(root)/mandos/release
» Revision
237.7.325
(compared to revision 237.7.239)
: plugins.d/mandos-client.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.7.325
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.325
- Committer: Teddy Hogeborn
- Date: 2015-07-20 03:03:33 UTC
- mto: (237.7.594 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
- files added:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
40
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
41
42
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
43
stdout, ferror() */
44
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strcpy() */
51
51
#include <sys/ioctl.h> /* ioctl */
52
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
53
sockaddr_in6, PF_INET6,
57
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
58
inet_pton(), connect(),
59
59
getnameinfo() */
60
#include <fcntl.h> /* open() */
60
#include <fcntl.h> /* open(), unlinkat() */
61
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
62
*/
63
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
73
73
*/
74
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit() */
76
setgid(), pause(), _exit(),
77
unlinkat() */
77
78
#include <arpa/inet.h> /* inet_pton(), htons() */
78
79
#include <iso646.h> /* not, or, and */
79
80
#include <argp.h> /* struct argp_option, error_t, struct
233
234
.af = af };
234
235
if(new_server->ip == NULL){
235
236
perror_plus("strdup");
237
free(new_server);
236
238
return false;
237
239
}
238
240
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
239
241
if(ret == -1){
240
242
perror_plus("clock_gettime");
243
#ifdef __GNUC__
244
#pragma GCC diagnostic push
245
#pragma GCC diagnostic ignored "-Wcast-qual"
246
#endif
247
free((char *)(new_server->ip));
248
#ifdef __GNUC__
249
#pragma GCC diagnostic pop
250
#endif
251
free(new_server);
241
252
return false;
242
253
}
243
254
/* Special case of first server */
294
305
return false;
295
306
}
296
307
297
ret = (int)TEMP_FAILURE_RETRY(close(fd));
308
ret = close(fd);
298
309
if(ret == -1){
299
310
perror_plus("close");
300
311
}
482
493
return plaintext_length;
483
494
}
484
495
496
__attribute__((warn_unused_result, const))
497
static const char *safe_string(const char *str){
498
if(str == NULL)
499
return "(unknown)";
500
return str;
501
}
502
485
503
__attribute__((warn_unused_result))
486
504
static const char *safer_gnutls_strerror(int value){
487
505
const char *ret = gnutls_strerror(value);
488
if(ret == NULL)
489
ret = "(unknown)";
490
return ret;
506
return safe_string(ret);
491
507
}
492
508
493
509
/* GnuTLS log function callback */
500
516
__attribute__((nonnull, warn_unused_result))
501
517
static int init_gnutls_global(const char *pubkeyfilename,
502
518
const char *seckeyfilename,
519
const char *dhparamsfilename,
503
520
mandos_context *mc){
504
521
int ret;
522
unsigned int uret;
505
523
506
524
if(debug){
507
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
558
576
safer_gnutls_strerror(ret));
559
577
goto globalfail;
560
578
}
561
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
562
if(ret != GNUTLS_E_SUCCESS){
563
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
564
safer_gnutls_strerror(ret));
565
goto globalfail;
566
}
567
579
/* If a Diffie-Hellman parameters file was given, try to use it */
580
if(dhparamsfilename != NULL){
581
gnutls_datum_t params = { .data = NULL, .size = 0 };
582
do {
583
int dhpfile = open(dhparamsfilename, O_RDONLY);
584
if(dhpfile == -1){
585
perror_plus("open");
586
dhparamsfilename = NULL;
587
break;
588
}
589
size_t params_capacity = 0;
590
while(true){
591
params_capacity = incbuffer((char **)¶ms.data,
592
(size_t)params.size,
593
(size_t)params_capacity);
594
if(params_capacity == 0){
595
perror_plus("incbuffer");
596
free(params.data);
597
params.data = NULL;
598
dhparamsfilename = NULL;
599
break;
600
}
601
ssize_t bytes_read = read(dhpfile,
602
params.data + params.size,
603
BUFFER_SIZE);
604
/* EOF */
605
if(bytes_read == 0){
606
break;
607
}
608
/* check bytes_read for failure */
609
if(bytes_read < 0){
610
perror_plus("read");
611
free(params.data);
