46
115
#include <avahi-common/malloc.h>
47
116
#include <avahi-common/error.h>
50
#include <sys/types.h> /* socket(), inet_pton() */
51
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
52
struct in6_addr, inet_pton() */
53
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
54
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
#include <unistd.h> /* close() */
57
#include <netinet/in.h>
58
#include <stdbool.h> /* true */
59
#include <string.h> /* memset */
60
#include <arpa/inet.h> /* inet_pton() */
61
#include <iso646.h> /* not */
64
#include <errno.h> /* perror() */
71
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
73
#define CERTFILE CERT_ROOT "openpgp-client.txt"
74
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
119
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
122
init_gnutls_session(),
124
#include <gnutls/openpgp.h>
125
/* gnutls_certificate_set_openpgp_key_file(),
126
GNUTLS_OPENPGP_FMT_BASE64 */
129
#include <gpgme.h> /* All GPGME types, constants and
132
GPGME_PROTOCOL_OpenPGP,
75
135
#define BUFFER_SIZE 256
137
#define PATHDIR "/conf/conf.d/mandos"
138
#define SECKEY "seckey.txt"
139
#define PUBKEY "pubkey.txt"
140
#define HOOKDIR "/lib/mandos/network-hooks.d"
78
142
bool debug = false;
143
static const char mandos_protocol_version[] = "1";
144
const char *argp_program_version = "mandos-client " VERSION;
145
const char *argp_program_bug_address = "<mandos@recompile.se>";
146
static const char sys_class_net[] = "/sys/class/net";
147
char *connect_to = NULL;
148
const char *hookdir = HOOKDIR;
153
/* Doubly linked list that need to be circularly linked when used */
154
typedef struct server{
157
AvahiIfIndex if_index;
159
struct timespec last_seen;
164
/* Used for passing in values through the Avahi callback functions */
81
gnutls_session_t session;
82
167
gnutls_certificate_credentials_t cred;
168
unsigned int dh_bits;
83
169
gnutls_dh_params_t dh_params;
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
89
gpgme_data_t dh_crypto, dh_plain;
170
const char *priority;
172
server *current_server;
174
size_t interfaces_size;
177
/* global so signal handler can reach it*/
178
AvahiSimplePoll *simple_poll;
180
sig_atomic_t quit_now = 0;
181
int signal_received = 0;
183
/* Function to use when printing errors */
184
void perror_plus(const char *print_text){
186
fprintf(stderr, "Mandos plugin %s: ",
187
program_invocation_short_name);
192
__attribute__((format (gnu_printf, 2, 3), nonnull))
193
int fprintf_plus(FILE *stream, const char *format, ...){
195
va_start (ap, format);
197
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
198
program_invocation_short_name));
199
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
203
* Make additional room in "buffer" for at least BUFFER_SIZE more
204
* bytes. "buffer_capacity" is how much is currently allocated,
205
* "buffer_length" is how much is already used.
207
__attribute__((nonnull, warn_unused_result))
208
size_t incbuffer(char **buffer, size_t buffer_length,
209
size_t buffer_capacity){
210
if(buffer_length + BUFFER_SIZE > buffer_capacity){
211
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
213
int old_errno = errno;
220
buffer_capacity += BUFFER_SIZE;
222
return buffer_capacity;
225
/* Add server to set of servers to retry periodically */
226
__attribute__((nonnull, warn_unused_result))
227
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
228
int af, server **current_server){
230
server *new_server = malloc(sizeof(server));
231
if(new_server == NULL){
232
perror_plus("malloc");
235
*new_server = (server){ .ip = strdup(ip),
237
.if_index = if_index,
239
if(new_server->ip == NULL){
240
perror_plus("strdup");
244
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
246
perror_plus("clock_gettime");
248
#pragma GCC diagnostic push
249
#pragma GCC diagnostic ignored "-Wcast-qual"
251
free((char *)(new_server->ip));
253
#pragma GCC diagnostic pop
258
/* Special case of first server */
259
if(*current_server == NULL){
260
new_server->next = new_server;
261
new_server->prev = new_server;
262
*current_server = new_server;
264
/* Place the new server last in the list */
265
new_server->next = *current_server;
266
new_server->prev = (*current_server)->prev;
267
new_server->prev->next = new_server;
268
(*current_server)->prev = new_server;
276
__attribute__((nonnull, warn_unused_result))
277
static bool init_gpgme(const char * const seckey,
278
const char * const pubkey,
279
const char * const tempdir,
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
95
282
gpgme_engine_info_t engine_info;
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
285
* Helper function to insert pub and seckey to the engine keyring.
287
bool import_key(const char * const filename){
290
gpgme_data_t pgp_data;
292
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
298
rc = gpgme_data_new_from_fd(&pgp_data, fd);
299
if(rc != GPG_ERR_NO_ERROR){
300
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
301
gpgme_strsource(rc), gpgme_strerror(rc));
305
rc = gpgme_op_import(mc->ctx, pgp_data);
306
if(rc != GPG_ERR_NO_ERROR){
307
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
308
gpgme_strsource(rc), gpgme_strerror(rc));
314
perror_plus("close");
316
gpgme_data_release(pgp_data);
321
fprintf_plus(stderr, "Initializing GPGME\n");
102
325
gpgme_check_version(NULL);
103
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
326
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
327
if(rc != GPG_ERR_NO_ERROR){
328
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
329
gpgme_strsource(rc), gpgme_strerror(rc));
105
/* Set GPGME home directory */
106
rc = gpgme_get_engine_info (&engine_info);
107
if (rc != GPG_ERR_NO_ERROR){
108
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
109
gpgme_strsource(rc), gpgme_strerror(rc));
333
/* Set GPGME home directory for the OpenPGP engine only */
334
rc = gpgme_get_engine_info(&engine_info);
335
if(rc != GPG_ERR_NO_ERROR){
336
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
337
gpgme_strsource(rc), gpgme_strerror(rc));
112
340
while(engine_info != NULL){
113
341
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
114
342
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
115
engine_info->file_name, homedir);
343
engine_info->file_name, tempdir);
118
346
engine_info = engine_info->next;
120
348
if(engine_info == NULL){
121
fprintf(stderr, "Could not set home dir to %s\n", homedir);
125
/* Create new GPGME data buffer from packet buffer */
126
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
127
if (rc != GPG_ERR_NO_ERROR){
128
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
129
gpgme_strsource(rc), gpgme_strerror(rc));
349
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
354
/* Create new GPGME "context" */
355
rc = gpgme_new(&(mc->ctx));
356
if(rc != GPG_ERR_NO_ERROR){
357
fprintf_plus(stderr, "Mandos plugin mandos-client: "
358
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
363
if(not import_key(pubkey) or not import_key(seckey)){
371
* Decrypt OpenPGP data.
