypt_result_t result;
146
result = gpgme_op_decrypt_result(ctx);
147
if (result == NULL){
148
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
149
} else {
150
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
151
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
152
if(result->file_name != NULL){
153
fprintf(stderr, "File name: %s\n", result->file_name);
154
}
155
gpgme_recipient_t recipient;
156
recipient = result->recipients;
157
if(recipient){
396
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
399
gpgme_strsource(rc), gpgme_strerror(rc));
400
gpgme_data_release(dh_crypto);
401
return -1;
402
}
403
404
/* Decrypt data from the cryptotext data buffer to the plaintext
405
data buffer */
406
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
407
if(rc != GPG_ERR_NO_ERROR){
408
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
409
gpgme_strsource(rc), gpgme_strerror(rc));
410
plaintext_length = -1;
411
if(debug){
412
gpgme_decrypt_result_t result;
413
result = gpgme_op_decrypt_result(mc->ctx);
414
if(result == NULL){
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
421
if(result->file_name != NULL){
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
158
426
while(recipient != NULL){
159
fprintf(stderr, "Public key algorithm: %s\n",
160
gpgme_pubkey_algo_name(recipient->pubkey_algo));
161
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
162
fprintf(stderr, "Secret key available: %s\n",
163
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
427
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
431
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
164
434
recipient = recipient->next;
165
435
}
166
436
}
167
437
}
438
goto decrypt_end;
168
439
}
169
440
170
/* Delete the GPGME FILE pointer cryptotext data buffer */
171
gpgme_data_release(dh_crypto);
441
if(debug){
442
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
443
}
172
444
173
445
/* Seek back to the beginning of the GPGME plaintext data buffer */
174
gpgme_data_seek(dh_plain, 0, SEEK_SET);
175
176
*new_packet = 0;
446
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
447
perror_plus("gpgme_data_seek");
448
plaintext_length = -1;
449
goto decrypt_end;
450
}
451
452
*plaintext = NULL;
177
453
while(true){
178
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
179
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
180
if (*new_packet == NULL){
181
perror("realloc");
182
return -1;
183
}
184
new_packet_capacity += BUFFER_SIZE;
454
plaintext_capacity = incbuffer(plaintext,
455
(size_t)plaintext_length,
456
plaintext_capacity);
457
if(plaintext_capacity == 0){
458
perror_plus("incbuffer");
459
plaintext_length = -1;
460
goto decrypt_end;
185
461
}
186
462
187
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
463
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
464
BUFFER_SIZE);
188
465
/* Print the data, if any */
189
if (ret == 0){
190
/* If password is empty, then a incorrect error will be printed */
466
if(ret == 0){
467
/* EOF */
191
468
break;
192
469
}
193
470
if(ret < 0){
194
perror("gpgme_data_read");
195
return -1;
471
perror_plus("gpgme_data_read");
472
plaintext_length = -1;
473
goto decrypt_end;
196
474
}
197
new_packet_length += ret;
475
plaintext_length += ret;
198
476
}
199
477
200
478
if(debug){
201
fprintf(stderr, "decrypted password is: %s\n", *new_packet);
479
fprintf_plus(stderr, "Decrypted password is: ");
480
for(ssize_t i = 0; i < plaintext_length; i++){
481
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
482
}
483
fprintf(stderr, "\n");
202
484
}
203
204
/* Delete the GPGME plaintext data buffer */
485
486
decrypt_end:
487
488
/* Delete the GPGME cryptotext data buffer */
489
gpgme_data_release(dh_crypto);
490
491
/* Delete the GPGME plaintext data buffer */
205
492
gpgme_data_release(dh_plain);
206
return new_packet_length;
493
return plaintext_length;
207
494
}
208
495
209
static const char * safer_gnutls_strerror (int value) {
210
const char *ret = gnutls_strerror (value);
211
if (ret == NULL)
496
__attribute__((warn_unused_result))
497
static const char *safer_gnutls_strerror(int value){
498
const char *ret = gnutls_strerror(value);
499
if(ret == NULL)
212
500
ret = "(unknown)";
213
501
return ret;
214
502
}
215
503
216
void debuggnutls(int level, const char* string){
217
fprintf(stderr, "%s", string);
504
/* GnuTLS log function callback */
505
__attribute__((nonnull))
506
static void debuggnutls(__attribute__((unused)) int level,
507
const char* string){
508
fprintf_plus(stderr, "GnuTLS: %s", string);
218
509
}
219
510
220
int initgnutls(encrypted_session *es){
221
const char *err;
511
__attribute__((nonnull, warn_unused_result))
512
static int init_gnutls_global(const char *pubkeyfilename,
513
const char *seckeyfilename,
514
mandos_context *mc){
222
515
int ret;
223
516
224
517
if(debug){
225
fprintf(stderr, "Initializing gnutls\n");
518
fprintf_plus(stderr, "Initializing GnuTLS\n");
226
519
}
227
228
520
229
if ((ret = gnutls_global_init ())
230
!= GNUTLS_E_SUCCESS) {
231
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
521
ret = gnutls_global_init();
522
if(ret != GNUTLS_E_SUCCESS){
523
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
524
safer_gnutls_strerror(ret));
232
525
return -1;
233
526
}
234
235
if (debug){
527
528
if(debug){
529
/* "Use a log level over 10 to enable all debugging options."
530
* - GnuTLS manual
531
*/
236
532
gnutls_global_set_log_level(11);
237
533
gnutls_global_set_log_function(debuggnutls);
238
534
}
239
535
240
241
/* openpgp credentials */
242
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
243
!= GNUTLS_E_SUCCESS) {
244
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
536
/* OpenPGP credentials */
537
ret = gnutls_certificate_allocate_credentials(&mc->cred);
538
if(ret != GNUTLS_E_SUCCESS){
539
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
540
safer_gnutls_strerror(ret));
541
gnutls_global_deinit();
245
542
return -1;
246
543
}
247
544
248
545
if(debug){
249
fprintf(stderr, "Attempting to use openpgp certificate %s"
250
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
546
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
547
" secret key %s as GnuTLS credentials\n",
548
pubkeyfilename,
549
seckeyfilename);
251
550
}
252
551
253
552
ret = gnutls_certificate_set_openpgp_key_file
254
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
255
if (ret != GNUTLS_E_SUCCESS) {
256
fprintf
257
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
258
ret, CERTFILE, KEYFILE);
259
fprintf(stdout, "The Error is: %s\n",
260
safer_gnutls_strerror(ret));
261
return -1;
262
}
263
264
//Gnutls server initialization
265
if ((ret = gnutls_dh_params_init (&es->dh_params))
266
!= GNUTLS_E_SUCCESS) {
267
fprintf (stderr, "Error in dh parameter initialization: %s\n",
268
safer_gnutls_strerror(ret));
269
return -1;
270
}
271
272
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
273
!= GNUTLS_E_SUCCESS) {
274
fprintf (stderr, "Error in prime generation: %s\n",
275
safer_gnutls_strerror(ret));
276
return -1;
277
}
278
279
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
280
281
// Gnutls session creation
282
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
283
!= GNUTLS_E_SUCCESS){
284
fprintf(stderr, "Error in gnutls session initialization: %s\n",
285
safer_gnutls_strerror(ret));
286
}
287
288
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
289
!= GNUTLS_E_SUCCESS) {
290
fprintf(stderr, "Syntax error at: %s\n", err);
291
fprintf(stderr, "Gnutls error: %s\n",
292
safer_gnutls_strerror(ret));
293
return -1;
294
}
295
296
if ((ret = gnutls_credentials_set
297
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
298
!= GNUTLS_E_SUCCESS) {
299
fprintf(stderr, "Error setting a credentials set: %s\n",
300
safer_gnutls_strerror(ret));
301
return -1;
302
}
303
553
(mc->cred, pubkeyfilename, seckeyfilename,
554
GNUTLS_OPENPGP_FMT_BASE64);
555
if(ret != GNUTLS_E_SUCCESS){
556
fprintf_plus(stderr,
557
"Error[%d] while reading the OpenPGP key pair ('%s',"
558
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
559
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
560
safer_gnutls_strerror(ret));
561
goto globalfail;
562
}
563
564
/* GnuTLS server initialization */
565
ret = gnutls_dh_params_init(&mc->dh_params);
566
if(ret != GNUTLS_E_SUCCESS){
567
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
568
" initialization: %s\n",
569
safer_gnutls_strerror(ret));
570
goto globalfail;
571
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
580
581
return 0;
582
583
globalfail:
584
585
gnutls_certificate_free_credentials(mc->cred);
586
gnutls_global_deinit();
587
gnutls_dh_params_deinit(mc->dh_params);
588
return -1;
589
}
590
591
__attribute__((nonnull, warn_unused_result))
592
static int init_gnutls_session(gnutls_session_t *session,
593
mandos_context *mc){
594
int ret;
595
/* GnuTLS session creation */
596
do {
597
ret = gnutls_init(session, GNUTLS_SERVER);
598
if(quit_now){
599
return -1;
600
}
601
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
602
if(ret != GNUTLS_E_SUCCESS){
603
fprintf_plus(stderr,
604
"Error in GnuTLS session initialization: %s\n",
605
safer_gnutls_strerror(ret));
606
}
607
608
{
609
const char *err;
610
do {
611
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
612
if(quit_now){
613
gnutls_deinit(*session);
614
return -1;
615
}
616
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
617
if(ret != GNUTLS_E_SUCCESS){
618
fprintf_plus(stderr, "Syntax error at: %s\n", err);
619
fprintf_plus(stderr, "GnuTLS error: %s\n",
620
safer_gnutls_strerror(ret));
621
gnutls_deinit(*session);
622
return -1;
623
}
624
}
625
626
do {
627
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
628
mc->cred);
629
if(quit_now){
630
gnutls_deinit(*session);
631
return -1;
632
}
633
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
634
if(ret != GNUTLS_E_SUCCESS){
635
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
636
safer_gnutls_strerror(ret));
637
gnutls_deinit(*session);
638
return -1;
639
}
640
304
641