612
params.data = NULL;
613
dhparamsfilename = NULL;
614
break;
615
}
616
params.size += (unsigned int)bytes_read;
617
}
618
if(params.data == NULL){
619
dhparamsfilename = NULL;
620
}
621
if(dhparamsfilename == NULL){
622
break;
623
}
624
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
625
GNUTLS_X509_FMT_PEM);
626
if(ret != GNUTLS_E_SUCCESS){
627
fprintf_plus(stderr, "Failed to parse DH parameters in file"
628
" \"%s\": %s\n", dhparamsfilename,
629
safer_gnutls_strerror(ret));
630
dhparamsfilename = NULL;
631
}
632
} while(false);
633
}
634
if(dhparamsfilename == NULL){
635
if(mc->dh_bits == 0){
636
/* Find out the optimal number of DH bits */
637
/* Try to read the private key file */
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
639
do {
640
int secfile = open(seckeyfilename, O_RDONLY);
641
if(secfile == -1){
642
perror_plus("open");
643
break;
644
}
645
size_t buffer_capacity = 0;
646
while(true){
647
buffer_capacity = incbuffer((char **)&buffer.data,
648
(size_t)buffer.size,
649
(size_t)buffer_capacity);
650
if(buffer_capacity == 0){
651
perror_plus("incbuffer");
652
free(buffer.data);
653
buffer.data = NULL;
654
break;
655
}
656
ssize_t bytes_read = read(secfile,
657
buffer.data + buffer.size,
658
BUFFER_SIZE);
659
/* EOF */
660
if(bytes_read == 0){
661
break;
662
}
663
/* check bytes_read for failure */
664
if(bytes_read < 0){
665
perror_plus("read");
666
free(buffer.data);
667
buffer.data = NULL;
668
break;
669
}
670
buffer.size += (unsigned int)bytes_read;
671
}
672
close(secfile);
673
} while(false);
674
/* If successful, use buffer to parse private key */
675
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
676
if(buffer.data != NULL){
677
{
678
gnutls_openpgp_privkey_t privkey = NULL;
679
ret = gnutls_openpgp_privkey_init(&privkey);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error initializing OpenPGP key"
682
" structure: %s",
683
safer_gnutls_strerror(ret));
684
free(buffer.data);
685
buffer.data = NULL;
686
} else {
687
ret = gnutls_openpgp_privkey_import
688
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
689
if(ret != GNUTLS_E_SUCCESS){
690
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
691
safer_gnutls_strerror(ret));
692
privkey = NULL;
693
}
694
free(buffer.data);
695
buffer.data = NULL;
696
if(privkey != NULL){
697
/* Use private key to suggest an appropriate
698
sec_param */
699
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
700
gnutls_openpgp_privkey_deinit(privkey);
701
if(debug){
702
fprintf_plus(stderr, "This OpenPGP key implies using"
703
" a GnuTLS security parameter \"%s\".\n",
704
safe_string(gnutls_sec_param_get_name
705
(sec_param)));
706
}
707
}
708
}
709
}
710
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
711
/* Err on the side of caution */
712
sec_param = GNUTLS_SEC_PARAM_ULTRA;
713
if(debug){
714
fprintf_plus(stderr, "Falling back to security parameter"
715
" \"%s\"\n",
716
safe_string(gnutls_sec_param_get_name
717
(sec_param)));
718
}
719
}
720
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
if(uret != 0){
723
mc->dh_bits = uret;
724
if(debug){
725
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
726
" implies %u DH bits; using that.\n",
727
safe_string(gnutls_sec_param_get_name
728
(sec_param)),
729
mc->dh_bits);
730
}
731
} else {
732
fprintf_plus(stderr, "Failed to get implied number of DH"
733
" bits for security parameter \"%s\"): %s\n",
734
safe_string(gnutls_sec_param_get_name
735
(sec_param)),
736
safer_gnutls_strerror(ret));
737
goto globalfail;
738
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
749
}
750
}
568
751
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
569
752
570
753
return 0;
630
813
/* ignore client certificate if any. */
631
814
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
632
815
633
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
634
635
816
return 0;
636
817
}
637
818
639
820
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
640
821
__attribute__((unused)) const char *txt){}
641
822
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