372
* Returns -1 on error
374
__attribute__((nonnull, warn_unused_result))
375
static ssize_t pgp_packet_decrypt(const char *cryptotext,
379
gpgme_data_t dh_crypto, dh_plain;
382
size_t plaintext_capacity = 0;
383
ssize_t plaintext_length = 0;
386
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
389
/* Create new GPGME data buffer from memory cryptotext */
390
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
392
if(rc != GPG_ERR_NO_ERROR){
393
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
394
gpgme_strsource(rc), gpgme_strerror(rc));
133
398
/* Create new empty GPGME data buffer for the plaintext */
134
399
rc = gpgme_data_new(&dh_plain);
135
if (rc != GPG_ERR_NO_ERROR){
136
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
137
gpgme_strsource(rc), gpgme_strerror(rc));
141
/* Create new GPGME "context" */
142
rc = gpgme_new(&ctx);
143
if (rc != GPG_ERR_NO_ERROR){
144
fprintf(stderr, "bad gpgme_new: %s: %s\n",
145
gpgme_strsource(rc), gpgme_strerror(rc));
149
/* Decrypt data from the FILE pointer to the plaintext data
151
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
152
if (rc != GPG_ERR_NO_ERROR){
153
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
154
gpgme_strsource(rc), gpgme_strerror(rc));
159
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
163
gpgme_decrypt_result_t result;
164
result = gpgme_op_decrypt_result(ctx);
166
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
168
fprintf(stderr, "Unsupported algorithm: %s\n",
169
result->unsupported_algorithm);
170
fprintf(stderr, "Wrong key usage: %d\n",
171
result->wrong_key_usage);
172
if(result->file_name != NULL){
173
fprintf(stderr, "File name: %s\n", result->file_name);
175
gpgme_recipient_t recipient;
176
recipient = result->recipients;
400
if(rc != GPG_ERR_NO_ERROR){
401
fprintf_plus(stderr, "Mandos plugin mandos-client: "
402
"bad gpgme_data_new: %s: %s\n",
403
gpgme_strsource(rc), gpgme_strerror(rc));
404
gpgme_data_release(dh_crypto);
408
/* Decrypt data from the cryptotext data buffer to the plaintext
410
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
411
if(rc != GPG_ERR_NO_ERROR){
412
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
413
gpgme_strsource(rc), gpgme_strerror(rc));
414
plaintext_length = -1;
416
gpgme_decrypt_result_t result;
417
result = gpgme_op_decrypt_result(mc->ctx);
419
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
421
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
422
result->unsupported_algorithm);
423
fprintf_plus(stderr, "Wrong key usage: %u\n",
424
result->wrong_key_usage);
425
if(result->file_name != NULL){
426
fprintf_plus(stderr, "File name: %s\n", result->file_name);
428
gpgme_recipient_t recipient;
429
recipient = result->recipients;
178
430
while(recipient != NULL){
179
fprintf(stderr, "Public key algorithm: %s\n",
180
gpgme_pubkey_algo_name(recipient->pubkey_algo));
181
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
182
fprintf(stderr, "Secret key available: %s\n",
183
recipient->status == GPG_ERR_NO_SECKEY
431
fprintf_plus(stderr, "Public key algorithm: %s\n",
432
gpgme_pubkey_algo_name
433
(recipient->pubkey_algo));
434
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
435
fprintf_plus(stderr, "Secret key available: %s\n",
436
recipient->status == GPG_ERR_NO_SECKEY
185
438
recipient = recipient->next;
191
/* Delete the GPGME FILE pointer cryptotext data buffer */
192
gpgme_data_release(dh_crypto);
446
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
194
449
/* Seek back to the beginning of the GPGME plaintext data buffer */
195
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
450
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
451
perror_plus("gpgme_data_seek");
452
plaintext_length = -1;
199
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
200
*new_packet = realloc(*new_packet,
201
(unsigned int)new_packet_capacity
203
if (*new_packet == NULL){
207
new_packet_capacity += BUFFER_SIZE;
458
plaintext_capacity = incbuffer(plaintext,
459
(size_t)plaintext_length,
461
if(plaintext_capacity == 0){
462
perror_plus("incbuffer");
463
plaintext_length = -1;
210
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
467
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
212
469
/* Print the data, if any */
217
perror("gpgme_data_read");
220
new_packet_length += ret;
223
/* FIXME: check characters before printing to screen so to not print
224
terminal control characters */
226
/* fprintf(stderr, "decrypted password is: "); */
227
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
228
/* fprintf(stderr, "\n"); */
475
perror_plus("gpgme_data_read");
476
plaintext_length = -1;
479
plaintext_length += ret;
483
fprintf_plus(stderr, "Decrypted password is: ");
484
for(ssize_t i = 0; i < plaintext_length; i++){
485
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
487
fprintf(stderr, "\n");
492
/* Delete the GPGME cryptotext data buffer */
493
gpgme_data_release(dh_crypto);
231
495
/* Delete the GPGME plaintext data buffer */
232
496
gpgme_data_release(dh_plain);
233
return new_packet_length;
236
static const char * safer_gnutls_strerror (int value) {
237
const char *ret = gnutls_strerror (value);
243
void debuggnutls(__attribute__((unused)) int level,
245
fprintf(stderr, "%s", string);
248
int initgnutls(encrypted_session *es){
497
return plaintext_length;
500
__attribute__((warn_unused_result, const))
501
static const char *safe_string(const char *str){
507
__attribute__((warn_unused_result))
508
static const char *safer_gnutls_strerror(int value){
509
const char *ret = gnutls_strerror(value);
510
return safe_string(ret);
513
/* GnuTLS log function callback */
514
__attribute__((nonnull))
515
static void debuggnutls(__attribute__((unused)) int level,
517
fprintf_plus(stderr, "GnuTLS: %s", string);
520
__attribute__((nonnull(1, 2, 4), warn_unused_result))
521
static int init_gnutls_global(const char *pubkeyfilename,
522
const char *seckeyfilename,
523
const char *dhparamsfilename,
253
fprintf(stderr, "Initializing GnuTLS\n");
256
if ((ret = gnutls_global_init ())
257
!= GNUTLS_E_SUCCESS) {
258
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
529
fprintf_plus(stderr, "Initializing GnuTLS\n");
533
/* "Use a log level over 10 to enable all debugging options."
263
536
gnutls_global_set_log_level(11);
264
537
gnutls_global_set_log_function(debuggnutls);
267
/* openpgp credentials */
268
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
269
!= GNUTLS_E_SUCCESS) {
270
fprintf (stderr, "memory error: %s\n",
271
safer_gnutls_strerror(ret));
540
/* OpenPGP credentials */
541
ret = gnutls_certificate_allocate_credentials(&mc->cred);
542
if(ret != GNUTLS_E_SUCCESS){
543
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
544
safer_gnutls_strerror(ret));
276
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
277
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
549
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
550
" secret key %s as GnuTLS credentials\n",
281
555
ret = gnutls_certificate_set_openpgp_key_file
282
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
283
if (ret != GNUTLS_E_SUCCESS) {
285
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
287
ret, CERTFILE, KEYFILE);
288
fprintf(stdout, "The Error is: %s\n",
289
safer_gnutls_strerror(ret));
293
//GnuTLS server initialization
294
if ((ret = gnutls_dh_params_init (&es->dh_params))
295
!= GNUTLS_E_SUCCESS) {
296
fprintf (stderr, "Error in dh parameter initialization: %s\n",
297
safer_gnutls_strerror(ret));
301
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
302
!= GNUTLS_E_SUCCESS) {
303
fprintf (stderr, "Error in prime generation: %s\n",
304
safer_gnutls_strerror(ret));
308
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
310
// GnuTLS session creation
311
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
312
!= GNUTLS_E_SUCCESS){
313
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
314
safer_gnutls_strerror(ret));
317
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf(stderr, "Syntax error at: %s\n", err);
320
fprintf(stderr, "GnuTLS error: %s\n",
321
safer_gnutls_strerror(ret));
325
if ((ret = gnutls_credentials_set
326
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
327
!= GNUTLS_E_SUCCESS) {
328
fprintf(stderr, "Error setting a credentials set: %s\n",
329
safer_gnutls_strerror(ret));
556
(mc->cred, pubkeyfilename, seckeyfilename,
557
GNUTLS_OPENPGP_FMT_BASE64);
558
if(ret != GNUTLS_E_SUCCESS){
560
"Error[%d] while reading the OpenPGP key pair ('%s',"
561
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
562
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
563
safer_gnutls_strerror(ret));
567
/* GnuTLS server initialization */
568
ret = gnutls_dh_params_init(&mc->dh_params);
569
if(ret != GNUTLS_E_SUCCESS){
570
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
571
" initialization: %s\n",
572
safer_gnutls_strerror(ret));
575
/* If a Diffie-Hellman parameters file was given, try to use it */
576
if(dhparamsfilename != NULL){
577
gnutls_datum_t params = { .data = NULL, .size = 0 };
579