/* ignore client certificate if any. */
305
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
642
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
306
643
307
gnutls_dh_set_prime_bits (es->session, DH_BITS);
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
308
645
309
646
return 0;
310
647
}
311
648
312
void empty_log(AvahiLogLevel level, const char *txt){}
313
314
int start_mandos_communcation(char *ip, uint16_t port){
315
int ret, tcp_sd;
316
struct sockaddr_in6 to;
317
struct in6_addr ip_addr;
318
encrypted_session es;
649
/* Avahi log function callback */
650
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
651
__attribute__((unused)) const char *txt){}
652
653
/* Set effective uid to 0, return errno */
654
__attribute__((warn_unused_result))
655
error_t raise_privileges(void){
656
error_t old_errno = errno;
657
error_t ret_errno = 0;
658
if(seteuid(0) == -1){
659
ret_errno = errno;
660
}
661
errno = old_errno;
662
return ret_errno;
663
}
664
665
/* Set effective and real user ID to 0. Return errno. */
666
__attribute__((warn_unused_result))
667
error_t raise_privileges_permanently(void){
668
error_t old_errno = errno;
669
error_t ret_errno = raise_privileges();
670
if(ret_errno != 0){
671
errno = old_errno;
672
return ret_errno;
673
}
674
if(setuid(0) == -1){
675
ret_errno = errno;
676
}
677
errno = old_errno;
678
return ret_errno;
679
}
680
681
/* Set effective user ID to unprivileged saved user ID */
682
__attribute__((warn_unused_result))
683
error_t lower_privileges(void){
684
error_t old_errno = errno;
685
error_t ret_errno = 0;
686
if(seteuid(uid) == -1){
687
ret_errno = errno;
688
}
689
errno = old_errno;
690
return ret_errno;
691
}
692
693
/* Lower privileges permanently */
694
__attribute__((warn_unused_result))
695
error_t lower_privileges_permanently(void){
696
error_t old_errno = errno;
697
error_t ret_errno = 0;
698
if(setuid(uid) == -1){
699
ret_errno = errno;
700
}
701
errno = old_errno;
702
return ret_errno;
703
}
704
705
/* Helper function to add_local_route() and delete_local_route() */
706
__attribute__((nonnull, warn_unused_result))
707
static bool add_delete_local_route(const bool add,
708
const char *address,
709
AvahiIfIndex if_index){
710
int ret;
711
char helper[] = "mandos-client-iprouteadddel";
712
char add_arg[] = "add";
713
char delete_arg[] = "delete";
714
char debug_flag[] = "--debug";
715
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
716
if(pluginhelperdir == NULL){
717
if(debug){
718
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
719
" variable not set; cannot run helper\n");
720
}
721
return false;
722
}
723
724
char interface[IF_NAMESIZE];
725
if(if_indextoname((unsigned int)if_index, interface) == NULL){
726
perror_plus("if_indextoname");
727
return false;
728
}
729
730
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
731
if(devnull == -1){
732
perror_plus("open(\"/dev/null\", O_RDONLY)");
733
return false;
734
}
735
pid_t pid = fork();
736
if(pid == 0){
737
/* Child */
738
/* Raise privileges */
739
errno = raise_privileges_permanently();
740
if(errno != 0){
741
perror_plus("Failed to raise privileges");
742
/* _exit(EX_NOPERM); */
743
} else {
744
/* Set group */
745
errno = 0;
746
ret = setgid(0);
747
if(ret == -1){
748
perror_plus("setgid");
749
_exit(EX_NOPERM);
750
}
751
/* Reset supplementary groups */
752
errno = 0;
753
ret = setgroups(0, NULL);
754
if(ret == -1){
755
perror_plus("setgroups");
756
_exit(EX_NOPERM);
757
}
758
}
759
ret = dup2(devnull, STDIN_FILENO);
760
if(ret == -1){
761
perror_plus("dup2(devnull, STDIN_FILENO)");
762
_exit(EX_OSERR);
763
}
764
ret = (int)TEMP_FAILURE_RETRY(close(devnull));
765
if(ret == -1){
766
perror_plus("close");
767
_exit(EX_OSERR);
768
}
769
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
770
if(ret == -1){
771
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
772
_exit(EX_OSERR);
773
}
774
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
775
O_RDONLY
776
| O_DIRECTORY
777
| O_PATH
778
| O_CLOEXEC));
779
if(helperdir_fd == -1){
780
perror_plus("open");
781
_exit(EX_UNAVAILABLE);
782
}
783
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
784
helper, O_RDONLY));
785
if(helper_fd == -1){
786
perror_plus("openat");
787
_exit(EX_UNAVAILABLE);
788
}
789
TEMP_FAILURE_RETRY(close(helperdir_fd));
790
#ifdef __GNUC__
791
#pragma GCC diagnostic push
792
#pragma GCC diagnostic ignored "-Wcast-qual"
793
#endif
794
if(fexecve(helper_fd, (char *const [])
795
{ helper, add ? add_arg : delete_arg, (char *)address,
796
interface, debug ? debug_flag : NULL, NULL },
797
environ) == -1){
798
#ifdef __GNUC__
799
#pragma GCC diagnostic pop
800
#endif
801
perror_plus("fexecve");
802
_exit(EXIT_FAILURE);
803
}
804
}
805
if(pid == -1){
806
perror_plus("fork");
807
return false;
808
}
809
int status;
810
pid_t pret = -1;
811
errno = 0;
812
do {
813
pret = waitpid(pid, &status, 0);
814
if(pret == -1 and errno == EINTR and quit_now){
815
int errno_raising = 0;
816
if((errno = raise_privileges()) != 0){
817
errno_raising = errno;
818
perror_plus("Failed to raise privileges in order to"
819
" kill helper program");
820
}
821
if(kill(pid, SIGTERM) == -1){
822
perror_plus("kill");
823
}
824
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
825
perror_plus("Failed to lower privileges after killing"
826
" helper program");
827
}
828
return false;
829
}
830
} while(pret == -1 and errno == EINTR);
831
if(pret == -1){
832
perror_plus("waitpid");
833
return false;
834
}
835
if(WIFEXITED(status)){
836
if(WEXITSTATUS(status) != 0){
837
fprintf_plus(stderr, "Error: iprouteadddel exited"
838
" with status %d\n", WEXITSTATUS(status));
839
return false;
840
}
841
return true;
842
}
843
if(WIFSIGNALED(status)){
844
fprintf_plus(stderr, "Error: iprouteadddel died by"
845
" signal %d\n", WTERMSIG(status));
846
return false;
847
}
848
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
849
return false;
850
}
851
852
__attribute__((nonnull, warn_unused_result))
853
static bool add_local_route(const char *address,
854
AvahiIfIndex if_index){
855
if(debug){
856
fprintf_plus(stderr, "Adding route to %s\n", address);
857
}
858
return add_delete_local_route(true, address, if_index);
859
}
860
861
__attribute__((nonnull, warn_unused_result))
862
static bool delete_local_route(const char *address,
863
AvahiIfIndex if_index){
864
if(debug){
865
fprintf_plus(stderr, "Removing route to %s\n", address);
866
}
867
return add_delete_local_route(false, address, if_index);
868
}
869
870
/* Called when a Mandos server is found */
871
__attribute__((nonnull, warn_unused_result))
872
static int start_mandos_communication(const char *ip, in_port_t port,
873
AvahiIfIndex if_index,
874
int af, mandos_context *mc){
875
int ret, tcp_sd = -1;
876
ssize_t sret;
877
struct sockaddr_storage to;
319
878
char *buffer = NULL;
320
char *decrypted_buffer;
879
char *decrypted_buffer = NULL;
321
880
size_t buffer_length = 0;
322
881
size_t buffer_capacity = 0;
323
ssize_t decrypted_buffer_size;
324
int retval = 0;
325
const char interface[] = "eth0";
326
327
if(debug){
328
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
329
}
330
331
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
332
if(tcp_sd < 0) {
333
perror("socket");
334
return -1;
335
}
336
337
if(debug){
338
fprintf(stderr, "Binding to interface %s\n", interface);
339
}
340
341
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
342
if(tcp_sd < 0) {
343
perror("setsockopt bindtodevice");
344
return -1;
345
}
346
347
memset(&to,0,sizeof(to));
348
to.sin6_family = AF_INET6;
349
ret = inet_pton(AF_INET6, ip, &ip_addr);
350
if (ret < 0 ){
351
perror("inet_pton");
352
return -1;
353
}
882
size_t written;
883
int retval = -1;
884
gnutls_session_t session;
885
int pf; /* Protocol family */
886
bool route_added = false;
887
888
errno = 0;
889
890
if(quit_now){
891
errno = EINTR;
892
return -1;
893
}
894
895
switch(af){
896
case AF_INET6:
897
pf = PF_INET6;
898
break;
899
case AF_INET:
900
pf = PF_INET;
901
break;
902
default:
903
fprintf_plus(stderr, "Bad address family: %d\n", af);
904
errno = EINVAL;
905
return -1;
906
}
907
908
/* If the interface is specified and we have a list of interfaces */
909
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
910
/* Check if the interface is one of the interfaces we are using */
911
bool match = false;
912
{
913
char *interface = NULL;
914
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
915
interface))){
916
if(if_nametoindex(interface) == (unsigned int)if_index){
917
match = true;
918
break;
919
}
920
}
921
}
922
if(not match){
923
/* This interface does not match any in the list, so we don't
924
connect to the server */
925
if(debug){
926
char interface[IF_NAMESIZE];
927
if(if_indextoname((unsigned int)if_index, interface) == NULL){
928
perror_plus("if_indextoname");
929
} else {
930
fprintf_plus(stderr, "Skipping server on non-used interface"
931
" \"%s\"\n",
932
if_indextoname((unsigned int)if_index,
933
interface));
934
}
935
}
936
return -1;
937
}
938
}
939
940
ret = init_gnutls_session(&session, mc);
941
if(ret != 0){
942
return -1;
943
}
944
945
if(debug){
946
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
947
PRIuMAX "\n", ip, (uintmax_t)port);
948
}
949
950
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
951
if(tcp_sd < 0){
952
int e = errno;
953
perror_plus("socket");
954
errno = e;
955
goto mandos_end;
956
}
957
958
if(quit_now){
959
errno = EINTR;
960
goto mandos_end;
961
}
962
963
memset(&to, 0, sizeof(to));
964
if(af == AF_INET6){
965
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
966
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
967
} else { /* IPv4 */
968
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
969
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
970
}
971
if(ret < 0 ){
972
int e = errno;
973
perror_plus("inet_pton");
974
errno = e;
975
goto mandos_end;
976
}
354
977
if(ret == 0){
355
fprintf(stderr, "Bad address: %s\n", ip);
356
return -1;
357
}
358
to.sin6_port = htons(port);
359
to.sin6_scope_id = if_nametoindex(interface);