/* Helper function to add_local_route() and delete_local_route() */
876
__attribute__((nonnull, warn_unused_result))
877
static bool add_delete_local_route(const bool add,
878
const char *address,
879
AvahiIfIndex if_index){
880
int ret;
881
char helper[] = "mandos-client-iprouteadddel";
882
char add_arg[] = "add";
883
char delete_arg[] = "delete";
884
char debug_flag[] = "--debug";
885
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
886
if(pluginhelperdir == NULL){
887
if(debug){
888
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
889
" variable not set; cannot run helper\n");
890
}
891
return false;
892
}
893
894
char interface[IF_NAMESIZE];
895
if(if_indextoname((unsigned int)if_index, interface) == NULL){
896
perror_plus("if_indextoname");
897
return false;
898
}
899
900
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
901
if(devnull == -1){
902
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
return false;
904
}
905
pid_t pid = fork();
906
if(pid == 0){
907
/* Child */
908
/* Raise privileges */
909
errno = raise_privileges_permanently();
910
if(errno != 0){
911
perror_plus("Failed to raise privileges");
912
/* _exit(EX_NOPERM); */
913
} else {
914
/* Set group */
915
errno = 0;
916
ret = setgid(0);
917
if(ret == -1){
918
perror_plus("setgid");
919
_exit(EX_NOPERM);
920
}
921
/* Reset supplementary groups */
922
errno = 0;
923
ret = setgroups(0, NULL);
924
if(ret == -1){
925
perror_plus("setgroups");
926
_exit(EX_NOPERM);
927
}
928
}
929
ret = dup2(devnull, STDIN_FILENO);
930
if(ret == -1){
931
perror_plus("dup2(devnull, STDIN_FILENO)");
932
_exit(EX_OSERR);
933
}
934
ret = close(devnull);
935
if(ret == -1){
936
perror_plus("close");
937
_exit(EX_OSERR);
938
}
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
if(ret == -1){
941
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
942
_exit(EX_OSERR);
943
}
944
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
O_RDONLY
946
| O_DIRECTORY
947
| O_PATH
948
| O_CLOEXEC));
949
if(helperdir_fd == -1){
950
perror_plus("open");
951
_exit(EX_UNAVAILABLE);
952
}
953
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
954
helper, O_RDONLY));
955
if(helper_fd == -1){
956
perror_plus("openat");
957
close(helperdir_fd);
958
_exit(EX_UNAVAILABLE);
959
}
960
close(helperdir_fd);
961
#ifdef __GNUC__
962
#pragma GCC diagnostic push
963
#pragma GCC diagnostic ignored "-Wcast-qual"
964
#endif
965
if(fexecve(helper_fd, (char *const [])
966
{ helper, add ? add_arg : delete_arg, (char *)address,
967
interface, debug ? debug_flag : NULL, NULL },
968
environ) == -1){
969
#ifdef __GNUC__
970
#pragma GCC diagnostic pop
971
#endif
972
perror_plus("fexecve");
973
_exit(EXIT_FAILURE);
974
}
975
}
976
if(pid == -1){
977
perror_plus("fork");
978
return false;
979
}
980
int status;
981
pid_t pret = -1;
982
errno = 0;
983
do {
984
pret = waitpid(pid, &status, 0);
985
if(pret == -1 and errno == EINTR and quit_now){
986
int errno_raising = 0;
987
if((errno = raise_privileges()) != 0){
988
errno_raising = errno;
989
perror_plus("Failed to raise privileges in order to"
990
" kill helper program");
991
}
992
if(kill(pid, SIGTERM) == -1){
993
perror_plus("kill");
994
}
995
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
996
perror_plus("Failed to lower privileges after killing"
997
" helper program");
998
}
999
return false;
1000
}
1001
} while(pret == -1 and errno == EINTR);
1002
if(pret == -1){
1003
perror_plus("waitpid");
1004
return false;
1005
}
1006
if(WIFEXITED(status)){
1007
if(WEXITSTATUS(status) != 0){
1008
fprintf_plus(stderr, "Error: iprouteadddel exited"
1009
" with status %d\n", WEXITSTATUS(status));
1010
return false;
1011
}
1012
return true;
1013
}
1014
if(WIFSIGNALED(status)){
1015
fprintf_plus(stderr, "Error: iprouteadddel died by"
1016
" signal %d\n", WTERMSIG(status));
1017
return false;
1018
}
1019
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1020
return false;
1021
}
1022
1023
__attribute__((nonnull, warn_unused_result))
1024
static bool add_local_route(const char *address,
1025
AvahiIfIndex if_index){
1026
if(debug){
1027
fprintf_plus(stderr, "Adding route to %s\n", address);
1028
}
