47
116
#include <avahi-common/malloc.h>
48
117
#include <avahi-common/error.h>
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
65
#include <errno.h> /* perror() */
120
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
123
init_gnutls_session(),
125
#include <gnutls/openpgp.h>
126
/* gnutls_certificate_set_openpgp_key_file(),
127
GNUTLS_OPENPGP_FMT_BASE64 */
130
#include <gpgme.h> /* All GPGME types, constants and
133
GPGME_PROTOCOL_OpenPGP,
71
136
#define BUFFER_SIZE 256
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
138
#define PATHDIR "/conf/conf.d/mandos"
139
#define SECKEY "seckey.txt"
140
#define PUBKEY "pubkey.txt"
141
#define HOOKDIR "/lib/mandos/network-hooks.d"
78
143
bool debug = false;
144
static const char mandos_protocol_version[] = "1";
145
const char *argp_program_version = "mandos-client " VERSION;
146
const char *argp_program_bug_address = "<mandos@recompile.se>";
147
static const char sys_class_net[] = "/sys/class/net";
148
char *connect_to = NULL;
149
const char *hookdir = HOOKDIR;
154
/* Doubly linked list that need to be circularly linked when used */
155
typedef struct server{
158
AvahiIfIndex if_index;
160
struct timespec last_seen;
165
/* Used for passing in values through the Avahi callback functions */
81
AvahiSimplePoll *simple_poll;
82
167
AvahiServer *server;
83
168
gnutls_certificate_credentials_t cred;
84
169
unsigned int dh_bits;
170
gnutls_dh_params_t dh_params;
85
171
const char *priority;
173
server *current_server;
175
size_t interfaces_size;
88
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
91
gpgme_data_t dh_crypto, dh_plain;
178
/* global so signal handler can reach it*/
179
AvahiSimplePoll *simple_poll;
181
sig_atomic_t quit_now = 0;
182
int signal_received = 0;
184
/* Function to use when printing errors */
185
void perror_plus(const char *print_text){
187
fprintf(stderr, "Mandos plugin %s: ",
188
program_invocation_short_name);
193
__attribute__((format (gnu_printf, 2, 3), nonnull))
194
int fprintf_plus(FILE *stream, const char *format, ...){
196
va_start (ap, format);
198
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
199
program_invocation_short_name));
200
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
204
* Make additional room in "buffer" for at least BUFFER_SIZE more
205
* bytes. "buffer_capacity" is how much is currently allocated,
206
* "buffer_length" is how much is already used.
208
__attribute__((nonnull, warn_unused_result))
209
size_t incbuffer(char **buffer, size_t buffer_length,
210
size_t buffer_capacity){
211
if(buffer_length + BUFFER_SIZE > buffer_capacity){
212
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
214
int old_errno = errno;
221
buffer_capacity += BUFFER_SIZE;
223
return buffer_capacity;
226
/* Add server to set of servers to retry periodically */
227
__attribute__((nonnull, warn_unused_result))
228
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
229
int af, server **current_server){
231
server *new_server = malloc(sizeof(server));
232
if(new_server == NULL){
233
perror_plus("malloc");
236
*new_server = (server){ .ip = strdup(ip),
238
.if_index = if_index,
240
if(new_server->ip == NULL){
241
perror_plus("strdup");
245
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
247
perror_plus("clock_gettime");
249
#pragma GCC diagnostic push
250
#pragma GCC diagnostic ignored "-Wcast-qual"
252
free((char *)(new_server->ip));
254
#pragma GCC diagnostic pop
259
/* Special case of first server */
260
if(*current_server == NULL){
261
new_server->next = new_server;
262
new_server->prev = new_server;
263
*current_server = new_server;
265
/* Place the new server last in the list */
266
new_server->next = *current_server;
267
new_server->prev = (*current_server)->prev;
268
new_server->prev->next = new_server;
269
(*current_server)->prev = new_server;
277
__attribute__((nonnull, warn_unused_result))
278
static bool init_gpgme(const char * const seckey,
279
const char * const pubkey,
280
const char * const tempdir,
95
ssize_t new_packet_capacity = 0;
96
ssize_t new_packet_length = 0;
97
283
gpgme_engine_info_t engine_info;
100
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
286
* Helper function to insert pub and seckey to the engine keyring.
288
bool import_key(const char * const filename){
291
gpgme_data_t pgp_data;
293
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
299
rc = gpgme_data_new_from_fd(&pgp_data, fd);
300
if(rc != GPG_ERR_NO_ERROR){
301
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
302
gpgme_strsource(rc), gpgme_strerror(rc));
306
rc = gpgme_op_import(mc->ctx, pgp_data);
307
if(rc != GPG_ERR_NO_ERROR){
308
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
309
gpgme_strsource(rc), gpgme_strerror(rc));
315
perror_plus("close");
317
gpgme_data_release(pgp_data);
322
fprintf_plus(stderr, "Initializing GPGME\n");
104
326
gpgme_check_version(NULL);
105
327
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
106
if (rc != GPG_ERR_NO_ERROR){
107
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
108
gpgme_strsource(rc), gpgme_strerror(rc));
328
if(rc != GPG_ERR_NO_ERROR){
329
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
330
gpgme_strsource(rc), gpgme_strerror(rc));
112
/* Set GPGME home directory */
113
rc = gpgme_get_engine_info (&engine_info);
114
if (rc != GPG_ERR_NO_ERROR){
115
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
116
gpgme_strsource(rc), gpgme_strerror(rc));
334
/* Set GPGME home directory for the OpenPGP engine only */
335
rc = gpgme_get_engine_info(&engine_info);
336
if(rc != GPG_ERR_NO_ERROR){
337
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
338
gpgme_strsource(rc), gpgme_strerror(rc));
119
341
while(engine_info != NULL){
120
342
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
121
343
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
122
engine_info->file_name, homedir);
344
engine_info->file_name, tempdir);
125
347
engine_info = engine_info->next;
127
349
if(engine_info == NULL){
128
fprintf(stderr, "Could not set home dir to %s\n", homedir);
132
/* Create new GPGME data buffer from packet buffer */
133
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
134
if (rc != GPG_ERR_NO_ERROR){
135
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
136
gpgme_strsource(rc), gpgme_strerror(rc));
350
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
355
/* Create new GPGME "context" */
356
rc = gpgme_new(&(mc->ctx));
357
if(rc != GPG_ERR_NO_ERROR){
358
fprintf_plus(stderr, "Mandos plugin mandos-client: "
359
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
364
if(not import_key(pubkey) or not import_key(seckey)){
372
* Decrypt OpenPGP data.