360
361
if(debug){
362
fprintf(stderr, "Connection to: %s\n", ip);
363
}
364
365
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
366
if (ret < 0){
367
perror("connect");
368
return -1;
369
}
370
371
ret = initgnutls (&es);
372
if (ret != 0){
373
retval = -1;
374
return -1;
375
}
376
377
378
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
379
380
if(debug){
381
fprintf(stderr, "Establishing tls session with %s\n", ip);
382
}
383
384
385
ret = gnutls_handshake (es.session);
386
387
if (ret != GNUTLS_E_SUCCESS){
388
fprintf(stderr, "\n*** Handshake failed ***\n");
389
gnutls_perror (ret);
390
retval = -1;
391
goto exit;
392
}
393
394
//Retrieve gpg packet that contains the wanted password
395
396
if(debug){
397
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
398
}
399
400
while(true){
401
if (buffer_length + BUFFER_SIZE > buffer_capacity){
402
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
403
if (buffer == NULL){
404
perror("realloc");
405
goto exit;
406
}
407
buffer_capacity += BUFFER_SIZE;
408
}
409
410
ret = gnutls_record_recv
411
(es.session, buffer+buffer_length, BUFFER_SIZE);
412
if (ret == 0){
978
int e = errno;
979
fprintf_plus(stderr, "Bad address: %s\n", ip);
980
errno = e;
981
goto mandos_end;
982
}
983
if(af == AF_INET6){
984
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
985
if(IN6_IS_ADDR_LINKLOCAL
986
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
987
if(if_index == AVAHI_IF_UNSPEC){
988
fprintf_plus(stderr, "An IPv6 link-local address is"
989
" incomplete without a network interface\n");
990
errno = EINVAL;
991
goto mandos_end;
992
}
993
/* Set the network interface number as scope */
994
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
995
}
996
} else {
997
((struct sockaddr_in *)&to)->sin_port = htons(port);
998
}
999
1000
if(quit_now){
1001
errno = EINTR;
1002
goto mandos_end;
1003
}
1004
1005
if(debug){
1006
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1007
char interface[IF_NAMESIZE];
1008
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1009
perror_plus("if_indextoname");
1010
} else {
1011
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1012
"\n", ip, interface, (uintmax_t)port);
1013
}
1014
} else {
1015
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1016
ip, (uintmax_t)port);
1017
}
1018
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1019
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1020
if(af == AF_INET6){
1021
ret = getnameinfo((struct sockaddr *)&to,
1022
sizeof(struct sockaddr_in6),
1023
addrstr, sizeof(addrstr), NULL, 0,
1024
NI_NUMERICHOST);
1025
} else {
1026
ret = getnameinfo((struct sockaddr *)&to,
1027
sizeof(struct sockaddr_in),
1028
addrstr, sizeof(addrstr), NULL, 0,
1029
NI_NUMERICHOST);
1030
}
1031
if(ret == EAI_SYSTEM){
1032
perror_plus("getnameinfo");
1033
} else if(ret != 0) {
1034
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1035
} else if(strcmp(addrstr, ip) != 0){
1036
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1037
}
1038
}
1039
1040
if(quit_now){
1041
errno = EINTR;
1042
goto mandos_end;
1043
}
1044
1045
while(true){
1046
if(af == AF_INET6){
1047
ret = connect(tcp_sd, (struct sockaddr *)&to,
1048
sizeof(struct sockaddr_in6));
1049
} else {
1050
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1051
sizeof(struct sockaddr_in));
1052
}
1053
if(ret < 0){
1054
if(errno == ENETUNREACH
1055
and if_index != AVAHI_IF_UNSPEC
1056
and connect_to == NULL
1057
and not route_added and
1058
((af == AF_INET6 and not
1059
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1060
&to)->sin6_addr)))
1061
or (af == AF_INET and
1062
/* Not a a IPv4LL address */
1063
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1064
& 0xFFFF0000L) != 0xA9FE0000L))){
1065
/* Work around Avahi bug - Avahi does not announce link-local
1066
addresses if it has a global address, so local hosts with
1067
*only* a link-local address (e.g. Mandos clients) cannot
1068
connect to a Mandos server announced by Avahi on a server
1069
host with a global address. Work around this by retrying
1070
with an explicit route added with the server's address.
1071
1072
Avahi bug reference:
1073
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1074
https://bugs.debian.org/587961
1075
*/
1076
if(debug){
1077
fprintf_plus(stderr, "Mandos server unreachable, trying"
1078
" direct route\n");
1079
}
1080
int e = errno;
1081
route_added = add_local_route(ip, if_index);
1082
if(route_added){
1083
continue;
1084
}
1085
errno = e;
1086
}
1087
if(errno != ECONNREFUSED or debug){
1088
int e = errno;
1089
perror_plus("connect");
1090
errno = e;
1091
}
1092
goto mandos_end;
1093
}
1094
1095
if(quit_now){
1096
errno = EINTR;
1097
goto mandos_end;
1098
}
1099
break;
1100
}
1101
1102
const char *out = mandos_protocol_version;
1103
written = 0;
1104
while(true){
1105
size_t out_size = strlen(out);
1106
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1107
out_size - written));
1108
if(ret == -1){
1109
int e = errno;
1110
perror_plus("write");
1111
errno = e;
1112
goto mandos_end;
1113
}
1114
written += (size_t)ret;
1115
if(written < out_size){
1116
continue;
1117
} else {
1118
if(out == mandos_protocol_version){
1119
written = 0;
1120
out = "\r\n";
1121
} else {
1122
break;
1123
}
1124
}
1125
1126
if(quit_now){
1127
errno = EINTR;
1128
goto mandos_end;
1129
}
1130
}
1131
1132
if(debug){
1133
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1134
}
1135
1136
if(quit_now){
1137
errno = EINTR;
1138
goto mandos_end;
1139
}
1140
1141
/* This casting via intptr_t is to eliminate warning about casting
1142
an int to a pointer type. This is exactly how the GnuTLS Guile
1143
function "set-session-transport-fd!" does it. */
1144
gnutls_transport_set_ptr(session,
1145
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1146
1147
if(quit_now){
1148
errno = EINTR;
1149
goto mandos_end;
1150
}
1151
1152
do {
1153
ret = gnutls_handshake(session);
1154
if(quit_now){
1155
errno = EINTR;
1156
goto mandos_end;
1157
}
1158
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1159
1160
if(ret != GNUTLS_E_SUCCESS){
1161
if(debug){
1162
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1163
gnutls_perror(ret);
1164
}
1165
errno = EPROTO;
1166
goto mandos_end;
1167
}
1168
1169
/* Read OpenPGP packet that contains the wanted password */
1170
1171
if(debug){
1172
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1173
" %s\n", ip);
1174
}
1175
1176
while(true){
1177
1178
if(quit_now){
1179
errno = EINTR;
1180
goto mandos_end;
1181
}
1182
1183
buffer_capacity = incbuffer(&buffer, buffer_length,
1184
buffer_capacity);
1185
if(buffer_capacity == 0){
1186
int e = errno;
1187
perror_plus("incbuffer");
1188
errno = e;
1189
goto mandos_end;
1190
}
1191
1192
if(quit_now){
1193
errno = EINTR;
1194
goto mandos_end;
1195
}
1196
1197
sret = gnutls_record_recv(session, buffer+buffer_length,
1198
BUFFER_SIZE);
1199
if(sret == 0){
413
1200
break;
414
1201
}
415
if (ret < 0){
416
switch(ret){
1202
if(sret < 0){
1203
switch(sret){
417
1204
case GNUTLS_E_INTERRUPTED:
418
1205
case GNUTLS_E_AGAIN:
419
1206
break;
420
1207
case GNUTLS_E_REHANDSHAKE:
421
ret = gnutls_handshake (es.session);
422
if (ret < 0){
423
fprintf(stderr, "\n*** Handshake failed ***\n");
424
gnutls_perror (ret);
425
retval = -1;
426
goto exit;
1208
do {
1209
ret = gnutls_handshake(session);
1210
1211
if(quit_now){
1212
errno = EINTR;
1213
goto mandos_end;
1214
}
1215
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1216
if(ret < 0){
1217
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1218
"***\n");
1219
gnutls_perror(ret);
1220
errno = EPROTO;
1221
goto mandos_end;
427
1222
}
428
1223
break;
429
1224
default:
430
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
431
retval = -1;
432
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
433
goto exit;
434
}
435
} else {
436
buffer_length += ret;
437
}
438
}
439
440
if (buffer_length > 0){
441
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
442
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
443
free(decrypted_buffer);
444
} else {
1225
fprintf_plus(stderr, "Unknown error while reading data from"
1226
" encrypted session with Mandos server\n");
1227
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1228
errno = EIO;
1229
goto mandos_end;
1230
}
1231
} else {
1232
buffer_length += (size_t) sret;
1233
}
1234
}
1235
1236
if(debug){
1237
fprintf_plus(stderr, "Closing TLS session\n");
1238
}
1239
1240
if(quit_now){
1241
errno = EINTR;
1242
goto mandos_end;
1243
}
1244
1245
do {
1246
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1247
if(quit_now){
1248
errno = EINTR;
1249
goto mandos_end;
1250
}
1251
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1252
1253
if(buffer_length > 0){
1254
ssize_t decrypted_buffer_size;
1255
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1256
&decrypted_buffer, mc);
1257
if(decrypted_buffer_size >= 0){
1258
1259
written = 0;
1260
while(written < (size_t) decrypted_buffer_size){
1261
if(quit_now){
1262
errno = EINTR;
1263
goto mandos_end;
1264
}
1265
1266
ret = (int)fwrite(decrypted_buffer + written, 1,
1267
(size_t)decrypted_buffer_size - written,
1268
stdout);
1269
if(ret == 0 and ferror(stdout)){
1270
int e = errno;
1271
if(debug){
1272
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1273
strerror(errno));
1274
}
1275
errno = e;
1276
goto mandos_end;
1277
}
1278
written += (size_t)ret;
1279
}
1280
retval = 0;
1281
}
1282
}
1283
1284
/* Shutdown procedure */
1285
1286
mandos_end:
1287
{
1288
if(route_added){
1289
if(not delete_local_route(ip, if_index)){
1290
fprintf_plus(stderr, "Failed to delete local route to %s on"
1291
" interface %d", ip, if_index);
1292
}
1293
}
1294
int e = errno;
1295
free(decrypted_buffer);
1296
free(buffer);
1297
if(tcp_sd >= 0){
1298
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1299
}
1300
if(ret == -1){
1301
if(e == 0){
1302
e = errno;
1303
}
1304
perror_plus("close");
1305
}
1306
gnutls_deinit(session);
1307
errno = e;
1308
if(quit_now){
1309
errno = EINTR;
445
1310