1029
return add_delete_local_route(true, address, if_index);
1030
}
1031
1032
__attribute__((nonnull, warn_unused_result))
1033
static bool delete_local_route(const char *address,
1034
AvahiIfIndex if_index){
1035
if(debug){
1036
fprintf_plus(stderr, "Removing route to %s\n", address);
1037
}
1038
return add_delete_local_route(false, address, if_index);
1039
}
1040
642
1041
/* Called when a Mandos server is found */
643
1042
__attribute__((nonnull, warn_unused_result))
644
1043
static int start_mandos_communication(const char *ip, in_port_t port,
655
1054
int retval = -1;
656
1055
gnutls_session_t session;
657
1056
int pf; /* Protocol family */
1057
bool route_added = false;
658
1058
659
1059
errno = 0;
660
1060
718
1118
PRIuMAX "\n", ip, (uintmax_t)port);
719
1119
}
720
1120
721
tcp_sd = socket(pf, SOCK_STREAM, 0);
1121
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
722
1122
if(tcp_sd < 0){
723
1123
int e = errno;
724
1124
perror_plus("socket");
731
1131
goto mandos_end;
732
1132
}
733
1133
734
memset(&to, 0, sizeof(to));
735
1134
if(af == AF_INET6){
736
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
737
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1135
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1136
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1137
ret = inet_pton(af, ip, &to6->sin6_addr);
738
1138
} else { /* IPv4 */
739
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
740
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1139
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1140
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1141
ret = inet_pton(af, ip, &to4->sin_addr);
741
1142
}
742
1143
if(ret < 0 ){
743
1144
int e = errno;
813
1214
goto mandos_end;
814
1215
}
815
1216
816
if(af == AF_INET6){
817
ret = connect(tcp_sd, (struct sockaddr *)&to,
818
sizeof(struct sockaddr_in6));
819
} else {
820
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
821
sizeof(struct sockaddr_in));
822
}
823
if(ret < 0){
824
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
825
int e = errno;
826
perror_plus("connect");
827
errno = e;
828
}
829
goto mandos_end;
830
}
831
832
if(quit_now){
833
errno = EINTR;
834
goto mandos_end;
1217
while(true){
1218
if(af == AF_INET6){
1219
ret = connect(tcp_sd, (struct sockaddr *)&to,
1220
sizeof(struct sockaddr_in6));
1221
} else {
1222
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1223
sizeof(struct sockaddr_in));
1224
}
1225
if(ret < 0){
1226
if(errno == ENETUNREACH
1227
and if_index != AVAHI_IF_UNSPEC
1228
and connect_to == NULL
1229
and not route_added and
1230
((af == AF_INET6 and not
1231
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1232
&to)->sin6_addr)))
1233
or (af == AF_INET and
1234
/* Not a a IPv4LL address */
1235
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1236
& 0xFFFF0000L) != 0xA9FE0000L))){
1237
/* Work around Avahi bug - Avahi does not announce link-local
1238
addresses if it has a global address, so local hosts with
1239
*only* a link-local address (e.g. Mandos clients) cannot
1240
connect to a Mandos server announced by Avahi on a server
1241
host with a global address. Work around this by retrying
1242
with an explicit route added with the server's address.
1243
1244
Avahi bug reference:
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1246
https://bugs.debian.org/587961
1247
*/
1248
if(debug){
1249
fprintf_plus(stderr, "Mandos server unreachable, trying"
1250
" direct route\n");
1251
}
1252
int e = errno;
1253
route_added = add_local_route(ip, if_index);
1254
if(route_added){
1255
continue;
1256
}
1257
errno = e;
1258
}
1259
if(errno != ECONNREFUSED or debug){
1260
int e = errno;
1261
perror_plus("connect");
1262
errno = e;
1263
}
1264
goto mandos_end;
1265
}
1266
1267
if(quit_now){
1268
errno = EINTR;
1269
goto mandos_end;
1270
}
1271
break;
835
1272
}
836
1273
837
1274
const char *out = mandos_protocol_version;
1020
1457
1021
1458
mandos_end:
1022
1459
{
1460
if(route_added){
1461
if(not delete_local_route(ip, if_index)){
1462
fprintf_plus(stderr, "Failed to delete local route to %s on"
1463