373
* Returns -1 on error
375
__attribute__((nonnull, warn_unused_result))
376
static ssize_t pgp_packet_decrypt(const char *cryptotext,
380
gpgme_data_t dh_crypto, dh_plain;
383
size_t plaintext_capacity = 0;
384
ssize_t plaintext_length = 0;
387
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
390
/* Create new GPGME data buffer from memory cryptotext */
391
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
393
if(rc != GPG_ERR_NO_ERROR){
394
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
395
gpgme_strsource(rc), gpgme_strerror(rc));
140
399
/* Create new empty GPGME data buffer for the plaintext */
141
400
rc = gpgme_data_new(&dh_plain);
142
if (rc != GPG_ERR_NO_ERROR){
143
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
144
gpgme_strsource(rc), gpgme_strerror(rc));
148
/* Create new GPGME "context" */
149
rc = gpgme_new(&ctx);
150
if (rc != GPG_ERR_NO_ERROR){
151
fprintf(stderr, "bad gpgme_new: %s: %s\n",
152
gpgme_strsource(rc), gpgme_strerror(rc));
156
/* Decrypt data from the FILE pointer to the plaintext data
158
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
159
if (rc != GPG_ERR_NO_ERROR){
160
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
161
gpgme_strsource(rc), gpgme_strerror(rc));
166
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
170
gpgme_decrypt_result_t result;
171
result = gpgme_op_decrypt_result(ctx);
173
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
175
fprintf(stderr, "Unsupported algorithm: %s\n",
176
result->unsupported_algorithm);
177
fprintf(stderr, "Wrong key usage: %d\n",
178
result->wrong_key_usage);
179
if(result->file_name != NULL){
180
fprintf(stderr, "File name: %s\n", result->file_name);
182
gpgme_recipient_t recipient;
183
recipient = result->recipients;
401
if(rc != GPG_ERR_NO_ERROR){
402
fprintf_plus(stderr, "Mandos plugin mandos-client: "
403
"bad gpgme_data_new: %s: %s\n",
404
gpgme_strsource(rc), gpgme_strerror(rc));
405
gpgme_data_release(dh_crypto);
409
/* Decrypt data from the cryptotext data buffer to the plaintext
411
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
412
if(rc != GPG_ERR_NO_ERROR){
413
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
414
gpgme_strsource(rc), gpgme_strerror(rc));
415
plaintext_length = -1;
417
gpgme_decrypt_result_t result;
418
result = gpgme_op_decrypt_result(mc->ctx);
420
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
422
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
423
result->unsupported_algorithm);
424
fprintf_plus(stderr, "Wrong key usage: %u\n",
425
result->wrong_key_usage);
426
if(result->file_name != NULL){
427
fprintf_plus(stderr, "File name: %s\n", result->file_name);
429
gpgme_recipient_t recipient;
430
recipient = result->recipients;
185
431
while(recipient != NULL){
186
fprintf(stderr, "Public key algorithm: %s\n",
187
gpgme_pubkey_algo_name(recipient->pubkey_algo));
188
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
189
fprintf(stderr, "Secret key available: %s\n",
190
recipient->status == GPG_ERR_NO_SECKEY
432
fprintf_plus(stderr, "Public key algorithm: %s\n",
433
gpgme_pubkey_algo_name
434
(recipient->pubkey_algo));
435
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
436
fprintf_plus(stderr, "Secret key available: %s\n",
437
recipient->status == GPG_ERR_NO_SECKEY
192
439
recipient = recipient->next;
198
/* Delete the GPGME FILE pointer cryptotext data buffer */
199
gpgme_data_release(dh_crypto);
447
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
201
450
/* Seek back to the beginning of the GPGME plaintext data buffer */
202
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
203
perror("pgpme_data_seek");
451
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
452
perror_plus("gpgme_data_seek");
453
plaintext_length = -1;
208
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
209
*new_packet = realloc(*new_packet,
210
(unsigned int)new_packet_capacity
212
if (*new_packet == NULL){
216
new_packet_capacity += BUFFER_SIZE;
459
plaintext_capacity = incbuffer(plaintext,
460
(size_t)plaintext_length,
462
if(plaintext_capacity == 0){
463
perror_plus("incbuffer");
464
plaintext_length = -1;
219
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
468
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
221
470
/* Print the data, if any */
226
perror("gpgme_data_read");
229
new_packet_length += ret;
232
/* FIXME: check characters before printing to screen so to not print
233
terminal control characters */
235
/* fprintf(stderr, "decrypted password is: "); */
236
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
237
/* fprintf(stderr, "\n"); */
476
perror_plus("gpgme_data_read");
477
plaintext_length = -1;
480
plaintext_length += ret;
484
fprintf_plus(stderr, "Decrypted password is: ");
485
for(ssize_t i = 0; i < plaintext_length; i++){
486
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
488
fprintf(stderr, "\n");
493
/* Delete the GPGME cryptotext data buffer */
494
gpgme_data_release(dh_crypto);
240
496
/* Delete the GPGME plaintext data buffer */
241
497
gpgme_data_release(dh_plain);
242
return new_packet_length;
245
static const char * safer_gnutls_strerror (int value) {
246
const char *ret = gnutls_strerror (value);
498
return plaintext_length;
501
__attribute__((warn_unused_result, const))
502
static const char *safe_string(const char *str){
508
__attribute__((warn_unused_result))
509
static const char *safer_gnutls_strerror(int value){
510
const char *ret = gnutls_strerror(value);
511
return safe_string(ret);
514
/* GnuTLS log function callback */
515
__attribute__((nonnull))
252
516
static void debuggnutls(__attribute__((unused)) int level,
253
517
const char* string){
254
fprintf(stderr, "%s", string);
518
fprintf_plus(stderr, "GnuTLS: %s", string);
257
static int initgnutls(mandos_context *mc){
521
__attribute__((nonnull(1, 2, 4), warn_unused_result))
522
static int init_gnutls_global(const char *pubkeyfilename,
523
const char *seckeyfilename,
524
const char *dhparamsfilename,
262
fprintf(stderr, "Initializing GnuTLS\n");
265
if ((ret = gnutls_global_init ())
266
!= GNUTLS_E_SUCCESS) {
267
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
530
fprintf_plus(stderr, "Initializing GnuTLS\n");
534
/* "Use a log level over 10 to enable all debugging options."
272
537
gnutls_global_set_log_level(11);
273
538
gnutls_global_set_log_function(debuggnutls);
276
/* openpgp credentials */
277
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
278
!= GNUTLS_E_SUCCESS) {
279
fprintf (stderr, "memory error: %s\n",
280
safer_gnutls_strerror(ret));
541
/* OpenPGP credentials */
542
ret = gnutls_certificate_allocate_credentials(&mc->cred);
543
if(ret != GNUTLS_E_SUCCESS){
544
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
545
safer_gnutls_strerror(ret));
285
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
286
" and keyfile %s as GnuTLS credentials\n", certfile,
550
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
551
" secret key %s as GnuTLS credentials\n",
290
556
ret = gnutls_certificate_set_openpgp_key_file
291
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
292
if (ret != GNUTLS_E_SUCCESS) {
294
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
296
ret, certfile, certkey);
297
fprintf(stdout, "The Error is: %s\n",
298
safer_gnutls_strerror(ret));
302
//GnuTLS server initialization
303
if ((ret = gnutls_dh_params_init (&es->dh_params))
304
!= GNUTLS_E_SUCCESS) {
305
fprintf (stderr, "Error in dh parameter initialization: %s\n",
306
safer_gnutls_strerror(ret));
310
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
311
!= GNUTLS_E_SUCCESS) {
312
fprintf (stderr, "Error in prime generation: %s\n",
313
safer_gnutls_strerror(ret));
317
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
319
// GnuTLS session creation
320
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