retval = -1;
446
1311
}
447
1312
}
448
449
//shutdown procedure
450
451
if(debug){
452
fprintf(stderr, "Closing tls session\n");
453
}
454
455
free(buffer);
456
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
457
exit:
458
close(tcp_sd);
459
gnutls_deinit (es.session);
460
gnutls_certificate_free_credentials (es.cred);
461
gnutls_global_deinit ();
462
1313
return retval;
463
1314
}
464
1315
465
static AvahiSimplePoll *simple_poll = NULL;
466
static AvahiServer *server = NULL;
467
468
static void resolve_callback(
469
AvahiSServiceResolver *r,
470
AVAHI_GCC_UNUSED AvahiIfIndex interface,
471
AVAHI_GCC_UNUSED AvahiProtocol protocol,
472
AvahiResolverEvent event,
473
const char *name,
474
const char *type,
475
const char *domain,
476
const char *host_name,
477
const AvahiAddress *address,
478
uint16_t port,
479
AvahiStringList *txt,
480
AvahiLookupResultFlags flags,
481
AVAHI_GCC_UNUSED void* userdata) {
482
483
assert(r);
484
485
/* Called whenever a service has been resolved successfully or timed out */
486
487
switch (event) {
488
case AVAHI_RESOLVER_FAILURE:
489
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
490
break;
491
492
case AVAHI_RESOLVER_FOUND: {
493
char ip[AVAHI_ADDRESS_STR_MAX];
494
avahi_address_snprint(ip, sizeof(ip), address);
495
if(debug){
496
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
497
}
498
int ret = start_mandos_communcation(ip, port);
499
if (ret == 0){
500
exit(EXIT_SUCCESS);
501
} else {
502
exit(EXIT_FAILURE);
503
}
504
}
505
}
1316
__attribute__((nonnull))
1317
static void resolve_callback(AvahiSServiceResolver *r,
1318
AvahiIfIndex interface,
1319
AvahiProtocol proto,
1320
AvahiResolverEvent event,
1321
const char *name,
1322
const char *type,
1323
const char *domain,
1324
const char *host_name,
1325
const AvahiAddress *address,
1326
uint16_t port,
1327
AVAHI_GCC_UNUSED AvahiStringList *txt,
1328
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1329
flags,
1330
void *mc){
1331
if(r == NULL){
1332
return;
1333
}
1334
1335
/* Called whenever a service has been resolved successfully or
1336
timed out */
1337
1338
if(quit_now){
506
1339
avahi_s_service_resolver_free(r);
507
}
508
509
static void browse_callback(
510
AvahiSServiceBrowser *b,
511
AvahiIfIndex interface,
512
AvahiProtocol protocol,
513
AvahiBrowserEvent event,
514
const char *name,
515
const char *type,
516
const char *domain,
517
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
518
void* userdata) {
519
520
AvahiServer *s = userdata;
521
assert(b);
522
523
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
524
525
switch (event) {
526
527
case AVAHI_BROWSER_FAILURE:
528
529
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
530
avahi_simple_poll_quit(simple_poll);
531
return;
532
533
case AVAHI_BROWSER_NEW:
534
/* We ignore the returned resolver object. In the callback
535
function we free it. If the server is terminated before
536
the callback function is called the server will free
537
the resolver for us. */
538
539
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
540
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
541
542
break;
543
544
case AVAHI_BROWSER_REMOVE:
545
break;
546
547
case AVAHI_BROWSER_ALL_FOR_NOW:
548
case AVAHI_BROWSER_CACHE_EXHAUSTED:
549
break;
550
}
551
}
552
553
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
1340
return;
1341
}
1342
1343
switch(event){
1344
default:
1345
case AVAHI_RESOLVER_FAILURE:
1346
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1347
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1348
domain,
1349
avahi_strerror(avahi_server_errno
1350
(((mandos_context*)mc)->server)));
1351
break;
1352
1353
case AVAHI_RESOLVER_FOUND:
1354
{
1355
char ip[AVAHI_ADDRESS_STR_MAX];
1356
avahi_address_snprint(ip, sizeof(ip), address);
1357
if(debug){
1358
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1359
PRIdMAX ") on port %" PRIu16 "\n", name,
1360
host_name, ip, (intmax_t)interface, port);
1361
}
1362
int ret = start_mandos_communication(ip, (in_port_t)port,
1363
interface,
1364
avahi_proto_to_af(proto),
1365
mc);
1366
if(ret == 0){
1367
avahi_simple_poll_quit(simple_poll);
1368
} else {
1369
if(not add_server(ip, (in_port_t)port, interface,
1370
avahi_proto_to_af(proto),
1371
&((mandos_context*)mc)->current_server)){
1372
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1373
" list\n", name);
1374
}
1375
}
1376
}
1377
}
1378
avahi_s_service_resolver_free(r);
1379
}
1380
1381
static void browse_callback(AvahiSServiceBrowser *b,
1382
AvahiIfIndex interface,
1383
AvahiProtocol protocol,
1384
AvahiBrowserEvent event,
1385
const char *name,
1386
const char *type,
1387
const char *domain,
1388
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1389
flags,
1390
void *mc){
1391
if(b == NULL){
1392
return;
1393
}
1394
1395
/* Called whenever a new services becomes available on the LAN or
1396
is removed from the LAN */
1397
1398
if(quit_now){
1399
return;
1400
}
1401
1402
switch(event){
1403
default:
1404
case AVAHI_BROWSER_FAILURE:
1405
1406
fprintf_plus(stderr, "(Avahi browser) %s\n",
1407
avahi_strerror(avahi_server_errno
1408
(((mandos_context*)mc)->server)));
1409
avahi_simple_poll_quit(simple_poll);
1410
return;
1411
1412
case AVAHI_BROWSER_NEW:
1413
/* We ignore the returned Avahi resolver object. In the callback
1414
function we free it. If the Avahi server is terminated before
1415
the callback function is called the Avahi server will free the
1416
resolver for us. */
1417
1418
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1419
interface, protocol, name, type,
1420
domain, protocol, 0,
1421
resolve_callback, mc) == NULL)
1422
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1423
" %s\n", name,
1424
avahi_strerror(avahi_server_errno
1425
(((mandos_context*)mc)->server)));
1426
break;
1427
1428
case AVAHI_BROWSER_REMOVE:
1429
break;
1430
1431
case AVAHI_BROWSER_ALL_FOR_NOW:
1432
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1433
if(debug){
1434
fprintf_plus(stderr, "No Mandos server found, still"
1435
" searching...\n");
1436
}
1437
break;
1438
}
1439
}
1440
1441
/* Signal handler that stops main loop after SIGTERM */
1442
static void handle_sigterm(int sig){
1443
if(quit_now){
1444
return;
1445
}
1446
quit_now = 1;
1447
signal_received = sig;
1448
int old_errno = errno;
1449
/* set main loop to exit */
1450
if(simple_poll != NULL){
1451
avahi_simple_poll_quit(simple_poll);
1452
}
1453
errno = old_errno;
1454
}
1455
1456
__attribute__((nonnull, warn_unused_result))
1457
bool get_flags(const char *ifname, struct ifreq *ifr){
1458
int ret;
1459
error_t ret_errno;
1460
1461
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1462
if(s < 0){
1463
ret_errno = errno;
1464
perror_plus("socket");
1465
errno = ret_errno;
1466
return false;
1467
}
1468
strcpy(ifr->ifr_name, ifname);
1469
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1470
if(ret == -1){
1471
if(debug){
1472
ret_errno = errno;
1473
perror_plus("ioctl SIOCGIFFLAGS");
1474
errno = ret_errno;
1475
}
1476
return false;
1477
}
1478
return true;
1479
}
1480
1481
__attribute__((nonnull, warn_unused_result))
1482
bool good_flags(const char *ifname, const struct ifreq *ifr){
1483
1484
/* Reject the loopback device */
1485
if(ifr->ifr_flags & IFF_LOOPBACK){
1486
if(debug){
1487
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1488
ifname);
1489
}
1490
return false;
1491
}
1492
/* Accept point-to-point devices only if connect_to is specified */
1493
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1494
if(debug){
1495
fprintf_plus(stderr, "Accepting point-to-point interface"
1496
" \"%s\"\n", ifname);
1497
}
1498
return true;
1499
}
1500
/* Otherwise, reject non-broadcast-capable devices */
1501
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1502
if(debug){
1503
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1504
" \"%s\"\n", ifname);
1505
}
1506
return false;
1507
}
1508
/* Reject non-ARP interfaces (including dummy interfaces) */
1509
if(ifr->ifr_flags & IFF_NOARP){
1510
if(debug){
1511
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1512
ifname);
1513
}
1514
return false;
1515
}
1516
1517
/* Accept this device */
1518
if(debug){
1519
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1520
}
1521
return true;
1522
}
1523
1524
/*
1525
* This function determines if a directory entry in /sys/class/net
1526
* corresponds to an acceptable network device.
1527
* (This function is passed to scandir(3) as a filter function.)
1528
*/
1529
__attribute__((nonnull, warn_unused_result))
1530
int good_interface(const struct dirent *if_entry){
1531
if(if_entry->d_name[0] == '.'){
1532
return 0;
1533
}
1534
1535
struct ifreq ifr;
1536
if(not get_flags(if_entry->d_name, &ifr)){
1537
if(debug){
1538
fprintf_plus(stderr, "Failed to get flags for interface "
1539
"\"%s\"\n", if_entry->d_name);
1540
}
1541
return 0;
1542
}
1543
1544
if(not good_flags(if_entry->d_name, &ifr)){
1545
return 0;
1546
}
1547
return 1;
1548
}
1549
1550
/*
1551
* This function determines if a network interface is up.
1552
*/
1553
__attribute__((nonnull, warn_unused_result))
1554
bool interface_is_up(const char *interface){
1555
struct ifreq ifr;
1556
if(not get_flags(interface, &ifr)){
1557
if(debug){
1558
fprintf_plus(stderr, "Failed to get flags for interface "
1559
"\"%s\"\n", interface);
1560
}
1561
return false;
1562
}
1563
1564
return (bool)(ifr.ifr_flags & IFF_UP);
1565
}
1566
1567
/*
1568
* This function determines if a network interface is running
1569
*/
1570
__attribute__((nonnull, warn_unused_result))
1571
bool interface_is_running(const char *interface){
1572
struct ifreq ifr;
1573
if(not get_flags(interface, &ifr)){
1574
if(debug){
1575
fprintf_plus(stderr, "Failed to get flags for interface "
1576
"\"%s\"\n", interface);
1577
}
1578
return false;
1579
}
1580
1581
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1582
}
1583
1584
__attribute__((nonnull, pure, warn_unused_result))
1585
int notdotentries(const struct dirent *direntry){
1586
/* Skip "." and ".." */
1587
if(direntry->d_name[0] == '.'