int dhpfile = open(dhparamsfilename, O_RDONLY);
582
dhparamsfilename = NULL;
585
size_t params_capacity = 0;
587
params_capacity = incbuffer((char **)¶ms.data,
589
(size_t)params_capacity);
590
if(params_capacity == 0){
591
perror_plus("incbuffer");
594
dhparamsfilename = NULL;
597
ssize_t bytes_read = read(dhpfile,
598
params.data + params.size,
604
/* check bytes_read for failure */
609
dhparamsfilename = NULL;
612
params.size += (unsigned int)bytes_read;
614
if(params.data == NULL){
615
dhparamsfilename = NULL;
617
if(dhparamsfilename == NULL){
620
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
621
GNUTLS_X509_FMT_PEM);
622
if(ret != GNUTLS_E_SUCCESS){
623
fprintf_plus(stderr, "Failed to parse DH parameters in file"
624
" \"%s\": %s\n", dhparamsfilename,
625
safer_gnutls_strerror(ret));
626
dhparamsfilename = NULL;
630
if(dhparamsfilename == NULL){
631
if(mc->dh_bits == 0){
632
/* Find out the optimal number of DH bits */
633
/* Try to read the private key file */
634
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
636
int secfile = open(seckeyfilename, O_RDONLY);
641
size_t buffer_capacity = 0;
643
buffer_capacity = incbuffer((char **)&buffer.data,
645
(size_t)buffer_capacity);
646
if(buffer_capacity == 0){
647
perror_plus("incbuffer");
652
ssize_t bytes_read = read(secfile,
653
buffer.data + buffer.size,
659
/* check bytes_read for failure */
666
buffer.size += (unsigned int)bytes_read;
670
/* If successful, use buffer to parse private key */
671
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
672
if(buffer.data != NULL){
674
gnutls_openpgp_privkey_t privkey = NULL;
675
ret = gnutls_openpgp_privkey_init(&privkey);
676
if(ret != GNUTLS_E_SUCCESS){
677
fprintf_plus(stderr, "Error initializing OpenPGP key"
679
safer_gnutls_strerror(ret));
683
ret = gnutls_openpgp_privkey_import
684
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
685
if(ret != GNUTLS_E_SUCCESS){
686
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
687
safer_gnutls_strerror(ret));
693
/* Use private key to suggest an appropriate
695
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
696
gnutls_openpgp_privkey_deinit(privkey);
698
fprintf_plus(stderr, "This OpenPGP key implies using"
699
" a GnuTLS security parameter \"%s\".\n",
700
safe_string(gnutls_sec_param_get_name
706
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
707
/* Err on the side of caution */
708
sec_param = GNUTLS_SEC_PARAM_ULTRA;
710
fprintf_plus(stderr, "Falling back to security parameter"
712
safe_string(gnutls_sec_param_get_name
717
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
721
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
722
" implies %u DH bits; using that.\n",
723
safe_string(gnutls_sec_param_get_name
728
fprintf_plus(stderr, "Failed to get implied number of DH"
729
" bits for security parameter \"%s\"): %s\n",
730
safe_string(gnutls_sec_param_get_name
732
safer_gnutls_strerror(ret));
736
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
739
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
740
if(ret != GNUTLS_E_SUCCESS){
741
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
742
" bits): %s\n", mc->dh_bits,
743
safer_gnutls_strerror(ret));
747
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
753
gnutls_certificate_free_credentials(mc->cred);
754
gnutls_dh_params_deinit(mc->dh_params);
758
__attribute__((nonnull, warn_unused_result))
759
static int init_gnutls_session(gnutls_session_t *session,
762
/* GnuTLS session creation */
764
ret = gnutls_init(session, GNUTLS_SERVER);
768
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
769
if(ret != GNUTLS_E_SUCCESS){
771
"Error in GnuTLS session initialization: %s\n",
772
safer_gnutls_strerror(ret));
778
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
780
gnutls_deinit(*session);
783
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
784
if(ret != GNUTLS_E_SUCCESS){
785
fprintf_plus(stderr, "Syntax error at: %s\n", err);
786
fprintf_plus(stderr, "GnuTLS error: %s\n",
787
safer_gnutls_strerror(ret));
788
gnutls_deinit(*session);
794
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
797
gnutls_deinit(*session);
800
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
801
if(ret != GNUTLS_E_SUCCESS){
802
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
803
safer_gnutls_strerror(ret));
804
gnutls_deinit(*session);
333
808
/* ignore client certificate if any. */
334
gnutls_certificate_server_set_request (es->session,
337
gnutls_dh_set_prime_bits (es->session, DH_BITS);
809
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
342
void empty_log(__attribute__((unused)) AvahiLogLevel level,
343
__attribute__((unused)) const char *txt){}
345
int start_mandos_communication(const char *ip, uint16_t port,
346
unsigned int if_index){
348
struct sockaddr_in6 to;
349
encrypted_session es;
814
/* Avahi log function callback */
815
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
816
__attribute__((unused)) const char *txt){}
818
/* Set effective uid to 0, return errno */
819
__attribute__((warn_unused_result))
820
int raise_privileges(void){
821
int old_errno = errno;
823
if(seteuid(0) == -1){
830
/* Set effective and real user ID to 0. Return errno. */
831
__attribute__((warn_unused_result))
832
int raise_privileges_permanently(void){
833
int old_errno = errno;
834
int ret = raise_privileges();
846
/* Set effective user ID to unprivileged saved user ID */
847
__attribute__((warn_unused_result))
848
int lower_privileges(void){
849
int old_errno = errno;
851
if(seteuid(uid) == -1){
858
/* Lower privileges permanently */
859
__attribute__((warn_unused_result))
860
int lower_privileges_permanently(void){
861
int old_errno = errno;
863
if(setuid(uid) == -1){
870
/* Helper function to add_local_route() and delete_local_route() */
871
__attribute__((nonnull, warn_unused_result))
872
static bool add_delete_local_route(const bool add,
874
AvahiIfIndex if_index){
876
char helper[] = "mandos-client-iprouteadddel";
877
char add_arg[] = "add";
878
char delete_arg[] = "delete";
879
char debug_flag[] = "--debug";
880
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
881
if(pluginhelperdir == NULL){
883
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
884
" variable not set; cannot run helper\n");
889
char interface[IF_NAMESIZE];
890
if(if_indextoname((unsigned int)if_index, interface) == NULL){
891
perror_plus("if_indextoname");
895
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
897
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
/* Raise privileges */
904
errno = raise_privileges_permanently();
906
perror_plus("Failed to raise privileges");
907
/* _exit(EX_NOPERM); */
913
perror_plus("setgid");
916
/* Reset supplementary groups */
918
ret = setgroups(0, NULL);
920
perror_plus("setgroups");
924
ret = dup2(devnull, STDIN_FILENO);
926
perror_plus("dup2(devnull, STDIN_FILENO)");
929
ret = close(devnull);
931
perror_plus("close");
934
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
936
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
939
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
944
if(helperdir_fd == -1){
946
_exit(EX_UNAVAILABLE);
948
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
951
perror_plus("openat");
953
_exit(EX_UNAVAILABLE);
957
#pragma GCC diagnostic push
958
#pragma GCC diagnostic ignored "-Wcast-qual"
960
if(fexecve(helper_fd, (char *const [])
961
{ helper, add ? add_arg : delete_arg, (char *)address,
962
interface, debug ? debug_flag : NULL, NULL },
965
#pragma GCC diagnostic pop
967
perror_plus("fexecve");
979
pret = waitpid(pid, &status, 0);
980
if(pret == -1 and errno == EINTR and quit_now){
981
int errno_raising = 0;
982
if((errno = raise_privileges()) != 0){
983
errno_raising = errno;
984
perror_plus("Failed to raise privileges in order to"
985
" kill helper program");
987
if(kill(pid, SIGTERM) == -1){
990
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
991
perror_plus("Failed to lower privileges after killing"
996
} while(pret == -1 and errno == EINTR);
998
perror_plus("waitpid");
1001
if(WIFEXITED(status)){
1002
if(WEXITSTATUS(status) != 0){
1003
fprintf_plus(stderr, "Error: iprouteadddel exited"
1004
" with status %d\n", WEXITSTATUS(status));
1009
if(WIFSIGNALED(status)){
1010
fprintf_plus(stderr, "Error: iprouteadddel died by"
1011
" signal %d\n", WTERMSIG(status));
1014
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1018
__attribute__((nonnull, warn_unused_result))
1019
static bool add_local_route(const char *address,
1020
AvahiIfIndex if_index){
1022
fprintf_plus(stderr, "Adding route to %s\n", address);
1024
return add_delete_local_route(true, address, if_index);
1027
__attribute__((nonnull, warn_unused_result))
1028
static bool delete_local_route(const char *address,
1029
AvahiIfIndex if_index){
1031
fprintf_plus(stderr, "Removing route to %s\n", address);
1033
return add_delete_local_route(false, address, if_index);
1036
/* Called when a Mandos server is found */
1037
__attribute__((nonnull, warn_unused_result))
1038
static int start_mandos_communication(const char *ip, in_port_t port,