321
!= GNUTLS_E_SUCCESS){
322
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
323
safer_gnutls_strerror(ret));
326
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
327
!= GNUTLS_E_SUCCESS) {
328
fprintf(stderr, "Syntax error at: %s\n", err);
329
fprintf(stderr, "GnuTLS error: %s\n",
330
safer_gnutls_strerror(ret));
334
if ((ret = gnutls_credentials_set
335
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
336
!= GNUTLS_E_SUCCESS) {
337
fprintf(stderr, "Error setting a credentials set: %s\n",
338
safer_gnutls_strerror(ret));
557
(mc->cred, pubkeyfilename, seckeyfilename,
558
GNUTLS_OPENPGP_FMT_BASE64);
559
if(ret != GNUTLS_E_SUCCESS){
561
"Error[%d] while reading the OpenPGP key pair ('%s',"
562
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
563
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
564
safer_gnutls_strerror(ret));
568
/* GnuTLS server initialization */
569
ret = gnutls_dh_params_init(&mc->dh_params);
570
if(ret != GNUTLS_E_SUCCESS){
571
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
572
" initialization: %s\n",
573
safer_gnutls_strerror(ret));
576
/* If a Diffie-Hellman parameters file was given, try to use it */
577
if(dhparamsfilename != NULL){
578
gnutls_datum_t params = { .data = NULL, .size = 0 };
580
int dhpfile = open(dhparamsfilename, O_RDONLY);
583
dhparamsfilename = NULL;
586
size_t params_capacity = 0;
588
params_capacity = incbuffer((char **)¶ms.data,
590
(size_t)params_capacity);
591
if(params_capacity == 0){
592
perror_plus("incbuffer");
595
dhparamsfilename = NULL;
598
ssize_t bytes_read = read(dhpfile,
599
params.data + params.size,
605
/* check bytes_read for failure */
610
dhparamsfilename = NULL;
613
params.size += (unsigned int)bytes_read;
615
if(params.data == NULL){
616
dhparamsfilename = NULL;
618
if(dhparamsfilename == NULL){
621
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
622
GNUTLS_X509_FMT_PEM);
623
if(ret != GNUTLS_E_SUCCESS){
624
fprintf_plus(stderr, "Failed to parse DH parameters in file"
625
" \"%s\": %s\n", dhparamsfilename,
626
safer_gnutls_strerror(ret));
627
dhparamsfilename = NULL;
632
if(dhparamsfilename == NULL){
633
if(mc->dh_bits == 0){
634
/* Find out the optimal number of DH bits */
635
/* Try to read the private key file */
636
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
638
int secfile = open(seckeyfilename, O_RDONLY);
643
size_t buffer_capacity = 0;
645
buffer_capacity = incbuffer((char **)&buffer.data,
647
(size_t)buffer_capacity);
648
if(buffer_capacity == 0){
649
perror_plus("incbuffer");
654
ssize_t bytes_read = read(secfile,
655
buffer.data + buffer.size,
661
/* check bytes_read for failure */
668
buffer.size += (unsigned int)bytes_read;
672
/* If successful, use buffer to parse private key */
673
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
674
if(buffer.data != NULL){
676
gnutls_openpgp_privkey_t privkey = NULL;
677
ret = gnutls_openpgp_privkey_init(&privkey);
678
if(ret != GNUTLS_E_SUCCESS){
679
fprintf_plus(stderr, "Error initializing OpenPGP key"
681
safer_gnutls_strerror(ret));
685
ret = gnutls_openpgp_privkey_import
686
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
687
if(ret != GNUTLS_E_SUCCESS){
688
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
689
safer_gnutls_strerror(ret));
695
/* Use private key to suggest an appropriate
697
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
698
gnutls_openpgp_privkey_deinit(privkey);
700
fprintf_plus(stderr, "This OpenPGP key implies using"
701
" a GnuTLS security parameter \"%s\".\n",
702
safe_string(gnutls_sec_param_get_name
708
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
709
/* Err on the side of caution */
710
sec_param = GNUTLS_SEC_PARAM_ULTRA;
712
fprintf_plus(stderr, "Falling back to security parameter"
714
safe_string(gnutls_sec_param_get_name
719
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
723
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
724
" implies %u DH bits; using that.\n",
725
safe_string(gnutls_sec_param_get_name
730
fprintf_plus(stderr, "Failed to get implied number of DH"
731
" bits for security parameter \"%s\"): %s\n",
732
safe_string(gnutls_sec_param_get_name
734
safer_gnutls_strerror(ret));
738
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
742
if(ret != GNUTLS_E_SUCCESS){
743
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
744
" bits): %s\n", mc->dh_bits,
745
safer_gnutls_strerror(ret));
749
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
755
gnutls_certificate_free_credentials(mc->cred);
756
gnutls_dh_params_deinit(mc->dh_params);
760
__attribute__((nonnull, warn_unused_result))
761
static int init_gnutls_session(gnutls_session_t *session,
764
/* GnuTLS session creation */
766
ret = gnutls_init(session, GNUTLS_SERVER);
770
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
771
if(ret != GNUTLS_E_SUCCESS){
773
"Error in GnuTLS session initialization: %s\n",
774
safer_gnutls_strerror(ret));
780
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
782
gnutls_deinit(*session);
785
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
786
if(ret != GNUTLS_E_SUCCESS){
787
fprintf_plus(stderr, "Syntax error at: %s\n", err);
788
fprintf_plus(stderr, "GnuTLS error: %s\n",
789
safer_gnutls_strerror(ret));
790
gnutls_deinit(*session);
796
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
799
gnutls_deinit(*session);
802
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
803
if(ret != GNUTLS_E_SUCCESS){
804
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
805
safer_gnutls_strerror(ret));
806
gnutls_deinit(*session);
342
810
/* ignore client certificate if any. */
343
gnutls_certificate_server_set_request (es->session,
346
gnutls_dh_set_prime_bits (es->session, DH_BITS);
811
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
816
/* Avahi log function callback */
351
817
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
352
818
__attribute__((unused)) const char *txt){}
354
static int start_mandos_communication(const char *ip, uint16_t port,
820
/* Set effective uid to 0, return errno */
821
__attribute__((warn_unused_result))
822
int raise_privileges(void){
823
int old_errno = errno;
825
if(seteuid(0) == -1){
832
/* Set effective and real user ID to 0. Return errno. */
833
__attribute__((warn_unused_result))
834
int raise_privileges_permanently(void){
835
int old_errno = errno;
836
int ret = raise_privileges();
848
/* Set effective user ID to unprivileged saved user ID */
849
__attribute__((warn_unused_result))
850
int lower_privileges(void){
851
int old_errno = errno;
853
if(seteuid(uid) == -1){
860
/* Lower privileges permanently */
861
__attribute__((warn_unused_result))
862
int lower_privileges_permanently(void){
863
int old_errno = errno;
865
if(setuid(uid) == -1){
872
/* Helper function to add_local_route() and delete_local_route() */
873
__attribute__((nonnull, warn_unused_result))
874
static bool add_delete_local_route(const bool add,
876
AvahiIfIndex if_index){
878
char helper[] = "mandos-client-iprouteadddel";
879
char add_arg[] = "add";
880
char delete_arg[] = "delete";
881
char debug_flag[] = "--debug";
882
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
883
if(pluginhelperdir == NULL){
885
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
886
" variable not set; cannot run helper\n");
891
char interface[IF_NAMESIZE];
892
if(if_indextoname((unsigned int)if_index, interface) == NULL){
893
perror_plus("if_indextoname");
897
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
899
perror_plus("open(\"/dev/null\", O_RDONLY)");
905
/* Raise privileges */
906
errno = raise_privileges_permanently();
908
perror_plus("Failed to raise privileges");
909
/* _exit(EX_NOPERM); */
915
perror_plus("setgid");
918
/* Reset supplementary groups */
920
ret = setgroups(0, NULL);