1588
and (direntry->d_name[1] == '\0'
1589
or (direntry->d_name[1] == '.'
1590
and direntry->d_name[2] == '\0'))){
1591
return 0;
1592
}
1593
return 1;
1594
}
1595
1596
/* Is this directory entry a runnable program? */
1597
__attribute__((nonnull, warn_unused_result))
1598
int runnable_hook(const struct dirent *direntry){
1599
int ret;
1600
size_t sret;
1601
struct stat st;
1602
1603
if((direntry->d_name)[0] == '\0'){
1604
/* Empty name? */
1605
return 0;
1606
}
1607
1608
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1609
"abcdefghijklmnopqrstuvwxyz"
1610
"0123456789"
1611
"_.-");
1612
if((direntry->d_name)[sret] != '\0'){
1613
/* Contains non-allowed characters */
1614
if(debug){
1615
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1616
direntry->d_name);
1617
}
1618
return 0;
1619
}
1620
1621
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1622
if(ret == -1){
1623
if(debug){
1624
perror_plus("Could not stat hook");
1625
}
1626
return 0;
1627
}
1628
if(not (S_ISREG(st.st_mode))){
1629
/* Not a regular file */
1630
if(debug){
1631
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1632
direntry->d_name);
1633
}
1634
return 0;
1635
}
1636
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1637
/* Not executable */
1638
if(debug){
1639
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1640
direntry->d_name);
1641
}
1642
return 0;
1643
}
1644
if(debug){
1645
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1646
direntry->d_name);
1647
}
1648
return 1;
1649
}
1650
1651
__attribute__((nonnull, warn_unused_result))
1652
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1653
mandos_context *mc){
1654
int ret;
1655
struct timespec now;
1656
struct timespec waited_time;
1657
intmax_t block_time;
1658
1659
while(true){
1660
if(mc->current_server == NULL){
1661
if(debug){
1662
fprintf_plus(stderr, "Wait until first server is found."
1663
" No timeout!\n");
1664
}
1665
ret = avahi_simple_poll_iterate(s, -1);
1666
} else {
1667
if(debug){
1668
fprintf_plus(stderr, "Check current_server if we should run"
1669
" it, or wait\n");
1670
}
1671
/* the current time */
1672
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1673
if(ret == -1){
1674
perror_plus("clock_gettime");
1675
return -1;
1676
}
1677
/* Calculating in ms how long time between now and server
1678
who we visted longest time ago. Now - last seen. */
1679
waited_time.tv_sec = (now.tv_sec
1680
- mc->current_server->last_seen.tv_sec);
1681
waited_time.tv_nsec = (now.tv_nsec
1682
- mc->current_server->last_seen.tv_nsec);
1683
/* total time is 10s/10,000ms.
1684
Converting to s from ms by dividing by 1,000,
1685
and ns to ms by dividing by 1,000,000. */
1686
block_time = ((retry_interval
1687
- ((intmax_t)waited_time.tv_sec * 1000))
1688
- ((intmax_t)waited_time.tv_nsec / 1000000));
1689
1690
if(debug){
1691
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1692
block_time);
1693
}
1694
1695
if(block_time <= 0){
1696
ret = start_mandos_communication(mc->current_server->ip,
1697
mc->current_server->port,
1698
mc->current_server->if_index,
1699
mc->current_server->af, mc);
1700
if(ret == 0){
1701
avahi_simple_poll_quit(s);
1702
return 0;
1703
}
1704
ret = clock_gettime(CLOCK_MONOTONIC,
1705
&mc->current_server->last_seen);
1706
if(ret == -1){
1707
perror_plus("clock_gettime");
1708
return -1;
1709
}
1710
mc->current_server = mc->current_server->next;
1711
block_time = 0; /* Call avahi to find new Mandos
1712
servers, but don't block */
1713
}
1714
1715
ret = avahi_simple_poll_iterate(s, (int)block_time);
1716
}
1717
if(ret != 0){
1718
if(ret > 0 or errno != EINTR){
1719
return (ret != 1) ? ret : 0;
1720
}
1721
}
1722
}
1723
}
1724
1725
__attribute__((nonnull))
1726
void run_network_hooks(const char *mode, const char *interface,
1727
const float delay){
1728
struct dirent **direntries = NULL;
1729
if(hookdir_fd == -1){
1730
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1731
| O_CLOEXEC);
1732
if(hookdir_fd == -1){
1733
if(errno == ENOENT){
1734
if(debug){
1735
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1736
" found\n", hookdir);
1737
}
1738
} else {
1739
perror_plus("open");
1740
}
1741
return;
1742
}
1743
}
1744
#ifdef __GLIBC__
1745
#if __GLIBC_PREREQ(2, 15)
1746
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1747
runnable_hook, alphasort);
1748
#else /* not __GLIBC_PREREQ(2, 15) */
1749
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1750
alphasort);
1751
#endif /* not __GLIBC_PREREQ(2, 15) */
1752
#else /* not __GLIBC__ */
1753
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1754
alphasort);
1755
#endif /* not __GLIBC__ */
1756
if(numhooks == -1){
1757
perror_plus("scandir");
1758
return;
1759
}
1760
struct dirent *direntry;
1761
int ret;
1762
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1763
if(devnull == -1){
1764
perror_plus("open(\"/dev/null\", O_RDONLY)");
1765
return;
1766
}
1767
for(int i = 0; i < numhooks; i++){
1768
direntry = direntries[i];
1769
if(debug){
1770
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1771
direntry->d_name);
1772
}
1773
pid_t hook_pid = fork();
1774
if(hook_pid == 0){
1775
/* Child */
1776
/* Raise privileges */
1777
errno = raise_privileges_permanently();
1778
if(errno != 0){
1779
perror_plus("Failed to raise privileges");
1780
_exit(EX_NOPERM);
1781
}
1782
/* Set group */
1783
errno = 0;
1784
ret = setgid(0);
1785
if(ret == -1){
1786
perror_plus("setgid");
1787
_exit(EX_NOPERM);
1788
}
1789
/* Reset supplementary groups */
1790
errno = 0;
1791
ret = setgroups(0, NULL);
1792
if(ret == -1){
1793
perror_plus("setgroups");
1794
_exit(EX_NOPERM);
1795
}
1796
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1797
if(ret == -1){
1798
perror_plus("setenv");
1799
_exit(EX_OSERR);
1800
}
1801
ret = setenv("DEVICE", interface, 1);
1802
if(ret == -1){
1803
perror_plus("setenv");
1804
_exit(EX_OSERR);
1805
}
1806
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1807
if(ret == -1){
1808
perror_plus("setenv");
1809
_exit(EX_OSERR);
1810
}
1811
ret = setenv("MODE", mode, 1);
1812
if(ret == -1){
1813
perror_plus("setenv");
1814
_exit(EX_OSERR);
1815
}
1816
char *delaystring;
1817
ret = asprintf(&delaystring, "%f", (double)delay);
1818
if(ret == -1){
1819
perror_plus("asprintf");
1820
_exit(EX_OSERR);
1821
}
1822
ret = setenv("DELAY", delaystring, 1);
1823
if(ret == -1){
1824
free(delaystring);
1825
perror_plus("setenv");
1826
_exit(EX_OSERR);
1827
}
1828
free(delaystring);
1829
if(connect_to != NULL){
1830
ret = setenv("CONNECT", connect_to, 1);
1831
if(ret == -1){
1832
perror_plus("setenv");
1833
_exit(EX_OSERR);
1834
}
1835
}
1836
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
1837
direntry->d_name,
1838
O_RDONLY));
1839
if(hook_fd == -1){
1840
perror_plus("openat");
1841
_exit(EXIT_FAILURE);
1842
}
1843
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1844
perror_plus("close");
1845
_exit(EXIT_FAILURE);
1846
}
1847
ret = dup2(devnull, STDIN_FILENO);
1848
if(ret == -1){
1849
perror_plus("dup2(devnull, STDIN_FILENO)");
1850
_exit(EX_OSERR);
1851
}
1852
ret = (int)TEMP_FAILURE_RETRY(close(devnull));
1853
if(ret == -1){
1854
perror_plus("close");
1855
_exit(EX_OSERR);
1856
}
1857
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1858
if(ret == -1){
1859
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1860
_exit(EX_OSERR);
1861
}
1862
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1863
environ) == -1){
1864
perror_plus("fexecve");
1865
_exit(EXIT_FAILURE);
1866
}
1867
} else {
1868
if(hook_pid == -1){
1869
perror_plus("fork");
1870
free(direntry);
1871
continue;
1872
}
1873
int status;
1874
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1875
perror_plus("waitpid");
1876
free(direntry);
1877
continue;
1878
}
1879
if(WIFEXITED(status)){
1880
if(WEXITSTATUS(status) != 0){
1881
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1882
" with status %d\n", direntry->d_name,
1883
WEXITSTATUS(status));
1884
free(direntry);
1885
continue;
1886
}
1887
} else if(WIFSIGNALED(status)){
1888
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1889
" signal %d\n", direntry->d_name,
1890
WTERMSIG(status));
1891
free(direntry);
1892
continue;
1893
} else {
1894
fprintf_plus(stderr, "Warning: network hook \"%s\""
1895
" crashed\n", direntry->d_name);
1896
free(direntry);
1897
continue;
1898
}
1899
}
1900
if(debug){
1901
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1902
direntry->d_name);
1903
}
1904
free(direntry);
1905
}
1906
free(direntries);
1907
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1908
perror_plus("close");
1909
} else {
1910
hookdir_fd = -1;
1911
}
1912
close(devnull);
1913
}
1914
1915
__attribute__((nonnull, warn_unused_result))
1916
error_t bring_up_interface(const char *const interface,
1917
const float delay){
1918
error_t old_errno = errno;
1919
int ret;
1920
struct ifreq network;
1921
unsigned int if_index = if_nametoindex(interface);
1922
if(if_index == 0){
1923
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1924
errno = old_errno;
1925
return ENXIO;
1926
}
1927
1928
if(quit_now){
1929
errno = old_errno;
1930
return EINTR;
1931
}
1932
1933
if(not interface_is_up(interface)){
1934
error_t ret_errno = 0, ioctl_errno = 0;
1935
if(not get_flags(interface, &network)){
1936
ret_errno = errno;
1937
fprintf_plus(stderr, "Failed to get flags for interface "
1938
"\"%s\"\n", interface);
1939
errno = old_errno;
1940
return ret_errno;
1941
}
1942
network.ifr_flags |= IFF_UP; /* set flag */
1943
1944
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1945
if(sd == -1){
1946
ret_errno = errno;
1947
perror_plus("socket");
1948
errno = old_errno;
1949
return ret_errno;
1950
}
1951
1952
if(quit_now){
1953
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1954
if(ret == -1){
1955
perror_plus("close");
1956
}
1957
errno = old_errno;
1958
return EINTR;
1959
}
1960
1961
if(debug){
1962
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
1963
interface);
1964
}
1965
1966
/* Raise privileges */
1967
ret_errno = raise_privileges();
1968
if(ret_errno != 0){
1969
errno = ret_errno;
1970
perror_plus("Failed to raise privileges");
1971
}
1972
1973
#ifdef __linux__
1974
int ret_linux;
1975
bool restore_loglevel = false;
1976
if(ret_errno == 0){
1977
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1978
messages about the network interface to mess up the prompt */
1979
ret_linux = klogctl(8, NULL, 5);
1980
if(ret_linux == -1){
1981
perror_plus("klogctl");
1982
} else {
1983
restore_loglevel = true;
1984
}
1985
}
1986
#endif /* __linux__ */
1987
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1988
ioctl_errno = errno;
1989
#ifdef __linux__
1990
if(restore_loglevel){
1991
ret_linux = klogctl(7, NULL, 0);
1992
if(ret_linux == -1){
1993
perror_plus("klogctl");
1994
}
1995
}
1996
#endif /* __linux__ */
1997
1998
/* If raise_privileges() succeeded above */
1999
if(ret_errno == 0){
2000
/* Lower privileges */
2001
ret_errno = lower_privileges();
2002
if(ret_errno != 0){
2003
errno = ret_errno;
2004
perror_plus("Failed to lower privileges");
2005
}
2006
}
2007
2008
/* Close the socket */
2009
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2010
if(ret == -1){
2011
perror_plus("close");
2012
}
2013
2014
if(ret_setflags == -1){
2015
errno = ioctl_errno;
2016
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2017
errno = old_errno;
2018
return ioctl_errno;
2019
}
2020
} else if(debug){
2021
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2022
interface);
2023
}
2024
2025
/* Sleep checking until interface is running.