1039
AvahiIfIndex if_index,
1040
int af, mandos_context *mc){
1041
int ret, tcp_sd = -1;
1043
struct sockaddr_storage to;
350
1044
char *buffer = NULL;
351
char *decrypted_buffer;
1045
char *decrypted_buffer = NULL;
352
1046
size_t buffer_length = 0;
353
1047
size_t buffer_capacity = 0;
354
ssize_t decrypted_buffer_size;
357
char interface[IF_NAMESIZE];
360
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
364
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
370
if(if_indextoname(if_index, interface) == NULL){
372
perror("if_indextoname");
378
fprintf(stderr, "Binding to interface %s\n", interface);
381
memset(&to,0,sizeof(to)); /* Spurious warning */
382
to.sin6_family = AF_INET6;
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
1050
gnutls_session_t session;
1051
int pf; /* Protocol family */
1052
bool route_added = false;
1069
fprintf_plus(stderr, "Bad address family: %d\n", af);
1074
/* If the interface is specified and we have a list of interfaces */
1075
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1076
/* Check if the interface is one of the interfaces we are using */
1079
char *interface = NULL;
1080
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1082
if(if_nametoindex(interface) == (unsigned int)if_index){
1089
/* This interface does not match any in the list, so we don't
1090
connect to the server */
1092
char interface[IF_NAMESIZE];
1093
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1094
perror_plus("if_indextoname");
1096
fprintf_plus(stderr, "Skipping server on non-used interface"
1098
if_indextoname((unsigned int)if_index,
1106
ret = init_gnutls_session(&session, mc);
1112
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1113
PRIuMAX "\n", ip, (uintmax_t)port);
1116
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1119
perror_plus("socket");
1130
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1131
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1132
ret = inet_pton(af, ip, &to6->sin6_addr);
1134
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1135
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1136
ret = inet_pton(af, ip, &to4->sin_addr);
1140
perror_plus("inet_pton");
389
fprintf(stderr, "Bad address: %s\n", ip);
392
to.sin6_port = htons(port); /* Spurious warning */
394
to.sin6_scope_id = (uint32_t)if_index;
397
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
398
/* char addrstr[INET6_ADDRSTRLEN]; */
399
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
400
/* sizeof(addrstr)) == NULL){ */
401
/* perror("inet_ntop"); */
403
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
404
/* addrstr, ntohs(to.sin6_port)); */
408
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
414
ret = initgnutls (&es);
420
gnutls_transport_set_ptr (es.session,
421
(gnutls_transport_ptr_t) tcp_sd);
424
fprintf(stderr, "Establishing TLS session with %s\n", ip);
427
ret = gnutls_handshake (es.session);
429
if (ret != GNUTLS_E_SUCCESS){
1146
fprintf_plus(stderr, "Bad address: %s\n", ip);
1151
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1152
if(IN6_IS_ADDR_LINKLOCAL
1153
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1154
if(if_index == AVAHI_IF_UNSPEC){
1155
fprintf_plus(stderr, "An IPv6 link-local address is"
1156
" incomplete without a network interface\n");
1160
/* Set the network interface number as scope */
1161
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1164
((struct sockaddr_in *)&to)->sin_port = htons(port);
1173
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1174
char interface[IF_NAMESIZE];
1175
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1176
perror_plus("if_indextoname");
1178
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1179
"\n", ip, interface, (uintmax_t)port);
1182
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1183
ip, (uintmax_t)port);
1185
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1186
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1188
ret = getnameinfo((struct sockaddr *)&to,
1189
sizeof(struct sockaddr_in6),
1190
addrstr, sizeof(addrstr), NULL, 0,
1193
ret = getnameinfo((struct sockaddr *)&to,
1194
sizeof(struct sockaddr_in),
1195
addrstr, sizeof(addrstr), NULL, 0,
1198
if(ret == EAI_SYSTEM){
1199
perror_plus("getnameinfo");
1200
} else if(ret != 0) {
1201
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1202
} else if(strcmp(addrstr, ip) != 0){
1203
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1214
ret = connect(tcp_sd, (struct sockaddr *)&to,
1215
sizeof(struct sockaddr_in6));
1217
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1218
sizeof(struct sockaddr_in));
1221
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1222
and if_index != AVAHI_IF_UNSPEC
1223
and connect_to == NULL
1224
and not route_added and
1225
((af == AF_INET6 and not
1226
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1228
or (af == AF_INET and
1229
/* Not a a IPv4LL address */
1230
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1231
& 0xFFFF0000L) != 0xA9FE0000L))){
1232
/* Work around Avahi bug - Avahi does not announce link-local
1233
addresses if it has a global address, so local hosts with
1234
*only* a link-local address (e.g. Mandos clients) cannot
1235
connect to a Mandos server announced by Avahi on a server
1236
host with a global address. Work around this by retrying
1237
with an explicit route added with the server's address.
1239
Avahi bug reference:
1240
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1241
https://bugs.debian.org/587961
1244
fprintf_plus(stderr, "Mandos server unreachable, trying"
1248
route_added = add_local_route(ip, if_index);
1254
if(errno != ECONNREFUSED or debug){
1256
perror_plus("connect");
1269
const char *out = mandos_protocol_version;
1272
size_t out_size = strlen(out);
1273
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1274
out_size - written));
1277
perror_plus("write");
1281
written += (size_t)ret;
1282
if(written < out_size){
1285
if(out == mandos_protocol_version){
1300
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1308
/* This casting via intptr_t is to eliminate warning about casting
1309
an int to a pointer type. This is exactly how the GnuTLS Guile
1310
function "set-session-transport-fd!" does it. */
1311
gnutls_transport_set_ptr(session,
1312
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1320
ret = gnutls_handshake(session);
1325
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1327
if(ret != GNUTLS_E_SUCCESS){
431
fprintf(stderr, "\n*** Handshake failed ***\n");
1329
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
438
//Retrieve OpenPGP packet that contains the wanted password
1336
/* Read OpenPGP packet that contains the wanted password */
441
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
1339
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
446
if (buffer_length + BUFFER_SIZE > buffer_capacity){
447
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
452
buffer_capacity += BUFFER_SIZE;
455
ret = gnutls_record_recv
456
(es.session, buffer+buffer_length, BUFFER_SIZE);
1350
buffer_capacity = incbuffer(&buffer, buffer_length,
1352
if(buffer_capacity == 0){
1354
perror_plus("incbuffer");
1364
sret = gnutls_record_recv(session, buffer+buffer_length,
462
1371
case GNUTLS_E_INTERRUPTED:
463
1372
case GNUTLS_E_AGAIN:
465
1374
case GNUTLS_E_REHANDSHAKE:
466
ret = gnutls_handshake (es.session);
468
fprintf(stderr, "\n*** Handshake failed ***\n");
1376
ret = gnutls_handshake(session);
1382
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1384
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
475
fprintf(stderr, "Unknown error while reading data from"
476
" encrypted session with mandos server\n");
478
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
1392
fprintf_plus(stderr, "Unknown error while reading data from"
1393
" encrypted session with Mandos server\n");
1394
gnutls_bye(session, GNUTLS_SHUT_RDWR);
482
buffer_length += (size_t) ret;
486
if (buffer_length > 0){
487
decrypted_buffer_size = pgp_packet_decrypt(buffer,
491
if (decrypted_buffer_size >= 0){
1399
buffer_length += (size_t) sret;
1404
fprintf_plus(stderr, "Closing TLS session\n");
1413
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1418
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1420
if(buffer_length > 0){
1421
ssize_t decrypted_buffer_size;
1422
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1423
&decrypted_buffer, mc);
1424
if(decrypted_buffer_size >= 0){
492
1428
while(written < (size_t) decrypted_buffer_size){
493
ret = (int)fwrite (decrypted_buffer + written, 1,
494
(size_t)decrypted_buffer_size - written,
1434
ret = (int)fwrite(decrypted_buffer + written, 1,
1435
(size_t)decrypted_buffer_size - written,
496
1437
if(ret == 0 and ferror(stdout)){
498
fprintf(stderr, "Error writing encrypted data: %s\n",
1440
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
504
1446
written += (size_t)ret;
506
free(decrypted_buffer);
1448
ret = fflush(stdout);
1452
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1462
/* Shutdown procedure */
1467