" interface %d", ip, if_index);
1464
}
1465
}
1023
1466
int e = errno;
1024
1467
free(decrypted_buffer);
1025
1468
free(buffer);
1026
1469
if(tcp_sd >= 0){
1027
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1470
ret = close(tcp_sd);
1028
1471
}
1029
1472
if(ret == -1){
1030
1473
if(e == 0){
1065
1508
timed out */
1066
1509
1067
1510
if(quit_now){
1511
avahi_s_service_resolver_free(r);
1068
1512
return;
1069
1513
}
1070
1514
1346
1790
return 0;
1347
1791
}
1348
1792
1349
char *fullname = NULL;
1350
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1351
if(ret < 0){
1352
perror_plus("asprintf");
1353
return 0;
1354
}
1355
1356
ret = stat(fullname, &st);
1793
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1357
1794
if(ret == -1){
1358
1795
if(debug){
1359
1796
perror_plus("Could not stat hook");
1360
1797
}
1361
1798
return 0;
1362
1799
}
1363
free(fullname);
1364
1800
if(not (S_ISREG(st.st_mode))){
1365
1801
/* Not a regular file */
1366
1802
if(debug){
1458
1894
}
1459
1895
}
1460
1896
1461
/* Set effective uid to 0, return errno */
1462
__attribute__((warn_unused_result))
1463
error_t raise_privileges(void){
1464
error_t old_errno = errno;
1465
error_t ret_errno = 0;
1466
if(seteuid(0) == -1){
1467
ret_errno = errno;
1468
perror_plus("seteuid");
1469
}
1470
errno = old_errno;
1471
return ret_errno;
1472
}
1473
1474
/* Set effective and real user ID to 0. Return errno. */
1475
__attribute__((warn_unused_result))
1476
error_t raise_privileges_permanently(void){
1477
error_t old_errno = errno;
1478
error_t ret_errno = raise_privileges();
1479
if(ret_errno != 0){
1480
errno = old_errno;
1481
return ret_errno;
1482
}
1483
if(setuid(0) == -1){
1484
ret_errno = errno;
1485
perror_plus("seteuid");
1486
}
1487
errno = old_errno;
1488
return ret_errno;
1489
}
1490
1491
/* Set effective user ID to unprivileged saved user ID */
1492
__attribute__((warn_unused_result))
1493
error_t lower_privileges(void){
1494
error_t old_errno = errno;
1495
error_t ret_errno = 0;
1496
if(seteuid(uid) == -1){
1497
ret_errno = errno;
1498
perror_plus("seteuid");
1499
}
1500
errno = old_errno;
1501
return ret_errno;
1502
}
1503
1504
/* Lower privileges permanently */
1505
__attribute__((warn_unused_result))
1506
error_t lower_privileges_permanently(void){
1507
error_t old_errno = errno;
1508
error_t ret_errno = 0;
1509
if(setuid(uid) == -1){
1510
ret_errno = errno;
1511
perror_plus("setuid");
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1517
#ifndef O_CLOEXEC
1518
/*
1519
* Based on the example in the GNU LibC manual chapter 13.13 "File
1520
* Descriptor Flags".
1521
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
1522
*/
1523
__attribute__((warn_unused_result))
1524
static int set_cloexec_flag(int fd){
1525
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
1526
/* If reading the flags failed, return error indication now. */
1527
if(ret < 0){
1528
return ret;
1529
}
1530
/* Store modified flag word in the descriptor. */
1531
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
1532
ret | FD_CLOEXEC));
1533
}
1534
#endif /* not O_CLOEXEC */
1535
1536
1897
__attribute__((nonnull))
1537
1898
void run_network_hooks(const char *mode, const char *interface,
1538
1899
const float delay){
1539
struct dirent **direntries;
1900
struct dirent **direntries = NULL;
1540
1901
if(hookdir_fd == -1){
1541
hookdir_fd = open(hookdir, O_RDONLY |
1542
#ifdef O_CLOEXEC
1543
O_CLOEXEC
1544
#else /* not O_CLOEXEC */
1545
0
1546
#endif /* not O_CLOEXEC */
1547
);
1902
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1903
| O_CLOEXEC);
1548
1904
if(hookdir_fd == -1){
1549
1905
if(errno == ENOENT){
1550
1906
if(debug){
1556
1912
}
1557
1913
return;
1558
1914
}
1559
#ifndef O_CLOEXEC
1560
if(set_cloexec_flag(hookdir_fd) < 0){
1561
perror_plus("set_cloexec_flag");
1562
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
1563
perror_plus("close");
1564
} else {
1565
hookdir_fd = -1;
1566
}
1567
return;
1568
}
1569
#endif /* not O_CLOEXEC */
1570
1915
}
1571
1916
#ifdef __GLIBC__
1572
1917
#if __GLIBC_PREREQ(2, 15)
1586
1931
}
1587
1932
struct dirent *direntry;
1588
1933