2026
Check every 0.25s, up to total time of delay */
2027
for(int i=0; i < delay * 4; i++){
2028
if(interface_is_running(interface)){
2029
break;
2030
}
2031
struct timespec sleeptime = { .tv_nsec = 250000000 };
2032
ret = nanosleep(&sleeptime, NULL);
2033
if(ret == -1 and errno != EINTR){
2034
perror_plus("nanosleep");
2035
}
2036
}
2037
2038
errno = old_errno;
2039
return 0;
2040
}
2041
2042
__attribute__((nonnull, warn_unused_result))
2043
error_t take_down_interface(const char *const interface){
2044
error_t old_errno = errno;
2045
struct ifreq network;
2046
unsigned int if_index = if_nametoindex(interface);
2047
if(if_index == 0){
2048
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2049
errno = old_errno;
2050
return ENXIO;
2051
}
2052
if(interface_is_up(interface)){
2053
error_t ret_errno = 0, ioctl_errno = 0;
2054
if(not get_flags(interface, &network) and debug){
2055
ret_errno = errno;
2056
fprintf_plus(stderr, "Failed to get flags for interface "
2057
"\"%s\"\n", interface);
2058
errno = old_errno;
2059
return ret_errno;
2060
}
2061
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2062
2063
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2064
if(sd == -1){
2065
ret_errno = errno;
2066
perror_plus("socket");
2067
errno = old_errno;
2068
return ret_errno;
2069
}
2070
2071
if(debug){
2072
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2073
interface);
2074
}
2075
2076
/* Raise privileges */
2077
ret_errno = raise_privileges();
2078
if(ret_errno != 0){
2079
errno = ret_errno;
2080
perror_plus("Failed to raise privileges");
2081
}
2082
2083
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2084
ioctl_errno = errno;
2085
2086
/* If raise_privileges() succeeded above */
2087
if(ret_errno == 0){
2088
/* Lower privileges */
2089
ret_errno = lower_privileges();
2090
if(ret_errno != 0){
2091
errno = ret_errno;
2092
perror_plus("Failed to lower privileges");
2093
}
2094
}
2095
2096
/* Close the socket */
2097
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2098
if(ret == -1){
2099
perror_plus("close");
2100
}
2101
2102
if(ret_setflags == -1){
2103
errno = ioctl_errno;
2104
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2105
errno = old_errno;
2106
return ioctl_errno;
2107
}
2108
} else if(debug){
2109
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2110
interface);
2111
}
2112
2113
errno = old_errno;
2114
return 0;
2115
}
2116
2117
int main(int argc, char *argv[]){
2118
mandos_context mc = { .server = NULL, .dh_bits = 1024,
2119
.priority = "SECURE256:!CTYPE-X.509:"
2120
"+CTYPE-OPENPGP", .current_server = NULL,
2121
.interfaces = NULL, .interfaces_size = 0 };
2122
AvahiSServiceBrowser *sb = NULL;
2123
error_t ret_errno;
2124
int ret;
2125
intmax_t tmpmax;
2126
char *tmp;
2127
int exitcode = EXIT_SUCCESS;
2128
char *interfaces_to_take_down = NULL;
2129
size_t interfaces_to_take_down_size = 0;
2130
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2131
char old_tempdir[] = "/tmp/mandosXXXXXX";
2132
char *tempdir = NULL;
2133
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2134
const char *seckey = PATHDIR "/" SECKEY;
2135
const char *pubkey = PATHDIR "/" PUBKEY;
2136
char *interfaces_hooks = NULL;
2137
2138
bool gnutls_initialized = false;
2139
bool gpgme_initialized = false;
2140
float delay = 2.5f;
2141
double retry_interval = 10; /* 10s between trying a server and
2142
retrying the same server again */
2143
2144
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2145
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2146
2147
uid = getuid();
2148
gid = getgid();
2149
2150
/* Lower any group privileges we might have, just to be safe */
2151
errno = 0;
2152
ret = setgid(gid);
2153
if(ret == -1){
2154
perror_plus("setgid");
2155
}
2156
2157
/* Lower user privileges (temporarily) */
2158
errno = 0;
2159
ret = seteuid(uid);
2160
if(ret == -1){
2161
perror_plus("seteuid");
2162
}
2163
2164
if(quit_now){
2165
goto end;
2166
}
2167
2168
{
2169
struct argp_option options[] = {
2170
{ .name = "debug", .key = 128,
2171
.doc = "Debug mode", .group = 3 },
2172
{ .name = "connect", .key = 'c',
2173
.arg = "ADDRESS:PORT",
2174
.doc = "Connect directly to a specific Mandos server",
2175
.group = 1 },
2176
{ .name = "interface", .key = 'i',
2177
.arg = "NAME",
2178
.doc = "Network interface that will be used to search for"
2179
" Mandos servers",
2180
.group = 1 },
2181
{ .name = "seckey", .key = 's',
2182
.arg = "FILE",
2183
.doc = "OpenPGP secret key file base name",
2184
.group = 1 },
2185
{ .name = "pubkey", .key = 'p',
2186
.arg = "FILE",
2187
.doc = "OpenPGP public key file base name",
2188
.group = 2 },
2189
{ .name = "dh-bits", .key = 129,
2190
.arg = "BITS",
2191
.doc = "Bit length of the prime number used in the"
2192
" Diffie-Hellman key exchange",
2193
.group = 2 },
2194
{ .name = "priority", .key = 130,
2195
.arg = "STRING",
2196
.doc = "GnuTLS priority string for the TLS handshake",
2197
.group = 1 },
2198
{ .name = "delay", .key = 131,
2199
.arg = "SECONDS",
2200
.doc = "Maximum delay to wait for interface startup",
2201
.group = 2 },
2202
{ .name = "retry", .key = 132,
2203
.arg = "SECONDS",
2204
.doc = "Retry interval used when denied by the Mandos server",
2205
.group = 2 },
2206
{ .name = "network-hook-dir", .key = 133,
2207
.arg = "DIR",
2208
.doc = "Directory where network hooks are located",
2209
.group = 2 },
2210
/*
2211
* These reproduce what we would get without ARGP_NO_HELP
2212
*/
2213
{ .name = "help", .key = '?',
2214
.doc = "Give this help list", .group = -1 },
2215
{ .name = "usage", .key = -3,
2216
.doc = "Give a short usage message", .group = -1 },
2217
{ .name = "version", .key = 'V',
2218
.doc = "Print program version", .group = -1 },
2219
{ .name = NULL }
2220
};
2221
2222
error_t parse_opt(int key, char *arg,
2223
struct argp_state *state){
2224
errno = 0;
2225
switch(key){
2226
case 128: /* --debug */
2227
debug = true;
2228
break;
2229
case 'c': /* --connect */
2230
connect_to = arg;
2231
break;
2232
case 'i': /* --interface */
2233
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2234
arg, (int)',');
2235
if(ret_errno != 0){
2236
argp_error(state, "%s", strerror(ret_errno));
2237
}
2238
break;
2239
case 's': /* --seckey */
2240
seckey = arg;
2241
break;
2242
case 'p': /* --pubkey */
2243
pubkey = arg;
2244
break;
2245
case 129: /* --dh-bits */
2246
errno = 0;
2247
tmpmax = strtoimax(arg, &tmp, 10);
2248
if(errno != 0 or tmp == arg or *tmp != '\0'
2249
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2250
argp_error(state, "Bad number of DH bits");
2251
}
2252
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2253
break;
2254
case 130: /* --priority */
2255
mc.priority = arg;
2256
break;
2257
case 131: /* --delay */
2258
errno = 0;
2259
delay = strtof(arg, &tmp);
2260
if(errno != 0 or tmp == arg or *tmp != '\0'){
2261
argp_error(state, "Bad delay");
2262
}
2263
case 132: /* --retry */
2264
errno = 0;
2265
retry_interval = strtod(arg, &tmp);
2266
if(errno != 0 or tmp == arg or *tmp != '\0'
2267
or (retry_interval * 1000) > INT_MAX
2268
or retry_interval < 0){
2269