if(not delete_local_route(ip, if_index)){
1468
fprintf_plus(stderr, "Failed to delete local route to %s on"
1469
" interface %d", ip, if_index);
1473
free(decrypted_buffer);
1476
ret = close(tcp_sd);
1482
perror_plus("close");
1484
gnutls_deinit(session);
515
fprintf(stderr, "Closing TLS session\n");
519
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
522
gnutls_deinit (es.session);
523
gnutls_certificate_free_credentials (es.cred);
524
gnutls_global_deinit ();
528
static AvahiSimplePoll *simple_poll = NULL;
529
static AvahiServer *server = NULL;
531
static void resolve_callback(
532
AvahiSServiceResolver *r,
533
AvahiIfIndex interface,
534
AVAHI_GCC_UNUSED AvahiProtocol protocol,
535
AvahiResolverEvent event,
539
const char *host_name,
540
const AvahiAddress *address,
542
AVAHI_GCC_UNUSED AvahiStringList *txt,
543
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
544
AVAHI_GCC_UNUSED void* userdata) {
546
assert(r); /* Spurious warning */
1494
__attribute__((nonnull))
1495
static void resolve_callback(AvahiSServiceResolver *r,
1496
AvahiIfIndex interface,
1497
AvahiProtocol proto,
1498
AvahiResolverEvent event,
1502
const char *host_name,
1503
const AvahiAddress *address,
1505
AVAHI_GCC_UNUSED AvahiStringList *txt,
1506
AVAHI_GCC_UNUSED AvahiLookupResultFlags
548
1513
/* Called whenever a service has been resolved successfully or
1517
avahi_s_service_resolver_free(r);
553
1523
case AVAHI_RESOLVER_FAILURE:
554
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
555
" type '%s' in domain '%s': %s\n", name, type, domain,
556
avahi_strerror(avahi_server_errno(server)));
1524
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1525
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1527
avahi_strerror(avahi_server_errno
1528
(((mandos_context*)mc)->server)));
559
1531
case AVAHI_RESOLVER_FOUND:
561
1533
char ip[AVAHI_ADDRESS_STR_MAX];
562
1534
avahi_address_snprint(ip, sizeof(ip), address);
564
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
565
" port %d\n", name, host_name, ip, port);
1536
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1537
PRIdMAX ") on port %" PRIu16 "\n", name,
1538
host_name, ip, (intmax_t)interface, port);
567
int ret = start_mandos_communication(ip, port,
568
(unsigned int) interface);
1540
int ret = start_mandos_communication(ip, (in_port_t)port,
1542
avahi_proto_to_af(proto),
1545
avahi_simple_poll_quit(simple_poll);
1547
if(not add_server(ip, (in_port_t)port, interface,
1548
avahi_proto_to_af(proto),
1549
&((mandos_context*)mc)->current_server)){
1550
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
574
1556
avahi_s_service_resolver_free(r);
577
static void browse_callback(
578
AvahiSServiceBrowser *b,
579
AvahiIfIndex interface,
580
AvahiProtocol protocol,
581
AvahiBrowserEvent event,
585
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
588
AvahiServer *s = userdata;
589
assert(b); /* Spurious warning */
591
/* Called whenever a new services becomes available on the LAN or
592
is removed from the LAN */
1559
static void browse_callback(AvahiSServiceBrowser *b,
1560
AvahiIfIndex interface,
1561
AvahiProtocol protocol,
1562
AvahiBrowserEvent event,
1566
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1573
/* Called whenever a new services becomes available on the LAN or
1574
is removed from the LAN */
1582
case AVAHI_BROWSER_FAILURE:
1584
fprintf_plus(stderr, "(Avahi browser) %s\n",
1585
avahi_strerror(avahi_server_errno
1586
(((mandos_context*)mc)->server)));
1587
avahi_simple_poll_quit(simple_poll);
1590
case AVAHI_BROWSER_NEW:
1591
/* We ignore the returned Avahi resolver object. In the callback
1592
function we free it. If the Avahi server is terminated before
1593
the callback function is called the Avahi server will free the
1596
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1597
interface, protocol, name, type,
1598
domain, protocol, 0,
1599
resolve_callback, mc) == NULL)
1600
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1602
avahi_strerror(avahi_server_errno
1603
(((mandos_context*)mc)->server)));
1606
case AVAHI_BROWSER_REMOVE:
1609
case AVAHI_BROWSER_ALL_FOR_NOW:
1610
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1612
fprintf_plus(stderr, "No Mandos server found, still"
1619
/* Signal handler that stops main loop after SIGTERM */
1620
static void handle_sigterm(int sig){
1625
signal_received = sig;
1626
int old_errno = errno;
1627
/* set main loop to exit */
1628
if(simple_poll != NULL){
1629
avahi_simple_poll_quit(simple_poll);
1634
__attribute__((nonnull, warn_unused_result))
1635
bool get_flags(const char *ifname, struct ifreq *ifr){
1639
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1642
perror_plus("socket");
1646
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1647
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1648
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1652
perror_plus("ioctl SIOCGIFFLAGS");
1660
__attribute__((nonnull, warn_unused_result))
1661
bool good_flags(const char *ifname, const struct ifreq *ifr){
1663
/* Reject the loopback device */
1664
if(ifr->ifr_flags & IFF_LOOPBACK){
1666
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1671
/* Accept point-to-point devices only if connect_to is specified */
1672
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1674
fprintf_plus(stderr, "Accepting point-to-point interface"
1675
" \"%s\"\n", ifname);
1679
/* Otherwise, reject non-broadcast-capable devices */
1680
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1682
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1683
" \"%s\"\n", ifname);
1687
/* Reject non-ARP interfaces (including dummy interfaces) */
1688
if(ifr->ifr_flags & IFF_NOARP){
1690
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1696
/* Accept this device */
1698
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1704
* This function determines if a directory entry in /sys/class/net
1705
* corresponds to an acceptable network device.
1706
* (This function is passed to scandir(3) as a filter function.)
1708
__attribute__((nonnull, warn_unused_result))
1709
int good_interface(const struct dirent *if_entry){
1710
if(if_entry->d_name[0] == '.'){
1715
if(not get_flags(if_entry->d_name, &ifr)){
1717
fprintf_plus(stderr, "Failed to get flags for interface "
1718
"\"%s\"\n", if_entry->d_name);
1723
if(not good_flags(if_entry->d_name, &ifr)){
1730
* This function determines if a network interface is up.
1732
__attribute__((nonnull, warn_unused_result))
1733
bool interface_is_up(const char *interface){
1735
if(not get_flags(interface, &ifr)){
1737
fprintf_plus(stderr, "Failed to get flags for interface "
1738
"\"%s\"\n", interface);
1743
return (bool)(ifr.ifr_flags & IFF_UP);
1747
* This function determines if a network interface is running
1749
__attribute__((nonnull, warn_unused_result))
1750
bool interface_is_running(const char *interface){
1752
if(not get_flags(interface, &ifr)){
1754
fprintf_plus(stderr, "Failed to get flags for interface "
1755
"\"%s\"\n", interface);
1760
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1763
__attribute__((nonnull, pure, warn_unused_result))
1764
int notdotentries(const struct dirent *direntry){
1765
/* Skip "." and ".." */
1766
if(direntry->d_name[0] == '.'
1767
and (direntry->d_name[1] == '\0'
1768
or (direntry->d_name[1] == '.'
1769
and direntry->d_name[2] == '\0'))){
1775
/* Is this directory entry a runnable program? */
1776
__attribute__((nonnull, warn_unused_result))
1777
int runnable_hook(const struct dirent *direntry){
1782
if((direntry->d_name)[0] == '\0'){
1787
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1788
"abcdefghijklmnopqrstuvwxyz"
1791
if((direntry->d_name)[sret] != '\0'){
1792
/* Contains non-allowed characters */
1794
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1800
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1803
perror_plus("Could not stat hook");
1807
if(not (S_ISREG(st.st_mode))){
1808
/* Not a regular file */
1810
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1815
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1816
/* Not executable */
1818
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1824
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1830
__attribute__((nonnull, warn_unused_result))
1831
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1832
mandos_context *mc){
1834
struct timespec now;
1835
struct timespec waited_time;
1836
intmax_t block_time;
1839
if(mc->current_server == NULL){
1841
fprintf_plus(stderr, "Wait until first server is found."
1844
ret = avahi_simple_poll_iterate(s, -1);
1847
fprintf_plus(stderr, "Check current_server if we should run"
1850
/* the current time */
1851
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1853
perror_plus("clock_gettime");
1856
/* Calculating in ms how long time between now and server
1857
who we visted longest time ago. Now - last seen. */
1858
waited_time.tv_sec = (now.tv_sec
1859
- mc->current_server->last_seen.tv_sec);
1860
waited_time.tv_nsec = (now.tv_nsec
1861
- mc->current_server->last_seen.tv_nsec);
1862
/* total time is 10s/10,000ms.