922
perror_plus("setgroups");
926
ret = dup2(devnull, STDIN_FILENO);
928
perror_plus("dup2(devnull, STDIN_FILENO)");
931
ret = close(devnull);
933
perror_plus("close");
936
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
938
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
941
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
946
if(helperdir_fd == -1){
948
_exit(EX_UNAVAILABLE);
950
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
953
perror_plus("openat");
955
_exit(EX_UNAVAILABLE);
959
#pragma GCC diagnostic push
960
#pragma GCC diagnostic ignored "-Wcast-qual"
962
if(fexecve(helper_fd, (char *const [])
963
{ helper, add ? add_arg : delete_arg, (char *)address,
964
interface, debug ? debug_flag : NULL, NULL },
967
#pragma GCC diagnostic pop
969
perror_plus("fexecve");
981
pret = waitpid(pid, &status, 0);
982
if(pret == -1 and errno == EINTR and quit_now){
983
int errno_raising = 0;
984
if((errno = raise_privileges()) != 0){
985
errno_raising = errno;
986
perror_plus("Failed to raise privileges in order to"
987
" kill helper program");
989
if(kill(pid, SIGTERM) == -1){
992
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
993
perror_plus("Failed to lower privileges after killing"
998
} while(pret == -1 and errno == EINTR);
1000
perror_plus("waitpid");
1003
if(WIFEXITED(status)){
1004
if(WEXITSTATUS(status) != 0){
1005
fprintf_plus(stderr, "Error: iprouteadddel exited"
1006
" with status %d\n", WEXITSTATUS(status));
1011
if(WIFSIGNALED(status)){
1012
fprintf_plus(stderr, "Error: iprouteadddel died by"
1013
" signal %d\n", WTERMSIG(status));
1016
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1020
__attribute__((nonnull, warn_unused_result))
1021
static bool add_local_route(const char *address,
1022
AvahiIfIndex if_index){
1024
fprintf_plus(stderr, "Adding route to %s\n", address);
1026
return add_delete_local_route(true, address, if_index);
1029
__attribute__((nonnull, warn_unused_result))
1030
static bool delete_local_route(const char *address,
1031
AvahiIfIndex if_index){
1033
fprintf_plus(stderr, "Removing route to %s\n", address);
1035
return add_delete_local_route(false, address, if_index);
1038
/* Called when a Mandos server is found */
1039
__attribute__((nonnull, warn_unused_result))
1040
static int start_mandos_communication(const char *ip, in_port_t port,
355
1041
AvahiIfIndex if_index,
358
struct sockaddr_in6 to;
359
encrypted_session es;
1042
int af, mandos_context *mc){
1043
int ret, tcp_sd = -1;
1045
struct sockaddr_storage to;
360
1046
char *buffer = NULL;
361
char *decrypted_buffer;
1047
char *decrypted_buffer = NULL;
362
1048
size_t buffer_length = 0;
363
1049
size_t buffer_capacity = 0;
364
ssize_t decrypted_buffer_size;
367
char interface[IF_NAMESIZE];
370
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
374
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
381
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1052
gnutls_session_t session;
1053
int pf; /* Protocol family */
1054
bool route_added = false;
1071
fprintf_plus(stderr, "Bad address family: %d\n", af);
1076
/* If the interface is specified and we have a list of interfaces */
1077
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1078
/* Check if the interface is one of the interfaces we are using */
1081
char *interface = NULL;
1082
while((interface = argz_next(mc->interfaces,
1083
mc->interfaces_size,
1085
if(if_nametoindex(interface) == (unsigned int)if_index){
1092
/* This interface does not match any in the list, so we don't
1093
connect to the server */
383
perror("if_indextoname");
1095
char interface[IF_NAMESIZE];
1096
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1097
perror_plus("if_indextoname");
1099
fprintf_plus(stderr, "Skipping server on non-used interface"
1101
if_indextoname((unsigned int)if_index,
388
fprintf(stderr, "Binding to interface %s\n", interface);
391
memset(&to,0,sizeof(to)); /* Spurious warning */
392
to.sin6_family = AF_INET6;
393
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
1109
ret = init_gnutls_session(&session, mc);
1115
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1116
PRIuMAX "\n", ip, (uintmax_t)port);
1119
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1122
perror_plus("socket");
1133
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1134
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1135
ret = inet_pton(af, ip, &to6->sin6_addr);
1137
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1138
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1139
ret = inet_pton(af, ip, &to4->sin_addr);
1143
perror_plus("inet_pton");
399
fprintf(stderr, "Bad address: %s\n", ip);
402
to.sin6_port = htons(port); /* Spurious warning */
404
to.sin6_scope_id = (uint32_t)if_index;
407
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
408
/* char addrstr[INET6_ADDRSTRLEN]; */
409
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
410
/* sizeof(addrstr)) == NULL){ */
411
/* perror("inet_ntop"); */
413
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
414
/* addrstr, ntohs(to.sin6_port)); */
418
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
424
ret = initgnutls (&es);
430
gnutls_transport_set_ptr (es.session,
431
(gnutls_transport_ptr_t) tcp_sd);
434
fprintf(stderr, "Establishing TLS session with %s\n", ip);
437
ret = gnutls_handshake (es.session);
439
if (ret != GNUTLS_E_SUCCESS){
1149
fprintf_plus(stderr, "Bad address: %s\n", ip);
1154
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1155
if(IN6_IS_ADDR_LINKLOCAL
1156
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1157
if(if_index == AVAHI_IF_UNSPEC){
1158
fprintf_plus(stderr, "An IPv6 link-local address is"
1159
" incomplete without a network interface\n");
1163
/* Set the network interface number as scope */
1164
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1167
((struct sockaddr_in *)&to)->sin_port = htons(port);
1176
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1177
char interface[IF_NAMESIZE];
1178
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1179
perror_plus("if_indextoname");
1181
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1182
"\n", ip, interface, (uintmax_t)port);
1185
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1186
ip, (uintmax_t)port);
1188
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1189
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1191
ret = getnameinfo((struct sockaddr *)&to,
1192
sizeof(struct sockaddr_in6),
1193
addrstr, sizeof(addrstr), NULL, 0,
1196
ret = getnameinfo((struct sockaddr *)&to,
1197
sizeof(struct sockaddr_in),
1198
addrstr, sizeof(addrstr), NULL, 0,
1201
if(ret == EAI_SYSTEM){
1202
perror_plus("getnameinfo");
1203
} else if(ret != 0) {
1204
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1205
} else if(strcmp(addrstr, ip) != 0){
1206
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1217
ret = connect(tcp_sd, (struct sockaddr *)&to,
1218
sizeof(struct sockaddr_in6));
1220
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1221
sizeof(struct sockaddr_in));
1224
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1225
and if_index != AVAHI_IF_UNSPEC
1226
and connect_to == NULL
1227
and not route_added and
1228
((af == AF_INET6 and not
1229
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1231
or (af == AF_INET and
1232
/* Not a a IPv4LL address */
1233
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1234
& 0xFFFF0000L) != 0xA9FE0000L))){
1235
/* Work around Avahi bug - Avahi does not announce link-local
1236
addresses if it has a global address, so local hosts with
1237
*only* a link-local address (e.g. Mandos clients) cannot
1238
connect to a Mandos server announced by Avahi on a server
1239
host with a global address. Work around this by retrying
1240
with an explicit route added with the server's address.