argp_error(state, "Bad retry interval");
2270
}
2271
break;
2272
case 133: /* --network-hook-dir */
2273
hookdir = arg;
2274
break;
2275
/*
2276
* These reproduce what we would get without ARGP_NO_HELP
2277
*/
2278
case '?': /* --help */
2279
argp_state_help(state, state->out_stream,
2280
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2281
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2282
case -3: /* --usage */
2283
argp_state_help(state, state->out_stream,
2284
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2285
case 'V': /* --version */
2286
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2287
exit(argp_err_exit_status);
2288
break;
2289
default:
2290
return ARGP_ERR_UNKNOWN;
2291
}
2292
return errno;
2293
}
2294
2295
struct argp argp = { .options = options, .parser = parse_opt,
2296
.args_doc = "",
2297
.doc = "Mandos client -- Get and decrypt"
2298
" passwords from a Mandos server" };
2299
ret = argp_parse(&argp, argc, argv,
2300
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2301
switch(ret){
2302
case 0:
2303
break;
2304
case ENOMEM:
2305
default:
2306
errno = ret;
2307
perror_plus("argp_parse");
2308
exitcode = EX_OSERR;
2309
goto end;
2310
case EINVAL:
2311
exitcode = EX_USAGE;
2312
goto end;
2313
}
2314
}
2315
2316
{
2317
/* Work around Debian bug #633582:
2318
<http://bugs.debian.org/633582> */
2319
2320
/* Re-raise privileges */
2321
ret_errno = raise_privileges();
2322
if(ret_errno != 0){
2323
errno = ret_errno;
2324
perror_plus("Failed to raise privileges");
2325
} else {
2326
struct stat st;
2327
2328
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2329
int seckey_fd = open(seckey, O_RDONLY);
2330
if(seckey_fd == -1){
2331
perror_plus("open");
2332
} else {
2333
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2334
if(ret == -1){
2335
perror_plus("fstat");
2336
} else {
2337
if(S_ISREG(st.st_mode)
2338
and st.st_uid == 0 and st.st_gid == 0){
2339
ret = fchown(seckey_fd, uid, gid);
2340
if(ret == -1){
2341
perror_plus("fchown");
2342
}
2343
}
2344
}
2345
TEMP_FAILURE_RETRY(close(seckey_fd));
2346
}
2347
}
2348
2349
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2350
int pubkey_fd = open(pubkey, O_RDONLY);
2351
if(pubkey_fd == -1){
2352
perror_plus("open");
2353
} else {
2354
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2355
if(ret == -1){
2356
perror_plus("fstat");
2357
} else {
2358
if(S_ISREG(st.st_mode)
2359
and st.st_uid == 0 and st.st_gid == 0){
2360
ret = fchown(pubkey_fd, uid, gid);
2361
if(ret == -1){
2362
perror_plus("fchown");
2363
}
2364
}
2365
}
2366
TEMP_FAILURE_RETRY(close(pubkey_fd));
2367
}
2368
}
2369
2370
/* Lower privileges */
2371
ret_errno = lower_privileges();
2372
if(ret_errno != 0){
2373
errno = ret_errno;
2374
perror_plus("Failed to lower privileges");
2375
}
2376
}
2377
}
2378
2379
/* Remove invalid interface names (except "none") */
2380
{
2381
char *interface = NULL;
2382
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2383
interface))){
2384
if(strcmp(interface, "none") != 0
2385
and if_nametoindex(interface) == 0){
2386
if(interface[0] != '\0'){
2387
fprintf_plus(stderr, "Not using nonexisting interface"
2388
" \"%s\"\n", interface);
2389
}
2390
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2391
interface = NULL;
2392
}
2393
}
2394
}
2395
2396
/* Run network hooks */
2397
{
2398
if(mc.interfaces != NULL){
2399
interfaces_hooks = malloc(mc.interfaces_size);
2400
if(interfaces_hooks == NULL){
2401
perror_plus("malloc");
2402
goto end;
2403
}
2404
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2405
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2406
}
2407
run_network_hooks("start", interfaces_hooks != NULL ?
2408
interfaces_hooks : "", delay);
2409
}
2410
2411
if(not debug){
2412
avahi_set_log_function(empty_log);
2413
}
2414
2415
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2416
from the signal handler */
2417
/* Initialize the pseudo-RNG for Avahi */
2418
srand((unsigned int) time(NULL));
2419
simple_poll = avahi_simple_poll_new();
2420
if(simple_poll == NULL){
2421
fprintf_plus(stderr,
2422
"Avahi: Failed to create simple poll object.\n");
2423
exitcode = EX_UNAVAILABLE;
2424
goto end;
2425
}
2426
2427
sigemptyset(&sigterm_action.sa_mask);
2428
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2429
if(ret == -1){
2430
perror_plus("sigaddset");
2431
exitcode = EX_OSERR;
2432
goto end;
2433
}
2434
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2435
if(ret == -1){
2436
perror_plus("sigaddset");
2437
exitcode = EX_OSERR;
2438
goto end;
2439
}
2440
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2441
if(ret == -1){
2442
perror_plus("sigaddset");
2443
exitcode = EX_OSERR;
2444
goto end;
2445
}
2446
/* Need to check if the handler is SIG_IGN before handling:
2447
| [[info:libc:Initial Signal Actions]] |
2448
| [[info:libc:Basic Signal Handling]] |
2449
*/
2450
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2451
if(ret == -1){
2452
perror_plus("sigaction");
2453
return EX_OSERR;
2454
}
2455
if(old_sigterm_action.sa_handler != SIG_IGN){
2456
ret = sigaction(SIGINT, &sigterm_action, NULL);
2457
if(ret == -1){
2458
perror_plus("sigaction");
2459
exitcode = EX_OSERR;
2460
goto end;
2461
}
2462
}
2463
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2464
if(ret == -1){
2465
perror_plus("sigaction");
2466
return EX_OSERR;
2467
}
2468
if(old_sigterm_action.sa_handler != SIG_IGN){
2469
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2470
if(ret == -1){
2471
perror_plus("sigaction");
2472
exitcode = EX_OSERR;
2473
goto end;
2474
}
2475
}
2476
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2477
if(ret == -1){
2478
perror_plus("sigaction");
2479
return EX_OSERR;
2480
}
2481
if(old_sigterm_action.sa_handler != SIG_IGN){
2482
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2483
if(ret == -1){
2484
perror_plus("sigaction");
2485
exitcode = EX_OSERR;
2486
goto end;
2487
}
2488
}
2489
2490
/* If no interfaces were specified, make a list */
2491
if(mc.interfaces == NULL){
2492
struct dirent **direntries = NULL;
2493
/* Look for any good interfaces */
2494
ret = scandir(sys_class_net, &direntries, good_interface,
2495
alphasort);
2496
if(ret >= 1){
2497
/* Add all found interfaces to interfaces list */
2498
for(int i = 0; i < ret; ++i){
2499
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2500
direntries[i]->d_name);
2501
if(ret_errno != 0){
2502
errno = ret_errno;
2503
perror_plus("argz_add");
2504
free(direntries[i]);
2505
continue;
2506
}
2507
if(debug){
2508
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2509
direntries[i]->d_name);
2510
}
2511
free(direntries[i]);
2512
}
2513
free(direntries);
2514
} else {
2515
if(ret == 0){
2516
free(direntries);
2517
}
2518
fprintf_plus(stderr, "Could not find a network interface\n");
2519
exitcode = EXIT_FAILURE;
2520
goto end;
2521
}
2522
}
2523
2524
/* Bring up interfaces which are down, and remove any "none"s */
2525
{
2526
char *interface = NULL;
2527
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2528
interface))){
2529
/* If interface name is "none", stop bringing up interfaces.