1863
Converting to s from ms by dividing by 1,000,
1864
and ns to ms by dividing by 1,000,000. */
1865
block_time = ((retry_interval
1866
- ((intmax_t)waited_time.tv_sec * 1000))
1867
- ((intmax_t)waited_time.tv_nsec / 1000000));
1870
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1874
if(block_time <= 0){
1875
ret = start_mandos_communication(mc->current_server->ip,
1876
mc->current_server->port,
1877
mc->current_server->if_index,
1878
mc->current_server->af, mc);
1880
avahi_simple_poll_quit(s);
1883
ret = clock_gettime(CLOCK_MONOTONIC,
1884
&mc->current_server->last_seen);
1886
perror_plus("clock_gettime");
1889
mc->current_server = mc->current_server->next;
1890
block_time = 0; /* Call avahi to find new Mandos
1891
servers, but don't block */
1894
ret = avahi_simple_poll_iterate(s, (int)block_time);
1897
if(ret > 0 or errno != EINTR){
1898
return (ret != 1) ? ret : 0;
1904
__attribute__((nonnull))
1905
void run_network_hooks(const char *mode, const char *interface,
1907
struct dirent **direntries = NULL;
1908
if(hookdir_fd == -1){
1909
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1911
if(hookdir_fd == -1){
1912
if(errno == ENOENT){
1914
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1915
" found\n", hookdir);
1918
perror_plus("open");
1923
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1924
runnable_hook, alphasort);
1926
perror_plus("scandir");
1929
struct dirent *direntry;
1931
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1933
perror_plus("open(\"/dev/null\", O_RDONLY)");
1936
for(int i = 0; i < numhooks; i++){
1937
direntry = direntries[i];
1939
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1942
pid_t hook_pid = fork();
1945
/* Raise privileges */
1946
errno = raise_privileges_permanently();
1948
perror_plus("Failed to raise privileges");
1955
perror_plus("setgid");
1958
/* Reset supplementary groups */
1960
ret = setgroups(0, NULL);
1962
perror_plus("setgroups");
1965
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1967
perror_plus("setenv");
1970
ret = setenv("DEVICE", interface, 1);
1972
perror_plus("setenv");
1975
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1977
perror_plus("setenv");
1980
ret = setenv("MODE", mode, 1);
1982
perror_plus("setenv");
1986
ret = asprintf(&delaystring, "%f", (double)delay);
1988
perror_plus("asprintf");
1991
ret = setenv("DELAY", delaystring, 1);
1994
perror_plus("setenv");
1998
if(connect_to != NULL){
1999
ret = setenv("CONNECT", connect_to, 1);
2001
perror_plus("setenv");
2005
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2009
perror_plus("openat");
2010
_exit(EXIT_FAILURE);
2012
if(close(hookdir_fd) == -1){
2013
perror_plus("close");
2014
_exit(EXIT_FAILURE);
2016
ret = dup2(devnull, STDIN_FILENO);
2018
perror_plus("dup2(devnull, STDIN_FILENO)");
2021
ret = close(devnull);
2023
perror_plus("close");
2026
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2028
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2031
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2033
perror_plus("fexecve");
2034
_exit(EXIT_FAILURE);
2038
perror_plus("fork");
2043
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2044
perror_plus("waitpid");
2048
if(WIFEXITED(status)){
2049
if(WEXITSTATUS(status) != 0){
2050
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2051
" with status %d\n", direntry->d_name,
2052
WEXITSTATUS(status));
2056
} else if(WIFSIGNALED(status)){
2057
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2058
" signal %d\n", direntry->d_name,
2063
fprintf_plus(stderr, "Warning: network hook \"%s\""
2064
" crashed\n", direntry->d_name);
2070
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2076
if(close(hookdir_fd) == -1){
2077
perror_plus("close");
2084
__attribute__((nonnull, warn_unused_result))
2085
int bring_up_interface(const char *const interface,
2087
int old_errno = errno;
2089
struct ifreq network;
2090
unsigned int if_index = if_nametoindex(interface);
2092
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2102
if(not interface_is_up(interface)){
2104
int ioctl_errno = 0;
2105
if(not get_flags(interface, &network)){
2107
fprintf_plus(stderr, "Failed to get flags for interface "
2108
"\"%s\"\n", interface);
2112
network.ifr_flags |= IFF_UP; /* set flag */
2114
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2117
perror_plus("socket");
2125
perror_plus("close");
2132
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2136
/* Raise privileges */
2137
ret_errno = raise_privileges();
2140
perror_plus("Failed to raise privileges");
2145
bool restore_loglevel = false;
2147
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2148
messages about the network interface to mess up the prompt */
2149
ret_linux = klogctl(8, NULL, 5);
2150
if(ret_linux == -1){
2151
perror_plus("klogctl");
2153
restore_loglevel = true;
2156
#endif /* __linux__ */
2157
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2158
ioctl_errno = errno;
2160
if(restore_loglevel){
2161
ret_linux = klogctl(7, NULL, 0);
2162
if(ret_linux == -1){
2163
perror_plus("klogctl");
2166
#endif /* __linux__ */
2168
/* If raise_privileges() succeeded above */
2170
/* Lower privileges */
2171
ret_errno = lower_privileges();
2174
perror_plus("Failed to lower privileges");
2178
/* Close the socket */
2181
perror_plus("close");
2184
if(ret_setflags == -1){
2185
errno = ioctl_errno;
2186
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2191
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2195
/* Sleep checking until interface is running.
2196
Check every 0.25s, up to total time of delay */
2197
for(int i=0; i < delay * 4; i++){
2198
if(interface_is_running(interface)){
2201
struct timespec sleeptime = { .tv_nsec = 250000000 };
2202
ret = nanosleep(&sleeptime, NULL);
2203
if(ret == -1 and errno != EINTR){
2204
perror_plus("nanosleep");
2212
__attribute__((nonnull, warn_unused_result))
2213
int take_down_interface(const char *const interface){
2214
int old_errno = errno;
2215
struct ifreq network;
2216
unsigned int if_index = if_nametoindex(interface);
2218
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2222
if(interface_is_up(interface)){
2224
int ioctl_errno = 0;
2225
if(not get_flags(interface, &network) and debug){
2227
fprintf_plus(stderr, "Failed to get flags for interface "
2228
"\"%s\"\n", interface);
2232
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2234
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2237
perror_plus("socket");
2243
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2247
/* Raise privileges */
2248
ret_errno = raise_privileges();
2251
perror_plus("Failed to raise privileges");
2254
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2255
ioctl_errno = errno;
2257
/* If raise_privileges() succeeded above */
2259
/* Lower privileges */
2260
ret_errno = lower_privileges();
2263
perror_plus("Failed to lower privileges");
2267
/* Close the socket */
2268
int ret = close(sd);
2270
perror_plus("close");
2273
if(ret_setflags == -1){
2274
errno = ioctl_errno;
2275
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2280
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2288
int main(int argc, char *argv[]){
2289
mandos_context mc = { .server = NULL, .dh_bits = 0,
2290
.priority = "SECURE256:!CTYPE-X.509"
2291
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2292
.current_server = NULL, .interfaces = NULL,
2293
.interfaces_size = 0 };
2294
AvahiSServiceBrowser *sb = NULL;
2299
int exitcode = EXIT_SUCCESS;
2300
char *interfaces_to_take_down = NULL;
2301
size_t interfaces_to_take_down_size = 0;
2302
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2303
char old_tempdir[] = "/tmp/mandosXXXXXX";
2304
char *tempdir = NULL;
2305
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2306
const char *seckey = PATHDIR "/" SECKEY;
2307
const char *pubkey = PATHDIR "/" PUBKEY;
2308
const char *dh_params_file = NULL;
2309
char *interfaces_hooks = NULL;
2311
bool gnutls_initialized = false;
2312
bool gpgme_initialized = false;
2314
double retry_interval = 10; /* 10s between trying a server and
2315
retrying the same server again */
2317
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2318
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2323
/* Lower any group privileges we might have, just to be safe */
2327
perror_plus("setgid");
2330
/* Lower user privileges (temporarily) */
2334
perror_plus("seteuid");
2342
struct argp_option options[] = {
2343
{ .name = "debug", .key = 128,
2344
.doc = "Debug mode", .group = 3 },
2345
{ .name = "connect", .key = 'c',
2346
.arg = "ADDRESS:PORT",
2347
.doc = "Connect directly to a specific Mandos server",
2349
{ .name = "interface", .key = 'i',
2351
.doc = "Network interface that will be used to search for"
2354
{ .name = "seckey", .key = 's',
2356