1242
Avahi bug reference:
1243
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1244
https://bugs.debian.org/587961
1247
fprintf_plus(stderr, "Mandos server unreachable, trying"
1251
route_added = add_local_route(ip, if_index);
1257
if(errno != ECONNREFUSED or debug){
1259
perror_plus("connect");
1272
const char *out = mandos_protocol_version;
1275
size_t out_size = strlen(out);
1276
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1277
out_size - written));
1280
perror_plus("write");
1284
written += (size_t)ret;
1285
if(written < out_size){
1288
if(out == mandos_protocol_version){
1303
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1311
/* This casting via intptr_t is to eliminate warning about casting
1312
an int to a pointer type. This is exactly how the GnuTLS Guile
1313
function "set-session-transport-fd!" does it. */
1314
gnutls_transport_set_ptr(session,
1315
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1323
ret = gnutls_handshake(session);
1328
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1330
if(ret != GNUTLS_E_SUCCESS){
441
fprintf(stderr, "\n*** Handshake failed ***\n");
1332
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
448
//Retrieve OpenPGP packet that contains the wanted password
1339
/* Read OpenPGP packet that contains the wanted password */
451
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
1342
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
456
if (buffer_length + BUFFER_SIZE > buffer_capacity){
457
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
462
buffer_capacity += BUFFER_SIZE;
465
ret = gnutls_record_recv
466
(es.session, buffer+buffer_length, BUFFER_SIZE);
1353
buffer_capacity = incbuffer(&buffer, buffer_length,
1355
if(buffer_capacity == 0){
1357
perror_plus("incbuffer");
1367
sret = gnutls_record_recv(session, buffer+buffer_length,
472
1374
case GNUTLS_E_INTERRUPTED:
473
1375
case GNUTLS_E_AGAIN:
475
1377
case GNUTLS_E_REHANDSHAKE:
476
ret = gnutls_handshake (es.session);
478
fprintf(stderr, "\n*** Handshake failed ***\n");
1379
ret = gnutls_handshake(session);
1385
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1387
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
485
fprintf(stderr, "Unknown error while reading data from"
486
" encrypted session with mandos server\n");
488
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
1395
fprintf_plus(stderr, "Unknown error while reading data from"
1396
" encrypted session with Mandos server\n");
1397
gnutls_bye(session, GNUTLS_SHUT_RDWR);
492
buffer_length += (size_t) ret;
496
if (buffer_length > 0){
497
decrypted_buffer_size = pgp_packet_decrypt(buffer,
501
if (decrypted_buffer_size >= 0){
1402
buffer_length += (size_t) sret;
1407
fprintf_plus(stderr, "Closing TLS session\n");
1416
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1421
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1423
if(buffer_length > 0){
1424
ssize_t decrypted_buffer_size;
1425
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1426
&decrypted_buffer, mc);
1427
if(decrypted_buffer_size >= 0){
502
1431
while(written < (size_t) decrypted_buffer_size){
503
ret = (int)fwrite (decrypted_buffer + written, 1,
504
(size_t)decrypted_buffer_size - written,
1437
ret = (int)fwrite(decrypted_buffer + written, 1,
1438
(size_t)decrypted_buffer_size - written,
506
1440
if(ret == 0 and ferror(stdout)){
508
fprintf(stderr, "Error writing encrypted data: %s\n",
1443
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
514
1449
written += (size_t)ret;
516
free(decrypted_buffer);
1451
ret = fflush(stdout);
1455
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1465
/* Shutdown procedure */
1470
if(not delete_local_route(ip, if_index)){
1471
fprintf_plus(stderr, "Failed to delete local route to %s on"
1472
" interface %d", ip, if_index);
1476
free(decrypted_buffer);
1479
ret = close(tcp_sd);
1485
perror_plus("close");
1487
gnutls_deinit(session);
525
fprintf(stderr, "Closing TLS session\n");
529
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
532
gnutls_deinit (es.session);
533
gnutls_certificate_free_credentials (es.cred);
534
gnutls_global_deinit ();
538
static void resolve_callback( AvahiSServiceResolver *r,
539
AvahiIfIndex interface,
540
AVAHI_GCC_UNUSED AvahiProtocol protocol,
541
AvahiResolverEvent event,
545
const char *host_name,
546
const AvahiAddress *address,
548
AVAHI_GCC_UNUSED AvahiStringList *txt,
549
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
550
AVAHI_GCC_UNUSED void* userdata) {
551
mandos_context *mc = userdata;
552
assert(r); /* Spurious warning */
1497
static void resolve_callback(AvahiSServiceResolver *r,
1498
AvahiIfIndex interface,
1499
AvahiProtocol proto,
1500
AvahiResolverEvent event,
1504
const char *host_name,
1505
const AvahiAddress *address,
1507
AVAHI_GCC_UNUSED AvahiStringList *txt,
1508
AVAHI_GCC_UNUSED AvahiLookupResultFlags
554
1515
/* Called whenever a service has been resolved successfully or
1519
avahi_s_service_resolver_free(r);
559
1525
case AVAHI_RESOLVER_FAILURE:
560
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
561
" type '%s' in domain '%s': %s\n", name, type, domain,
562
avahi_strerror(avahi_server_errno(mc->server)));
1526
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1527
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1529
avahi_strerror(avahi_server_errno
1530
(((mandos_context*)mc)->server)));
565
1533
case AVAHI_RESOLVER_FOUND:
567
1535
char ip[AVAHI_ADDRESS_STR_MAX];
568
1536
avahi_address_snprint(ip, sizeof(ip), address);
570
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
571
" port %d\n", name, host_name, ip, port);
1538
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1539
PRIdMAX ") on port %" PRIu16 "\n", name,
1540
host_name, ip, (intmax_t)interface, port);
573
int ret = start_mandos_communication(ip, port, interface, mc);
1542
int ret = start_mandos_communication(ip, (in_port_t)port,
1544
avahi_proto_to_af(proto),
1547
avahi_simple_poll_quit(simple_poll);
1549
if(not add_server(ip, (in_port_t)port, interface,
1550
avahi_proto_to_af(proto),
1551
&((mandos_context*)mc)->current_server)){
1552
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
579
1558
avahi_s_service_resolver_free(r);
582
static void browse_callback( AvahiSServiceBrowser *b,
583
AvahiIfIndex interface,
584
AvahiProtocol protocol,
585
AvahiBrowserEvent event,
589
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
591
mandos_context *mc = userdata;
592
assert(b); /* Spurious warning */
1561
static void browse_callback(AvahiSServiceBrowser *b,
1562
AvahiIfIndex interface,
1563
AvahiProtocol protocol,
1564
AvahiBrowserEvent event,
1568
AVAHI_GCC_UNUSED AvahiLookupResultFlags
594
1575
/* Called whenever a new services becomes available on the LAN or
595
1576
is removed from the LAN */
599
1584
case AVAHI_BROWSER_FAILURE:
601
fprintf(stderr, "(Browser) %s\n",
602
avahi_strerror(avahi_server_errno(mc->server)));
603
avahi_simple_poll_quit(mc->simple_poll);
1586
fprintf_plus(stderr, "(Avahi browser) %s\n",
1587
avahi_strerror(avahi_server_errno
1588
(((mandos_context*)mc)->server)));
1589
avahi_simple_poll_quit(simple_poll);
606
1592
case AVAHI_BROWSER_NEW:
607
/* We ignore the returned resolver object. In the callback
608
function we free it. If the server is terminated before
609
the callback function is called the server will free
610
the resolver for us. */
612
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
614
AVAHI_PROTO_INET6, 0,
615
resolve_callback, mc)))
616
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
617
avahi_strerror(avahi_server_errno(s)));
1593
/* We ignore the returned Avahi resolver object. In the callback
1594
function we free it. If the Avahi server is terminated before
1595
the callback function is called the Avahi server will free the
1598
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1599
interface, protocol, name, type,
1600
domain, protocol, 0,
1601
resolve_callback, mc) == NULL)
1602
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1604
avahi_strerror(avahi_server_errno
1605
(((mandos_context*)mc)->server)));
620
1608
case AVAHI_BROWSER_REMOVE:
623
1611
case AVAHI_BROWSER_ALL_FOR_NOW:
624
1612
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1614
fprintf_plus(stderr, "No Mandos server found, still"
629
/* Combines file name and path and returns the malloced new
630
string. some sane checks could/should be added */
631
static const char *combinepath(const char *first, const char *second){
632
size_t f_len = strlen(first);
633
size_t s_len = strlen(second);
634
char *tmp = malloc(f_len + s_len + 2);
639
memcpy(tmp, first, f_len);
643
memcpy(tmp + f_len + 1, second, s_len);
645
tmp[f_len + 1 + s_len] = '\0';
650
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
1621
/* Signal handler that stops main loop after SIGTERM */
1622
static void handle_sigterm(int sig){
1627
signal_received = sig;
1628
int old_errno = errno;
1629
/* set main loop to exit */
1630
if(simple_poll != NULL){
1631
avahi_simple_poll_quit(simple_poll);
1636
__attribute__((nonnull, warn_unused_result))
1637
bool get_flags(const char *ifname, struct ifreq *ifr){
1641
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1644
perror_plus("socket");
1648
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1649
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1650
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1654
perror_plus("ioctl SIOCGIFFLAGS");
1662
__attribute__((nonnull, warn_unused_result))
1663
bool good_flags(const char *ifname, const struct ifreq *ifr){
1665
/* Reject the loopback device */
1666
if(ifr->ifr_flags & IFF_LOOPBACK){
1668
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1673
/* Accept point-to-point devices only if connect_to is specified */
1674
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1676
fprintf_plus(stderr, "Accepting point-to-point interface"
1677
" \"%s\"\n", ifname);
1681
/* Otherwise, reject non-broadcast-capable devices */
1682
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1684
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1685
" \"%s\"\n", ifname);
1689
/* Reject non-ARP interfaces (including dummy interfaces) */
1690
if(ifr->ifr_flags & IFF_NOARP){
1692
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1698
/* Accept this device */
1700
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1706
* This function determines if a directory entry in /sys/class/net
1707
* corresponds to an acceptable network device.