2530
Also remove all instances of "none" from the list */
2531
if(strcmp(interface, "none") == 0){
2532
argz_delete(&mc.interfaces, &mc.interfaces_size,
2533
interface);
2534
interface = NULL;
2535
while((interface = argz_next(mc.interfaces,
2536
mc.interfaces_size, interface))){
2537
if(strcmp(interface, "none") == 0){
2538
argz_delete(&mc.interfaces, &mc.interfaces_size,
2539
interface);
2540
interface = NULL;
2541
}
2542
}
2543
break;
2544
}
2545
bool interface_was_up = interface_is_up(interface);
2546
errno = bring_up_interface(interface, delay);
2547
if(not interface_was_up){
2548
if(errno != 0){
2549
perror_plus("Failed to bring up interface");
2550
} else {
2551
errno = argz_add(&interfaces_to_take_down,
2552
&interfaces_to_take_down_size,
2553
interface);
2554
if(errno != 0){
2555
perror_plus("argz_add");
2556
}
2557
}
2558
}
2559
}
2560
if(debug and (interfaces_to_take_down == NULL)){
2561
fprintf_plus(stderr, "No interfaces were brought up\n");
2562
}
2563
}
2564
2565
/* If we only got one interface, explicitly use only that one */
2566
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2567
if(debug){
2568
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2569
mc.interfaces);
2570
}
2571
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2572
}
2573
2574
if(quit_now){
2575
goto end;
2576
}
2577
2578
ret = init_gnutls_global(pubkey, seckey, &mc);
2579
if(ret == -1){
2580
fprintf_plus(stderr, "init_gnutls_global failed\n");
2581
exitcode = EX_UNAVAILABLE;
2582
goto end;
2583
} else {
2584
gnutls_initialized = true;
2585
}
2586
2587
if(quit_now){
2588
goto end;
2589
}
2590
2591
/* Try /run/tmp before /tmp */
2592
tempdir = mkdtemp(run_tempdir);
2593
if(tempdir == NULL and errno == ENOENT){
2594
if(debug){
2595
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2596
run_tempdir, old_tempdir);
2597
}
2598
tempdir = mkdtemp(old_tempdir);
2599
}
2600
if(tempdir == NULL){
2601
perror_plus("mkdtemp");
2602
goto end;
2603
}
2604
2605
if(quit_now){
2606
goto end;
2607
}
2608
2609
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2610
fprintf_plus(stderr, "init_gpgme failed\n");
2611
exitcode = EX_UNAVAILABLE;
2612
goto end;
2613
} else {
2614
gpgme_initialized = true;
2615
}
2616
2617
if(quit_now){
2618
goto end;
2619
}
2620
2621
if(connect_to != NULL){
2622
/* Connect directly, do not use Zeroconf */
2623
/* (Mainly meant for debugging) */
2624
char *address = strrchr(connect_to, ':');
2625
2626
if(address == NULL){
2627
fprintf_plus(stderr, "No colon in address\n");
2628
exitcode = EX_USAGE;
2629
goto end;
2630
}
2631
2632
if(quit_now){
2633
goto end;
2634
}
2635
2636
in_port_t port;
2637
errno = 0;
2638
tmpmax = strtoimax(address+1, &tmp, 10);
2639
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2640
or tmpmax != (in_port_t)tmpmax){
2641
fprintf_plus(stderr, "Bad port number\n");
2642
exitcode = EX_USAGE;
2643
goto end;
2644
}
2645
2646
if(quit_now){
2647
goto end;
2648
}
2649
2650
port = (in_port_t)tmpmax;
2651
*address = '\0';
2652
/* Colon in address indicates IPv6 */
2653
int af;
2654
if(strchr(connect_to, ':') != NULL){
2655
af = AF_INET6;
2656
/* Accept [] around IPv6 address - see RFC 5952 */
2657
if(connect_to[0] == '[' and address[-1] == ']')
2658
{
2659
connect_to++;
2660
address[-1] = '\0';
2661
}
2662
} else {
2663
af = AF_INET;
2664
}
2665
address = connect_to;
2666
2667
if(quit_now){
2668
goto end;
2669
}
2670
2671
while(not quit_now){
2672
ret = start_mandos_communication(address, port, if_index, af,
2673
&mc);
2674
if(quit_now or ret == 0){
2675
break;
2676
}
2677
if(debug){
2678
fprintf_plus(stderr, "Retrying in %d seconds\n",
2679
(int)retry_interval);
2680
}
2681
sleep((unsigned int)retry_interval);
2682
}
2683
2684
if(not quit_now){
2685
exitcode = EXIT_SUCCESS;
2686
}
2687
2688
goto end;
2689
}
2690
2691
if(quit_now){
2692
goto end;
2693
}
2694
2695
{
554
2696
AvahiServerConfig config;
555
AvahiSServiceBrowser *sb = NULL;
556
const char db[] = "--debug";
557
int error;
558
int ret = 1;
559
int returncode = EXIT_SUCCESS;
560
char *basename = rindex(argv[0], '/');
561
if(basename == NULL){
562
basename = argv[0];
563
} else {
564
basename++;
565
}
566
567
char *program_name = malloc(strlen(basename) + sizeof(db));
568
569
if (program_name == NULL){
570
perror("argv[0]");
571
return EXIT_FAILURE;
572
}
573
574
program_name[0] = '\0';
575
576
for (int i = 1; i < argc; i++){
577
if (not strncmp(argv[i], db, 5)){
578
strcat(strcat(strcat(program_name, db ), "="), basename);
579
if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){
580
debug = true;
581
}
582
}
583
}
584
free(program_name);
585
586
if (not debug){
587
avahi_set_log_function(empty_log);
588
}
589
590
/* Initialize the psuedo-RNG */
591
srand(time(NULL));
592
593
/* Allocate main loop object */
594
if (!(simple_poll = avahi_simple_poll_new())) {
595
fprintf(stderr, "Failed to create simple poll object.\n");
596
597
goto exit;
598
}
599
600
/* Do not publish any local records */
2697
/* Do not publish any local Zeroconf records */
601
2698
avahi_server_config_init(&config);
602
2699
config.publish_hinfo = 0;
603
2700
config.publish_addresses = 0;
604
2701
config.publish_workstation = 0;
605
2702
config.publish_domain = 0;
606
2703
607
2704
/* Allocate a new server */
608
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
609
610
/* Free the configuration data */
2705
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2706
&config, NULL, NULL, &ret_errno);
2707
2708
/* Free the Avahi configuration data */
611
2709
avahi_server_config_free(&config);
612
613
/* Check if creating the server object succeeded */
614
if (!server) {
615
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
616
returncode = EXIT_FAILURE;
617
goto exit;
618
}
619
620
/* Create the service browser */
621
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
622
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
623
returncode = EXIT_FAILURE;
624
goto exit;
625
}
626
627
/* Run the main loop */
628
629
if (debug){
630
fprintf(stderr, "Starting avahi loop search\n");
631
}
632
633
avahi_simple_poll_loop(simple_poll);
634
635
exit:
636
637
if (debug){
638
fprintf(stderr, "%s exiting\n", argv[0]);
639
}
640
641
/* Cleanup things */
642
if (sb)
643
avahi_s_service_browser_free(sb);
644
645
if (server)
646
avahi_server_free(server);
647
648
if (simple_poll)
649
avahi_simple_poll_free(simple_poll);
650
651
return ret;
2710
}
2711
2712
/* Check if creating the Avahi server object succeeded */
2713
if(mc.server == NULL){
2714
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2715
avahi_strerror(ret_errno));
2716
exitcode = EX_UNAVAILABLE;
2717
goto end;
2718
}
2719
2720
if(quit_now){
2721
goto end;
2722
}
2723
2724
/* Create the Avahi service browser */
2725
sb = avahi_s_service_browser_new(mc.server, if_index,
2726
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2727
NULL, 0, browse_callback,
2728
(void *)&mc);
2729
if(sb == NULL){
2730
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2731
avahi_strerror(avahi_server_errno(mc.server)));
2732
exitcode = EX_UNAVAILABLE;
2733
goto end;
2734
}
2735
2736
if(quit_now){
2737
goto end;
2738
}
2739
2740
/* Run the main loop */
2741
2742
if(debug){
2743
fprintf_plus(stderr, "Starting Avahi loop search\n");
2744
}
2745
2746
ret = avahi_loop_with_timeout(simple_poll,
2747
(int)(retry_interval * 1000), &mc);
2748
if(debug){
2749
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2750
(ret == 0) ? "successfully" : "with error");
2751
}
2752
2753
end:
2754
2755
if(debug){
2756
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2757
}
2758
2759
/* Cleanup things */
2760
free(mc.interfaces);
2761
2762
if(sb != NULL)
2763
avahi_s_service_browser_free(sb);
2764
2765
if(mc.server != NULL)
2766
avahi_server_free(mc.server);
2767
2768
if(simple_poll != NULL)
2769
avahi_simple_poll_free(simple_poll);
2770
2771
if(gnutls_initialized){
2772
gnutls_certificate_free_credentials(mc.cred);
2773
gnutls_global_deinit();
2774
gnutls_dh_params_deinit(mc.dh_params);
2775
}
2776
2777
if(gpgme_initialized){
2778
gpgme_release(mc.ctx);
2779
}
2780
2781
/* Cleans up the circular linked list of Mandos servers the client
2782
has seen */
2783
if(mc.current_server != NULL){
2784
mc.current_server->prev->next = NULL;
2785
while(mc.current_server != NULL){
2786
server *next = mc.current_server->next;
2787
#ifdef __GNUC__
2788
#pragma GCC diagnostic push
2789
#pragma GCC diagnostic ignored "-Wcast-qual"
2790
#endif
2791
free((char *)(mc.current_server->ip));
2792
#ifdef __GNUC__
2793
#pragma GCC diagnostic pop
2794
#endif
2795
free(mc.current_server);
2796
mc.current_server = next;
2797
}
2798
}
2799
2800
/* Re-raise privileges */
2801
{
2802
ret_errno = raise_privileges();
2803
if(ret_errno != 0){
2804
errno = ret_errno;
2805
perror_plus("Failed to raise privileges");
2806
} else {
2807
2808
/* Run network hooks */
2809
run_network_hooks("stop", interfaces_hooks != NULL ?
2810
interfaces_hooks : "", delay);
2811
2812
/* Take down the network interfaces which were brought up */
2813
{
2814
char *interface = NULL;
2815
while((interface=argz_next(interfaces_to_take_down,
2816
interfaces_to_take_down_size,
2817
interface))){
2818
ret_errno = take_down_interface(interface);
2819
if(ret_errno != 0){
2820
errno = ret_errno;
2821
perror_plus("Failed to take down interface");
2822
}
2823
}
2824
if(debug and (interfaces_to_take_down == NULL)){
2825
fprintf_plus(stderr, "No interfaces needed to be taken"
2826
" down\n");
2827
}
2828
}
2829
}
2830
2831
ret_errno = lower_privileges_permanently();
2832
if(ret_errno != 0){
2833
errno = ret_errno;
2834
perror_plus("Failed to lower privileges permanently");
2835
}
2836
}
2837
2838
free(interfaces_to_take_down);
2839
free(interfaces_hooks);
2840
2841
/* Removes the GPGME temp directory and all files inside */
2842
if(tempdir != NULL){
2843
struct dirent **direntries = NULL;
2844
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
2845
| O_NOFOLLOW
2846
| O_DIRECTORY
2847
| O_PATH));
2848
if(tempdir_fd == -1){
2849
perror_plus("open");
2850
} else {
2851
#ifdef __GLIBC__
2852
#if __GLIBC_PREREQ(2, 15)
2853
int numentries = scandirat(tempdir_fd, ".", &direntries,
2854
notdotentries, alphasort);
2855
#else /* not __GLIBC_PREREQ(2, 15) */
2856
int numentries = scandir(tempdir, &direntries, notdotentries,
2857
alphasort);
2858
#endif /* not __GLIBC_PREREQ(2, 15) */
2859
#else /* not __GLIBC__ */
2860
int numentries = scandir(tempdir, &direntries, notdotentries,
2861
alphasort);
2862
#endif /* not __GLIBC__ */
2863
if(numentries >= 0){
2864
for(int i = 0; i < numentries; i++){
2865
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2866
if(ret == -1){
2867
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2868
" \"%s\", 0): %s\n", tempdir,
2869
direntries[i]->d_name, strerror(errno));
2870
}
2871
free(direntries[i]);
2872
}
2873
2874
/* need to clean even if 0 because man page doesn't specify */
2875
free(direntries);
2876
if(numentries == -1){
2877
perror_plus("scandir");
2878
}
2879
ret = rmdir(tempdir);
2880
if(ret == -1 and errno != ENOENT){
2881
perror_plus("rmdir");
2882
}
2883
}
2884
TEMP_FAILURE_RETRY(close(tempdir_fd));
2885
}
2886
}
2887
2888
if(quit_now){
2889
sigemptyset(&old_sigterm_action.sa_mask);
2890
old_sigterm_action.sa_handler = SIG_DFL;
2891
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
2892
&old_sigterm_action,
2893
NULL));
2894
if(ret == -1){
2895
perror_plus("sigaction");
2896
}
2897
do {
2898
ret = raise(signal_received);
2899
} while(ret != 0 and errno == EINTR);
2900
if(ret != 0){
2901
perror_plus("raise");
2902
abort();
2903
}
2904
TEMP_FAILURE_RETRY(pause());
2905
}
2906
2907
return exitcode;
652
2908
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0