int ret;
1589
int devnull = open("/dev/null", O_RDONLY);
1934
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
if(devnull == -1){
1936
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
return;
1938
}
1590
1939
for(int i = 0; i < numhooks; i++){
1591
1940
direntry = direntries[i];
1592
char *fullname = NULL;
1593
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1594
if(ret < 0){
1595
perror_plus("asprintf");
1596
continue;
1597
}
1598
1941
if(debug){
1599
1942
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1600
1943
direntry->d_name);
1603
1946
if(hook_pid == 0){
1604
1947
/* Child */
1605
1948
/* Raise privileges */
1606
if(raise_privileges_permanently() != 0){
1949
errno = raise_privileges_permanently();
1950
if(errno != 0){
1607
1951
perror_plus("Failed to raise privileges");
1608
1952
_exit(EX_NOPERM);
1609
1953
}
1621
1965
perror_plus("setgroups");
1622
1966
_exit(EX_NOPERM);
1623
1967
}
1624
ret = dup2(devnull, STDIN_FILENO);
1625
if(ret == -1){
1626
perror_plus("dup2(devnull, STDIN_FILENO)");
1627
_exit(EX_OSERR);
1628
}
1629
ret = close(devnull);
1630
if(ret == -1){
1631
perror_plus("close");
1632
_exit(EX_OSERR);
1633
}
1634
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1635
if(ret == -1){
1636
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1637
_exit(EX_OSERR);
1638
}
1639
1968
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1640
1969
if(ret == -1){
1641
1970
perror_plus("setenv");
1676
2005
_exit(EX_OSERR);
1677
2006
}
1678
2007
}
1679
if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1680
perror_plus("execl");
2008
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2009
direntry->d_name,
2010
O_RDONLY));
2011
if(hook_fd == -1){
2012
perror_plus("openat");
2013
_exit(EXIT_FAILURE);
2014
}
2015
if(close(hookdir_fd) == -1){
2016
perror_plus("close");
2017
_exit(EXIT_FAILURE);
2018
}
2019
ret = dup2(devnull, STDIN_FILENO);
2020
if(ret == -1){
2021
perror_plus("dup2(devnull, STDIN_FILENO)");
2022
_exit(EX_OSERR);
2023
}
2024
ret = close(devnull);
2025
if(ret == -1){
2026
perror_plus("close");
2027
_exit(EX_OSERR);
2028
}
2029
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2030
if(ret == -1){
2031
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2032
_exit(EX_OSERR);
2033
}
2034
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2035
environ) == -1){
2036
perror_plus("fexecve");
1681
2037
_exit(EXIT_FAILURE);
1682
2038
}
1683
2039
} else {
2040
if(hook_pid == -1){
2041
perror_plus("fork");
2042
free(direntry);
2043
continue;
2044
}
1684
2045
int status;
1685
2046
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1686
2047
perror_plus("waitpid");
1687
free(fullname);
2048
free(direntry);
1688
2049
continue;
1689
2050
}
1690
2051
if(WIFEXITED(status)){
1692
2053
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1693
2054
" with status %d\n", direntry->d_name,
1694
2055
WEXITSTATUS(status));
1695
free(fullname);
2056
free(direntry);
1696
2057
continue;
1697
2058
}
1698
2059
} else if(WIFSIGNALED(status)){
1699
2060
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1700
2061
" signal %d\n", direntry->d_name,
1701
2062
WTERMSIG(status));
1702
free(fullname);
2063
free(direntry);
1703
2064
continue;
1704
2065
} else {
1705
2066
fprintf_plus(stderr, "Warning: network hook \"%s\""
1706
2067
" crashed\n", direntry->d_name);
1707
free(fullname);
2068
free(direntry);
1708
2069
continue;
1709
2070
}
1710
2071
}
1711
free(fullname);
1712
2072
if(debug){
1713
2073
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1714
2074
direntry->d_name);
1715
2075
}
2076
free(direntry);
1716
2077
}
1717
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2078
free(direntries);
2079
if(close(hookdir_fd) == -1){
1718
2080
perror_plus("close");
1719
2081
} else {
1720
2082
hookdir_fd = -1;
1760
2122
}
1761
2123
1762
2124
if(quit_now){
1763
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2125
ret = close(sd);
1764
2126
if(ret == -1){
1765
2127
perror_plus("close");
1766
2128
}
1776
2138
/* Raise privileges */
1777
2139
ret_errno = raise_privileges();
1778
2140
if(ret_errno != 0){
2141