1708
* (This function is passed to scandir(3) as a filter function.)
1710
__attribute__((nonnull, warn_unused_result))
1711
int good_interface(const struct dirent *if_entry){
1712
if(if_entry->d_name[0] == '.'){
1717
if(not get_flags(if_entry->d_name, &ifr)){
1719
fprintf_plus(stderr, "Failed to get flags for interface "
1720
"\"%s\"\n", if_entry->d_name);
1725
if(not good_flags(if_entry->d_name, &ifr)){
1732
* This function determines if a network interface is up.
1734
__attribute__((nonnull, warn_unused_result))
1735
bool interface_is_up(const char *interface){
1737
if(not get_flags(interface, &ifr)){
1739
fprintf_plus(stderr, "Failed to get flags for interface "
1740
"\"%s\"\n", interface);
1745
return (bool)(ifr.ifr_flags & IFF_UP);
1749
* This function determines if a network interface is running
1751
__attribute__((nonnull, warn_unused_result))
1752
bool interface_is_running(const char *interface){
1754
if(not get_flags(interface, &ifr)){
1756
fprintf_plus(stderr, "Failed to get flags for interface "
1757
"\"%s\"\n", interface);
1762
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1765
__attribute__((nonnull, pure, warn_unused_result))
1766
int notdotentries(const struct dirent *direntry){
1767
/* Skip "." and ".." */
1768
if(direntry->d_name[0] == '.'
1769
and (direntry->d_name[1] == '\0'
1770
or (direntry->d_name[1] == '.'
1771
and direntry->d_name[2] == '\0'))){
1777
/* Is this directory entry a runnable program? */
1778
__attribute__((nonnull, warn_unused_result))
1779
int runnable_hook(const struct dirent *direntry){
1784
if((direntry->d_name)[0] == '\0'){
1789
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1790
"abcdefghijklmnopqrstuvwxyz"
1793
if((direntry->d_name)[sret] != '\0'){
1794
/* Contains non-allowed characters */
1796
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1802
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1805
perror_plus("Could not stat hook");
1809
if(not (S_ISREG(st.st_mode))){
1810
/* Not a regular file */
1812
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1817
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1818
/* Not executable */
1820
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1826
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1832
__attribute__((nonnull, warn_unused_result))
1833
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1834
mandos_context *mc){
1836
struct timespec now;
1837
struct timespec waited_time;
1838
intmax_t block_time;
1841
if(mc->current_server == NULL){
1843
fprintf_plus(stderr, "Wait until first server is found."
1846
ret = avahi_simple_poll_iterate(s, -1);
1849
fprintf_plus(stderr, "Check current_server if we should run"
1852
/* the current time */
1853
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1855
perror_plus("clock_gettime");
1858
/* Calculating in ms how long time between now and server
1859
who we visted longest time ago. Now - last seen. */
1860
waited_time.tv_sec = (now.tv_sec
1861
- mc->current_server->last_seen.tv_sec);
1862
waited_time.tv_nsec = (now.tv_nsec
1863
- mc->current_server->last_seen.tv_nsec);
1864
/* total time is 10s/10,000ms.
1865
Converting to s from ms by dividing by 1,000,
1866
and ns to ms by dividing by 1,000,000. */
1867
block_time = ((retry_interval
1868
- ((intmax_t)waited_time.tv_sec * 1000))
1869
- ((intmax_t)waited_time.tv_nsec / 1000000));
1872
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1876
if(block_time <= 0){
1877
ret = start_mandos_communication(mc->current_server->ip,
1878
mc->current_server->port,
1879
mc->current_server->if_index,
1880
mc->current_server->af, mc);
1882
avahi_simple_poll_quit(s);
1885
ret = clock_gettime(CLOCK_MONOTONIC,
1886
&mc->current_server->last_seen);
1888
perror_plus("clock_gettime");
1891
mc->current_server = mc->current_server->next;
1892
block_time = 0; /* Call avahi to find new Mandos
1893
servers, but don't block */
1896
ret = avahi_simple_poll_iterate(s, (int)block_time);
1899
if(ret > 0 or errno != EINTR){
1900
return (ret != 1) ? ret : 0;
1906
__attribute__((nonnull))
1907
void run_network_hooks(const char *mode, const char *interface,
1909
struct dirent **direntries = NULL;
1910
if(hookdir_fd == -1){
1911
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1913
if(hookdir_fd == -1){
1914
if(errno == ENOENT){
1916
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1917
" found\n", hookdir);
1920
perror_plus("open");
1925
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1926
runnable_hook, alphasort);
1928
perror_plus("scandir");
1931
struct dirent *direntry;
1933
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
perror_plus("open(\"/dev/null\", O_RDONLY)");
1938
for(int i = 0; i < numhooks; i++){
1939
direntry = direntries[i];
1941
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1944
pid_t hook_pid = fork();
1947
/* Raise privileges */
1948
errno = raise_privileges_permanently();
1950
perror_plus("Failed to raise privileges");
1957
perror_plus("setgid");
1960
/* Reset supplementary groups */
1962
ret = setgroups(0, NULL);
1964
perror_plus("setgroups");
1967
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1969
perror_plus("setenv");
1972
ret = setenv("DEVICE", interface, 1);
1974
perror_plus("setenv");
1977
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1979
perror_plus("setenv");
1982
ret = setenv("MODE", mode, 1);
1984
perror_plus("setenv");
1988
ret = asprintf(&delaystring, "%f", (double)delay);
1990
perror_plus("asprintf");
1993
ret = setenv("DELAY", delaystring, 1);
1996
perror_plus("setenv");
2000
if(connect_to != NULL){
2001
ret = setenv("CONNECT", connect_to, 1);
2003
perror_plus("setenv");
2007
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2011
perror_plus("openat");
2012
_exit(EXIT_FAILURE);
2014
if(close(hookdir_fd) == -1){
2015
perror_plus("close");
2016
_exit(EXIT_FAILURE);
2018
ret = dup2(devnull, STDIN_FILENO);
2020
perror_plus("dup2(devnull, STDIN_FILENO)");
2023
ret = close(devnull);
2025
perror_plus("close");
2028
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2030
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2033
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2035
perror_plus("fexecve");
2036
_exit(EXIT_FAILURE);
2040
perror_plus("fork");
2045
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2046
perror_plus("waitpid");
2050
if(WIFEXITED(status)){
2051
if(WEXITSTATUS(status) != 0){
2052
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2053
" with status %d\n", direntry->d_name,
2054
WEXITSTATUS(status));
2058
} else if(WIFSIGNALED(status)){
2059
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2060
" signal %d\n", direntry->d_name,
2065
fprintf_plus(stderr, "Warning: network hook \"%s\""
2066
" crashed\n", direntry->d_name);
2072
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2078
if(close(hookdir_fd) == -1){
2079
perror_plus("close");
2086
__attribute__((nonnull, warn_unused_result))
2087
int bring_up_interface(const char *const interface,
2089
int old_errno = errno;
2091
struct ifreq network;
2092
unsigned int if_index = if_nametoindex(interface);
2094
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2104
if(not interface_is_up(interface)){
2106
int ioctl_errno = 0;
2107
if(not get_flags(interface, &network)){
2109
fprintf_plus(stderr, "Failed to get flags for interface "
2110
"\"%s\"\n", interface);
2114
network.ifr_flags |= IFF_UP; /* set flag */
2116
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2119
perror_plus("socket");
2127
perror_plus("close");
2134
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2138
/* Raise privileges */
2139
ret_errno = raise_privileges();
2142
perror_plus("Failed to raise privileges");
2147
bool restore_loglevel = false;
2149
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2150
messages about the network interface to mess up the prompt */
2151
ret_linux = klogctl(8, NULL, 5);
2152
if(ret_linux == -1){
2153
perror_plus("klogctl");
2155
restore_loglevel = true;
2158
#endif /* __linux__ */
2159
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2160
ioctl_errno = errno;
2162
if(restore_loglevel){
2163
ret_linux = klogctl(7, NULL, 0);
2164
if(ret_linux == -1){
2165
perror_plus("klogctl");
2168
#endif /* __linux__ */
2170
/* If raise_privileges() succeeded above */
2172
/* Lower privileges */
2173
ret_errno = lower_privileges();
2176
perror_plus("Failed to lower privileges");
2180
/* Close the socket */
2183
perror_plus("close");
2186
if(ret_setflags == -1){
2187
errno = ioctl_errno;
2188
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2193
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2197
/* Sleep checking until interface is running.