.doc = "OpenPGP secret key file base name",
2358
{ .name = "pubkey", .key = 'p',
2360
.doc = "OpenPGP public key file base name",
2362
{ .name = "dh-bits", .key = 129,
2364
.doc = "Bit length of the prime number used in the"
2365
" Diffie-Hellman key exchange",
2367
{ .name = "dh-params", .key = 134,
2369
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2370
" for the Diffie-Hellman key exchange",
2372
{ .name = "priority", .key = 130,
2374
.doc = "GnuTLS priority string for the TLS handshake",
2376
{ .name = "delay", .key = 131,
2378
.doc = "Maximum delay to wait for interface startup",
2380
{ .name = "retry", .key = 132,
2382
.doc = "Retry interval used when denied by the Mandos server",
2384
{ .name = "network-hook-dir", .key = 133,
2386
.doc = "Directory where network hooks are located",
2389
* These reproduce what we would get without ARGP_NO_HELP
2391
{ .name = "help", .key = '?',
2392
.doc = "Give this help list", .group = -1 },
2393
{ .name = "usage", .key = -3,
2394
.doc = "Give a short usage message", .group = -1 },
2395
{ .name = "version", .key = 'V',
2396
.doc = "Print program version", .group = -1 },
2400
error_t parse_opt(int key, char *arg,
2401
struct argp_state *state){
2404
case 128: /* --debug */
2407
case 'c': /* --connect */
2410
case 'i': /* --interface */
2411
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2414
argp_error(state, "%s", strerror(ret_errno));
2417
case 's': /* --seckey */
2420
case 'p': /* --pubkey */
2423
case 129: /* --dh-bits */
2425
tmpmax = strtoimax(arg, &tmp, 10);
2426
if(errno != 0 or tmp == arg or *tmp != '\0'
2427
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2428
argp_error(state, "Bad number of DH bits");
2430
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2432
case 134: /* --dh-params */
2433
dh_params_file = arg;
2435
case 130: /* --priority */
2438
case 131: /* --delay */
2440
delay = strtof(arg, &tmp);
2441
if(errno != 0 or tmp == arg or *tmp != '\0'){
2442
argp_error(state, "Bad delay");
2444
case 132: /* --retry */
2446
retry_interval = strtod(arg, &tmp);
2447
if(errno != 0 or tmp == arg or *tmp != '\0'
2448
or (retry_interval * 1000) > INT_MAX
2449
or retry_interval < 0){
2450
argp_error(state, "Bad retry interval");
2453
case 133: /* --network-hook-dir */
2457
* These reproduce what we would get without ARGP_NO_HELP
2459
case '?': /* --help */
2460
argp_state_help(state, state->out_stream,
2461
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2462
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2463
case -3: /* --usage */
2464
argp_state_help(state, state->out_stream,
2465
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2466
case 'V': /* --version */
2467
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2468
exit(argp_err_exit_status);
2471
return ARGP_ERR_UNKNOWN;
2476
struct argp argp = { .options = options, .parser = parse_opt,
2478
.doc = "Mandos client -- Get and decrypt"
2479
" passwords from a Mandos server" };
2480
ret_errno = argp_parse(&argp, argc, argv,
2481
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
596
case AVAHI_BROWSER_FAILURE:
598
fprintf(stderr, "(Browser) %s\n",
599
avahi_strerror(avahi_server_errno(server)));
600
avahi_simple_poll_quit(simple_poll);
603
case AVAHI_BROWSER_NEW:
604
/* We ignore the returned resolver object. In the callback
605
function we free it. If the server is terminated before
606
the callback function is called the server will free
607
the resolver for us. */
609
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
611
AVAHI_PROTO_INET6, 0,
612
resolve_callback, s)))
613
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
614
avahi_strerror(avahi_server_errno(s)));
617
case AVAHI_BROWSER_REMOVE:
620
case AVAHI_BROWSER_ALL_FOR_NOW:
621
case AVAHI_BROWSER_CACHE_EXHAUSTED:
626
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
2488
perror_plus("argp_parse");
2489
exitcode = EX_OSERR;
2492
exitcode = EX_USAGE;
2498
/* Work around Debian bug #633582:
2499
<http://bugs.debian.org/633582> */
2501
/* Re-raise privileges */
2502
ret = raise_privileges();
2505
perror_plus("Failed to raise privileges");
2509
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2510
int seckey_fd = open(seckey, O_RDONLY);
2511
if(seckey_fd == -1){
2512
perror_plus("open");
2514
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2516
perror_plus("fstat");
2518
if(S_ISREG(st.st_mode)
2519
and st.st_uid == 0 and st.st_gid == 0){
2520
ret = fchown(seckey_fd, uid, gid);
2522
perror_plus("fchown");
2530
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2531
int pubkey_fd = open(pubkey, O_RDONLY);
2532
if(pubkey_fd == -1){
2533
perror_plus("open");
2535
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2537
perror_plus("fstat");
2539
if(S_ISREG(st.st_mode)
2540
and st.st_uid == 0 and st.st_gid == 0){
2541
ret = fchown(pubkey_fd, uid, gid);
2543
perror_plus("fchown");
2551
if(dh_params_file != NULL
2552
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2553
int dhparams_fd = open(dh_params_file, O_RDONLY);
2554
if(dhparams_fd == -1){
2555
perror_plus("open");
2557
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2559
perror_plus("fstat");
2561
if(S_ISREG(st.st_mode)
2562
and st.st_uid == 0 and st.st_gid == 0){
2563
ret = fchown(dhparams_fd, uid, gid);
2565
perror_plus("fchown");
2573
/* Lower privileges */
2574
ret = lower_privileges();
2577
perror_plus("Failed to lower privileges");
2582
/* Remove invalid interface names (except "none") */
2584
char *interface = NULL;
2585
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2587
if(strcmp(interface, "none") != 0
2588
and if_nametoindex(interface) == 0){
2589
if(interface[0] != '\0'){
2590
fprintf_plus(stderr, "Not using nonexisting interface"
2591
" \"%s\"\n", interface);
2593
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2599
/* Run network hooks */
2601
if(mc.interfaces != NULL){
2602
interfaces_hooks = malloc(mc.interfaces_size);
2603
if(interfaces_hooks == NULL){
2604
perror_plus("malloc");
2607
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2608
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2610
run_network_hooks("start", interfaces_hooks != NULL ?
2611
interfaces_hooks : "", delay);
2615
avahi_set_log_function(empty_log);
2618
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2619
from the signal handler */
2620
/* Initialize the pseudo-RNG for Avahi */
2621
srand((unsigned int) time(NULL));
2622
simple_poll = avahi_simple_poll_new();
2623
if(simple_poll == NULL){
2624
fprintf_plus(stderr,
2625
"Avahi: Failed to create simple poll object.\n");
2626
exitcode = EX_UNAVAILABLE;
2630
sigemptyset(&sigterm_action.sa_mask);
2631
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2633
perror_plus("sigaddset");
2634
exitcode = EX_OSERR;
2637
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2639
perror_plus("sigaddset");
2640
exitcode = EX_OSERR;
2643
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2645
perror_plus("sigaddset");
2646
exitcode = EX_OSERR;
2649
/* Need to check if the handler is SIG_IGN before handling:
2650
| [[info:libc:Initial Signal Actions]] |
2651
| [[info:libc:Basic Signal Handling]] |
2653
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2655
perror_plus("sigaction");
2658
if(old_sigterm_action.sa_handler != SIG_IGN){
2659
ret = sigaction(SIGINT, &sigterm_action, NULL);
2661
perror_plus("sigaction");
2662
exitcode = EX_OSERR;
2666
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2668
perror_plus("sigaction");
2671
if(old_sigterm_action.sa_handler != SIG_IGN){
2672
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2674
perror_plus("sigaction");
2675
exitcode = EX_OSERR;
2679
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2681
perror_plus("sigaction");
2684
if(old_sigterm_action.sa_handler != SIG_IGN){
2685
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2687
perror_plus("sigaction");
2688
exitcode = EX_OSERR;
2693
/* If no interfaces were specified, make a list */
2694
if(mc.interfaces == NULL){
2695
struct dirent **direntries = NULL;
2696
/* Look for any good interfaces */
2697
ret = scandir(sys_class_net, &direntries, good_interface,
2700
/* Add all found interfaces to interfaces list */
2701
for(int i = 0; i < ret; ++i){
2702
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2703
direntries[i]->d_name);
2706
perror_plus("argz_add");
2707
free(direntries[i]);
2711
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2712
direntries[i]->d_name);
2714
free(direntries[i]);
2721
fprintf_plus(stderr, "Could not find a network interface\n");
2722
exitcode = EXIT_FAILURE;
2727
/* Bring up interfaces which are down, and remove any "none"s */
2729
char *interface = NULL;
2730
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2732
/* If interface name is "none", stop bringing up interfaces.