errno = ret_errno;
1779
2142
perror_plus("Failed to raise privileges");
1780
2143
}
1781
2144
1815
2178
}
1816
2179
1817
2180
/* Close the socket */
1818
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2181
ret = close(sd);
1819
2182
if(ret == -1){
1820
2183
perror_plus("close");
1821
2184
}
1885
2248
/* Raise privileges */
1886
2249
ret_errno = raise_privileges();
1887
2250
if(ret_errno != 0){
2251
errno = ret_errno;
1888
2252
perror_plus("Failed to raise privileges");
1889
2253
}
1890
2254
1902
2266
}
1903
2267
1904
2268
/* Close the socket */
1905
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2269
int ret = close(sd);
1906
2270
if(ret == -1){
1907
2271
perror_plus("close");
1908
2272
}
1923
2287
}
1924
2288
1925
2289
int main(int argc, char *argv[]){
1926
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1927
.priority = "SECURE256:!CTYPE-X.509:"
1928
"+CTYPE-OPENPGP", .current_server = NULL,
1929
.interfaces = NULL, .interfaces_size = 0 };
2290
mandos_context mc = { .server = NULL, .dh_bits = 0,
2291
.priority = "SECURE256:!CTYPE-X.509"
2292
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2293
.current_server = NULL, .interfaces = NULL,
2294
.interfaces_size = 0 };
1930
2295
AvahiSServiceBrowser *sb = NULL;
1931
2296
error_t ret_errno;
1932
2297
int ret;
1941
2306
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1942
2307
const char *seckey = PATHDIR "/" SECKEY;
1943
2308
const char *pubkey = PATHDIR "/" PUBKEY;
2309
const char *dh_params_file = NULL;
1944
2310
char *interfaces_hooks = NULL;
1945
2311
1946
2312
bool gnutls_initialized = false;
1999
2365
.doc = "Bit length of the prime number used in the"
2000
2366
" Diffie-Hellman key exchange",
2001
2367
.group = 2 },
2368
{ .name = "dh-params", .key = 134,
2369
.arg = "FILE",
2370
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2371
" for the Diffie-Hellman key exchange",
2372
.group = 2 },
2002
2373
{ .name = "priority", .key = 130,
2003
2374
.arg = "STRING",
2004
2375
.doc = "GnuTLS priority string for the TLS handshake",
2059
2430
}
2060
2431
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2061
2432
break;
2433
case 134: /* --dh-params */
2434
dh_params_file = arg;
2435
break;
2062
2436
case 130: /* --priority */
2063
2437
mc.priority = arg;
2064
2438
break;
2120
2494
goto end;
2121
2495
}
2122
2496
}
2123
2497
2124
2498
{
2125
2499
/* Work around Debian bug #633582:
2126
2500
<http://bugs.debian.org/633582> */
2150
2524
}
2151
2525
}
2152
2526
}
2153
TEMP_FAILURE_RETRY(close(seckey_fd));
2527
close(seckey_fd);
2154
2528
}
2155
2529
}
2156
2530
2157
2531
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2158
2532
int pubkey_fd = open(pubkey, O_RDONLY);
2159
2533
if(pubkey_fd == -1){
2171
2545
}
2172
2546
}
2173
2547
}
2174
TEMP_FAILURE_RETRY(close(pubkey_fd));
2175
}
2176
}
2177
2548
close(pubkey_fd);
2549
}
2550
}
2551
2552
if(dh_params_file != NULL
2553
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2554
int dhparams_fd = open(dh_params_file, O_RDONLY);
2555
if(dhparams_fd == -1){
2556
perror_plus("open");
2557
} else {
2558
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2559
if(ret == -1){
2560
perror_plus("fstat");
2561
} else {
2562
if(S_ISREG(st.st_mode)
2563
and st.st_uid == 0 and st.st_gid == 0){
2564
ret = fchown(dhparams_fd, uid, gid);
2565
if(ret == -1){
2566
perror_plus("fchown");
2567
}
2568
}
2569
}
2570
close(dhparams_fd);
2571
}
2572
}
2573
2178
2574
/* Lower privileges */
2179
2575
ret_errno = lower_privileges();
2180
2576
if(ret_errno != 0){
2297
2693
2298
2694
/* If no interfaces were specified, make a list */
2299
2695
if(mc.interfaces == NULL){
2300
struct dirent **direntries;
2696
struct dirent **direntries = NULL;
2301
2697
/* Look for any good interfaces */
2302
2698
ret = scandir(sys_class_net, &direntries, good_interface,
2303
2699
alphasort);
2309
2705
if(ret_errno != 0){
2310
2706
errno = ret_errno;
2311
2707
perror_plus("argz_add");
2708
free(direntries[i]);
2312
2709
continue;
2313
2710
}
2314
2711
if(debug){
2315
2712
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2316
2713
direntries[i]->d_name);