2198
Check every 0.25s, up to total time of delay */
2199
for(int i = 0; i < delay * 4; i++){
2200
if(interface_is_running(interface)){
2203
struct timespec sleeptime = { .tv_nsec = 250000000 };
2204
ret = nanosleep(&sleeptime, NULL);
2205
if(ret == -1 and errno != EINTR){
2206
perror_plus("nanosleep");
2214
__attribute__((nonnull, warn_unused_result))
2215
int take_down_interface(const char *const interface){
2216
int old_errno = errno;
2217
struct ifreq network;
2218
unsigned int if_index = if_nametoindex(interface);
2220
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2224
if(interface_is_up(interface)){
2226
int ioctl_errno = 0;
2227
if(not get_flags(interface, &network) and debug){
2229
fprintf_plus(stderr, "Failed to get flags for interface "
2230
"\"%s\"\n", interface);
2234
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2236
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2239
perror_plus("socket");
2245
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2249
/* Raise privileges */
2250
ret_errno = raise_privileges();
2253
perror_plus("Failed to raise privileges");
2256
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2257
ioctl_errno = errno;
2259
/* If raise_privileges() succeeded above */
2261
/* Lower privileges */
2262
ret_errno = lower_privileges();
2265
perror_plus("Failed to lower privileges");
2269
/* Close the socket */
2270
int ret = close(sd);
2272
perror_plus("close");
2275
if(ret_setflags == -1){
2276
errno = ioctl_errno;
2277
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2282
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2290
int main(int argc, char *argv[]){
2291
mandos_context mc = { .server = NULL, .dh_bits = 0,
2292
.priority = "SECURE256:!CTYPE-X.509"
2293
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2294
.current_server = NULL, .interfaces = NULL,
2295
.interfaces_size = 0 };
2296
AvahiSServiceBrowser *sb = NULL;
2301
int exitcode = EXIT_SUCCESS;
2302
char *interfaces_to_take_down = NULL;
2303
size_t interfaces_to_take_down_size = 0;
2304
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2305
char old_tempdir[] = "/tmp/mandosXXXXXX";
2306
char *tempdir = NULL;
2307
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2308
const char *seckey = PATHDIR "/" SECKEY;
2309
const char *pubkey = PATHDIR "/" PUBKEY;
2310
const char *dh_params_file = NULL;
2311
char *interfaces_hooks = NULL;
2313
bool gnutls_initialized = false;
2314
bool gpgme_initialized = false;
2316
double retry_interval = 10; /* 10s between trying a server and
2317
retrying the same server again */
2319
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2320
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2325
/* Lower any group privileges we might have, just to be safe */
2329
perror_plus("setgid");
2332
/* Lower user privileges (temporarily) */
2336
perror_plus("seteuid");
2344
struct argp_option options[] = {
2345
{ .name = "debug", .key = 128,
2346
.doc = "Debug mode", .group = 3 },
2347
{ .name = "connect", .key = 'c',
2348
.arg = "ADDRESS:PORT",
2349
.doc = "Connect directly to a specific Mandos server",
2351
{ .name = "interface", .key = 'i',
2353
.doc = "Network interface that will be used to search for"
2356
{ .name = "seckey", .key = 's',
2358
.doc = "OpenPGP secret key file base name",
2360
{ .name = "pubkey", .key = 'p',
2362
.doc = "OpenPGP public key file base name",
2364
{ .name = "dh-bits", .key = 129,
2366
.doc = "Bit length of the prime number used in the"
2367
" Diffie-Hellman key exchange",
2369
{ .name = "dh-params", .key = 134,
2371
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2372
" for the Diffie-Hellman key exchange",
2374
{ .name = "priority", .key = 130,
2376
.doc = "GnuTLS priority string for the TLS handshake",
2378
{ .name = "delay", .key = 131,
2380
.doc = "Maximum delay to wait for interface startup",
2382
{ .name = "retry", .key = 132,
2384
.doc = "Retry interval used when denied by the Mandos server",
2386
{ .name = "network-hook-dir", .key = 133,
2388
.doc = "Directory where network hooks are located",
2391
* These reproduce what we would get without ARGP_NO_HELP
2393
{ .name = "help", .key = '?',
2394
.doc = "Give this help list", .group = -1 },
2395
{ .name = "usage", .key = -3,
2396
.doc = "Give a short usage message", .group = -1 },
2397
{ .name = "version", .key = 'V',
2398
.doc = "Print program version", .group = -1 },
2402
error_t parse_opt(int key, char *arg,
2403
struct argp_state *state){
2406
case 128: /* --debug */
2409
case 'c': /* --connect */
2412
case 'i': /* --interface */
2413
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2416
argp_error(state, "%s", strerror(ret_errno));
2419
case 's': /* --seckey */
2422
case 'p': /* --pubkey */
2425
case 129: /* --dh-bits */
2427
tmpmax = strtoimax(arg, &tmp, 10);
2428
if(errno != 0 or tmp == arg or *tmp != '\0'
2429
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2430
argp_error(state, "Bad number of DH bits");
2432
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2434
case 134: /* --dh-params */
2435
dh_params_file = arg;
2437
case 130: /* --priority */
2440
case 131: /* --delay */
2442
delay = strtof(arg, &tmp);
2443
if(errno != 0 or tmp == arg or *tmp != '\0'){
2444
argp_error(state, "Bad delay");
2446
case 132: /* --retry */
2448
retry_interval = strtod(arg, &tmp);
2449
if(errno != 0 or tmp == arg or *tmp != '\0'
2450
or (retry_interval * 1000) > INT_MAX
2451
or retry_interval < 0){
2452
argp_error(state, "Bad retry interval");
2455
case 133: /* --network-hook-dir */
2459
* These reproduce what we would get without ARGP_NO_HELP
2461
case '?': /* --help */
2462
argp_state_help(state, state->out_stream,
2463
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2464
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2465
case -3: /* --usage */
2466
argp_state_help(state, state->out_stream,
2467
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2468
case 'V': /* --version */
2469
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2470
exit(argp_err_exit_status);
2473
return ARGP_ERR_UNKNOWN;
2478
struct argp argp = { .options = options, .parser = parse_opt,
2480
.doc = "Mandos client -- Get and decrypt"
2481
" passwords from a Mandos server" };
2482
ret_errno = argp_parse(&argp, argc, argv,
2483
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2490
perror_plus("argp_parse");
2491
exitcode = EX_OSERR;
2494
exitcode = EX_USAGE;
2500
/* Work around Debian bug #633582:
2501
<https://bugs.debian.org/633582> */
2503
/* Re-raise privileges */
2504
ret = raise_privileges();
2507
perror_plus("Failed to raise privileges");
2511
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2512
int seckey_fd = open(seckey, O_RDONLY);
2513
if(seckey_fd == -1){