2733
Also remove all instances of "none" from the list */
2734
if(strcmp(interface, "none") == 0){
2735
argz_delete(&mc.interfaces, &mc.interfaces_size,
2738
while((interface = argz_next(mc.interfaces,
2739
mc.interfaces_size, interface))){
2740
if(strcmp(interface, "none") == 0){
2741
argz_delete(&mc.interfaces, &mc.interfaces_size,
2748
bool interface_was_up = interface_is_up(interface);
2749
errno = bring_up_interface(interface, delay);
2750
if(not interface_was_up){
2752
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2753
" %s\n", interface, strerror(errno));
2755
errno = argz_add(&interfaces_to_take_down,
2756
&interfaces_to_take_down_size,
2759
perror_plus("argz_add");
2764
if(debug and (interfaces_to_take_down == NULL)){
2765
fprintf_plus(stderr, "No interfaces were brought up\n");
2769
/* If we only got one interface, explicitly use only that one */
2770
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2772
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2775
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2782
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2784
fprintf_plus(stderr, "init_gnutls_global failed\n");
2785
exitcode = EX_UNAVAILABLE;
2788
gnutls_initialized = true;
2795
/* Try /run/tmp before /tmp */
2796
tempdir = mkdtemp(run_tempdir);
2797
if(tempdir == NULL and errno == ENOENT){
2799
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2800
run_tempdir, old_tempdir);
2802
tempdir = mkdtemp(old_tempdir);
2804
if(tempdir == NULL){
2805
perror_plus("mkdtemp");
2813
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2814
fprintf_plus(stderr, "init_gpgme failed\n");
2815
exitcode = EX_UNAVAILABLE;
2818
gpgme_initialized = true;
2825
if(connect_to != NULL){
2826
/* Connect directly, do not use Zeroconf */
2827
/* (Mainly meant for debugging) */
2828
char *address = strrchr(connect_to, ':');
2830
if(address == NULL){
2831
fprintf_plus(stderr, "No colon in address\n");
2832
exitcode = EX_USAGE;
2842
tmpmax = strtoimax(address+1, &tmp, 10);
2843
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2844
or tmpmax != (in_port_t)tmpmax){
2845
fprintf_plus(stderr, "Bad port number\n");
2846
exitcode = EX_USAGE;
2854
port = (in_port_t)tmpmax;
2856
/* Colon in address indicates IPv6 */
2858
if(strchr(connect_to, ':') != NULL){
2860
/* Accept [] around IPv6 address - see RFC 5952 */
2861
if(connect_to[0] == '[' and address[-1] == ']')
2869
address = connect_to;
2875
while(not quit_now){
2876
ret = start_mandos_communication(address, port, if_index, af,
2878
if(quit_now or ret == 0){
2882
fprintf_plus(stderr, "Retrying in %d seconds\n",
2883
(int)retry_interval);
2885
sleep((unsigned int)retry_interval);
2889
exitcode = EXIT_SUCCESS;
627
2900
AvahiServerConfig config;
628
AvahiSServiceBrowser *sb = NULL;
631
int returncode = EXIT_SUCCESS;
632
const char *interface = "eth0";
633
unsigned int if_index;
634
char *connect_to = NULL;
637
static struct option long_options[] = {
638
{"debug", no_argument, (int *)&debug, 1},
639
{"connect", required_argument, 0, 'c'},
640
{"interface", required_argument, 0, 'i'},
643
int option_index = 0;
644
ret = getopt_long (argc, argv, "i:", long_options,
665
if_index = if_nametoindex(interface);
667
fprintf(stderr, "No such interface: \"%s\"\n", interface);
671
if(connect_to != NULL){
672
/* Connect directly, do not use Zeroconf */
673
/* (Mainly meant for debugging) */
674
char *address = strrchr(connect_to, ':');
676
fprintf(stderr, "No colon in address\n");
680
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
682
perror("Bad port number");
686
address = connect_to;
687
ret = start_mandos_communication(address, port, if_index);
696
avahi_set_log_function(empty_log);
699
/* Initialize the psuedo-RNG */
700
srand((unsigned int) time(NULL));
702
/* Allocate main loop object */
703
if (!(simple_poll = avahi_simple_poll_new())) {
704
fprintf(stderr, "Failed to create simple poll object.\n");
709
/* Do not publish any local records */
2901
/* Do not publish any local Zeroconf records */
710
2902
avahi_server_config_init(&config);
711
2903
config.publish_hinfo = 0;
712
2904
config.publish_addresses = 0;
713
2905
config.publish_workstation = 0;
714
2906
config.publish_domain = 0;
716
2908
/* Allocate a new server */
717
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
718
&config, NULL, NULL, &error);
720
/* Free the configuration data */
2909
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2910
&config, NULL, NULL, &ret);
2912
/* Free the Avahi configuration data */
721
2913
avahi_server_config_free(&config);
723
/* Check if creating the server object succeeded */
725
fprintf(stderr, "Failed to create server: %s\n",
726
avahi_strerror(error));
727
returncode = EXIT_FAILURE;
731
/* Create the service browser */
732
sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,
734
"_mandos._tcp", NULL, 0,
735
browse_callback, server);
737
fprintf(stderr, "Failed to create service browser: %s\n",
738
avahi_strerror(avahi_server_errno(server)));
739
returncode = EXIT_FAILURE;
743
/* Run the main loop */
746
fprintf(stderr, "Starting avahi loop search\n");
749
avahi_simple_poll_loop(simple_poll);
754
fprintf(stderr, "%s exiting\n", argv[0]);
759
avahi_s_service_browser_free(sb);
762
avahi_server_free(server);
765
avahi_simple_poll_free(simple_poll);
2916
/* Check if creating the Avahi server object succeeded */
2917
if(mc.server == NULL){
2918
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2919
avahi_strerror(ret));
2920
exitcode = EX_UNAVAILABLE;
2928
/* Create the Avahi service browser */
2929
sb = avahi_s_service_browser_new(mc.server, if_index,
2930
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2931
NULL, 0, browse_callback,
2934
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2935
avahi_strerror(avahi_server_errno(mc.server)));
2936
exitcode = EX_UNAVAILABLE;
2944
/* Run the main loop */
2947
fprintf_plus(stderr, "Starting Avahi loop search\n");
2950
ret = avahi_loop_with_timeout(simple_poll,
2951
(int)(retry_interval * 1000), &mc);
2953
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2954
(ret == 0) ? "successfully" : "with error");
2960
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2963
/* Cleanup things */
2964
free(mc.interfaces);
2967
avahi_s_service_browser_free(sb);
2969
if(mc.server != NULL)
2970
avahi_server_free(mc.server);
2972
if(simple_poll != NULL)
2973
avahi_simple_poll_free(simple_poll);
2975
if(gnutls_initialized){
2976
gnutls_certificate_free_credentials(mc.cred);
2977
gnutls_dh_params_deinit(mc.dh_params);
2980
if(gpgme_initialized){
2981
gpgme_release(mc.ctx);
2984
/* Cleans up the circular linked list of Mandos servers the client
2986
if(mc.current_server != NULL){
2987
mc.current_server->prev->next = NULL;
2988
while(mc.current_server != NULL){
2989
server *next = mc.current_server->next;
2991
#pragma GCC diagnostic push
2992
#pragma GCC diagnostic ignored "-Wcast-qual"
2994
free((char *)(mc.current_server->ip));
2996
#pragma GCC diagnostic pop
2998
free(mc.current_server);
2999
mc.current_server = next;
3003
/* Re-raise privileges */
3005
ret = raise_privileges();
3008
perror_plus("Failed to raise privileges");
3011
/* Run network hooks */
3012
run_network_hooks("stop", interfaces_hooks != NULL ?
3013
interfaces_hooks : "", delay);
3015
/* Take down the network interfaces which were brought up */
3017
char *interface = NULL;
3018
while((interface=argz_next(interfaces_to_take_down,
3019
interfaces_to_take_down_size,
3021
ret = take_down_interface(interface);
3024
perror_plus("Failed to take down interface");
3027
if(debug and (interfaces_to_take_down == NULL)){
3028
fprintf_plus(stderr, "No interfaces needed to be taken"
3034
ret = lower_privileges_permanently();
3037
perror_plus("Failed to lower privileges permanently");
3041
free(interfaces_to_take_down);
3042
free(interfaces_hooks);
3044
void clean_dir_at(int base, const char * const dirname,
3046
struct dirent **direntries = NULL;
3048
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3054
perror_plus("open");
3056
int numentries = scandirat(dir_fd, ".", &direntries,
3057
notdotentries, alphasort);
3058
if(numentries >= 0){
3059
for(int i = 0; i < numentries; i++){
3061
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3062
dirname, direntries[i]->d_name);
3064
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3066
if(errno == EISDIR){
3067
dret = unlinkat(dir_fd, direntries[i]->d_name,
3070
if((dret == -1) and (errno == ENOTEMPTY)
3071
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3072
== 0) and (level == 0)){
3073
/* Recurse only in this special case */
3074
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3078
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3079
direntries[i]->d_name, strerror(errno));
3082
free(direntries[i]);
3085
/* need to clean even if 0 because man page doesn't specify */
3087
if(numentries == -1){
3088
perror_plus("scandirat");
3090
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3091
if(dret == -1 and errno != ENOENT){
3092
perror_plus("rmdir");
3095
perror_plus("scandirat");
3100
/* Removes the GPGME temp directory and all files inside */
3101
if(tempdir != NULL){
3102
clean_dir_at(-1, tempdir, 0);
3106
sigemptyset(&old_sigterm_action.sa_mask);
3107
old_sigterm_action.sa_handler = SIG_DFL;
3108
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3109
&old_sigterm_action,
3112
perror_plus("sigaction");
3115
ret = raise(signal_received);
3116
} while(ret != 0 and errno == EINTR);
3118
perror_plus("raise");
3121
TEMP_FAILURE_RETRY(pause());