2317
2714
}
2715
free(direntries[i]);
2318
2716
}
2319
2717
free(direntries);
2320
2718
} else {
2321
free(direntries);
2719
if(ret == 0){
2720
free(direntries);
2721
}
2322
2722
fprintf_plus(stderr, "Could not find a network interface\n");
2323
2723
exitcode = EXIT_FAILURE;
2324
2724
goto end;
2350
2750
errno = bring_up_interface(interface, delay);
2351
2751
if(not interface_was_up){
2352
2752
if(errno != 0){
2353
perror_plus("Failed to bring up interface");
2753
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2754
" %s\n", interface, strerror(errno));
2354
2755
} else {
2355
2756
errno = argz_add(&interfaces_to_take_down,
2356
2757
&interfaces_to_take_down_size,
2379
2780
goto end;
2380
2781
}
2381
2782
2382
ret = init_gnutls_global(pubkey, seckey, &mc);
2783
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2383
2784
if(ret == -1){
2384
2785
fprintf_plus(stderr, "init_gnutls_global failed\n");
2385
2786
exitcode = EX_UNAVAILABLE;
2588
2989
mc.current_server->prev->next = NULL;
2589
2990
while(mc.current_server != NULL){
2590
2991
server *next = mc.current_server->next;
2992
#ifdef __GNUC__
2993
#pragma GCC diagnostic push
2994
#pragma GCC diagnostic ignored "-Wcast-qual"
2995
#endif
2996
free((char *)(mc.current_server->ip));
2997
#ifdef __GNUC__
2998
#pragma GCC diagnostic pop
2999
#endif
2591
3000
free(mc.current_server);
2592
3001
mc.current_server = next;
2593
3002
}
2597
3006
{
2598
3007
ret_errno = raise_privileges();
2599
3008
if(ret_errno != 0){
3009
errno = ret_errno;
2600
3010
perror_plus("Failed to raise privileges");
2601
3011
} else {
2602
3012
2625
3035
2626
3036
ret_errno = lower_privileges_permanently();
2627
3037
if(ret_errno != 0){
3038
errno = ret_errno;
2628
3039
perror_plus("Failed to lower privileges permanently");
2629
3040
}
2630
3041
}
2635
3046
/* Removes the GPGME temp directory and all files inside */
2636
3047
if(tempdir != NULL){
2637
3048
struct dirent **direntries = NULL;
2638
struct dirent *direntry = NULL;
2639
int numentries = scandir(tempdir, &direntries, notdotentries,
2640
alphasort);
2641
if(numentries > 0){
2642
for(int i = 0; i < numentries; i++){
2643
direntry = direntries[i];
2644
char *fullname = NULL;
2645
ret = asprintf(&fullname, "%s/%s", tempdir,
2646
direntry->d_name);
2647
if(ret < 0){
2648
perror_plus("asprintf");
2649
continue;
2650
}
2651
ret = remove(fullname);
2652
if(ret == -1){
2653
fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2654
strerror(errno));
2655
}
2656
free(fullname);
3049
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3050
| O_NOFOLLOW
3051
| O_DIRECTORY
3052
| O_PATH));
3053
if(tempdir_fd == -1){
3054
perror_plus("open");
3055
} else {
3056
#ifdef __GLIBC__
3057
#if __GLIBC_PREREQ(2, 15)
3058
int numentries = scandirat(tempdir_fd, ".", &direntries,
3059
notdotentries, alphasort);
3060
#else /* not __GLIBC_PREREQ(2, 15) */
3061
int numentries = scandir(tempdir, &direntries, notdotentries,
3062
alphasort);
3063
#endif /* not __GLIBC_PREREQ(2, 15) */
3064
#else /* not __GLIBC__ */
3065
int numentries = scandir(tempdir, &direntries, notdotentries,
3066
alphasort);
3067
#endif /* not __GLIBC__ */
3068
if(numentries >= 0){
3069
for(int i = 0; i < numentries; i++){
3070
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
3071
if(ret == -1){
3072
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
3073
" \"%s\", 0): %s\n", tempdir,
3074
direntries[i]->d_name, strerror(errno));
3075
}
3076
free(direntries[i]);
3077
}
3078
3079
/* need to clean even if 0 because man page doesn't specify */
3080
free(direntries);
3081
if(numentries == -1){
3082
perror_plus("scandir");
3083
}
3084
ret = rmdir(tempdir);
3085
if(ret == -1 and errno != ENOENT){
3086
perror_plus("rmdir");
3087
}
2657
3088
}
2658
}
2659
2660
/* need to clean even if 0 because man page doesn't specify */
2661
free(direntries);
2662
if(numentries == -1){
2663
perror_plus("scandir");
2664
}
2665
ret = rmdir(tempdir);
2666
if(ret == -1 and errno != ENOENT){
2667
perror_plus("rmdir");
3089
close(tempdir_fd);
2668
3090
}
2669
3091
}
2670
3092
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0