2514
perror_plus("open");
2516
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2518
perror_plus("fstat");
2520
if(S_ISREG(st.st_mode)
2521
and st.st_uid == 0 and st.st_gid == 0){
2522
ret = fchown(seckey_fd, uid, gid);
2524
perror_plus("fchown");
2532
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2533
int pubkey_fd = open(pubkey, O_RDONLY);
2534
if(pubkey_fd == -1){
2535
perror_plus("open");
2537
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2539
perror_plus("fstat");
2541
if(S_ISREG(st.st_mode)
2542
and st.st_uid == 0 and st.st_gid == 0){
2543
ret = fchown(pubkey_fd, uid, gid);
2545
perror_plus("fchown");
2553
if(dh_params_file != NULL
2554
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2555
int dhparams_fd = open(dh_params_file, O_RDONLY);
2556
if(dhparams_fd == -1){
2557
perror_plus("open");
2559
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2561
perror_plus("fstat");
2563
if(S_ISREG(st.st_mode)
2564
and st.st_uid == 0 and st.st_gid == 0){
2565
ret = fchown(dhparams_fd, uid, gid);
2567
perror_plus("fchown");
2575
/* Lower privileges */
2576
ret = lower_privileges();
2579
perror_plus("Failed to lower privileges");
2584
/* Remove invalid interface names (except "none") */
2586
char *interface = NULL;
2587
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2589
if(strcmp(interface, "none") != 0
2590
and if_nametoindex(interface) == 0){
2591
if(interface[0] != '\0'){
2592
fprintf_plus(stderr, "Not using nonexisting interface"
2593
" \"%s\"\n", interface);
2595
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2601
/* Run network hooks */
2603
if(mc.interfaces != NULL){
2604
interfaces_hooks = malloc(mc.interfaces_size);
2605
if(interfaces_hooks == NULL){
2606
perror_plus("malloc");
2609
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2610
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2612
run_network_hooks("start", interfaces_hooks != NULL ?
2613
interfaces_hooks : "", delay);
2617
avahi_set_log_function(empty_log);
2620
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2621
from the signal handler */
2622
/* Initialize the pseudo-RNG for Avahi */
2623
srand((unsigned int) time(NULL));
2624
simple_poll = avahi_simple_poll_new();
2625
if(simple_poll == NULL){
2626
fprintf_plus(stderr,
2627
"Avahi: Failed to create simple poll object.\n");
2628
exitcode = EX_UNAVAILABLE;
2632
sigemptyset(&sigterm_action.sa_mask);
2633
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2635
perror_plus("sigaddset");
2636
exitcode = EX_OSERR;
2639
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2641
perror_plus("sigaddset");
2642
exitcode = EX_OSERR;
2645
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2647
perror_plus("sigaddset");
2648
exitcode = EX_OSERR;
2651
/* Need to check if the handler is SIG_IGN before handling:
2652
| [[info:libc:Initial Signal Actions]] |
2653
| [[info:libc:Basic Signal Handling]] |
2655
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2657
perror_plus("sigaction");
2660
if(old_sigterm_action.sa_handler != SIG_IGN){
2661
ret = sigaction(SIGINT, &sigterm_action, NULL);
2663
perror_plus("sigaction");
2664
exitcode = EX_OSERR;
2668
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2670
perror_plus("sigaction");
2673
if(old_sigterm_action.sa_handler != SIG_IGN){
2674
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2676
perror_plus("sigaction");
2677
exitcode = EX_OSERR;
2681
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2683
perror_plus("sigaction");
2686
if(old_sigterm_action.sa_handler != SIG_IGN){
2687
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2689
perror_plus("sigaction");
2690
exitcode = EX_OSERR;
2695
/* If no interfaces were specified, make a list */
2696
if(mc.interfaces == NULL){
2697
struct dirent **direntries = NULL;
2698
/* Look for any good interfaces */
2699
ret = scandir(sys_class_net, &direntries, good_interface,
2702
/* Add all found interfaces to interfaces list */
2703
for(int i = 0; i < ret; ++i){
2704
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2705
direntries[i]->d_name);
2708
perror_plus("argz_add");
2709
free(direntries[i]);
2713
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2714
direntries[i]->d_name);
2716
free(direntries[i]);
2723
fprintf_plus(stderr, "Could not find a network interface\n");
2724
exitcode = EXIT_FAILURE;
2729
/* Bring up interfaces which are down, and remove any "none"s */
2731
char *interface = NULL;
2732
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2734
/* If interface name is "none", stop bringing up interfaces.
2735
Also remove all instances of "none" from the list */
2736
if(strcmp(interface, "none") == 0){
2737
argz_delete(&mc.interfaces, &mc.interfaces_size,
2740
while((interface = argz_next(mc.interfaces,
2741
mc.interfaces_size, interface))){
2742
if(strcmp(interface, "none") == 0){
2743
argz_delete(&mc.interfaces, &mc.interfaces_size,
2750
bool interface_was_up = interface_is_up(interface);
2751
errno = bring_up_interface(interface, delay);
2752
if(not interface_was_up){
2754
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2755
" %s\n", interface, strerror(errno));
2757
errno = argz_add(&interfaces_to_take_down,
2758
&interfaces_to_take_down_size,
2761
perror_plus("argz_add");
2766
if(debug and (interfaces_to_take_down == NULL)){
2767
fprintf_plus(stderr, "No interfaces were brought up\n");
2771
/* If we only got one interface, explicitly use only that one */
2772
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2774
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2777
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2784
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2786
fprintf_plus(stderr, "init_gnutls_global failed\n");
2787
exitcode = EX_UNAVAILABLE;
2790
gnutls_initialized = true;
2797
/* Try /run/tmp before /tmp */
2798
tempdir = mkdtemp(run_tempdir);
2799
if(tempdir == NULL and errno == ENOENT){
2801
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2802
run_tempdir, old_tempdir);
2804
tempdir = mkdtemp(old_tempdir);
2806
if(tempdir == NULL){
2807
perror_plus("mkdtemp");
2815
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2816
fprintf_plus(stderr, "init_gpgme failed\n");
2817
exitcode = EX_UNAVAILABLE;
2820
gpgme_initialized = true;
2827
if(connect_to != NULL){
2828
/* Connect directly, do not use Zeroconf */
2829
/* (Mainly meant for debugging) */
2830
char *address = strrchr(connect_to, ':');
2832
if(address == NULL){
2833
fprintf_plus(stderr, "No colon in address\n");
2834
exitcode = EX_USAGE;
2844
tmpmax = strtoimax(address+1, &tmp, 10);
2845
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2846
or tmpmax != (in_port_t)tmpmax){
2847
fprintf_plus(stderr, "Bad port number\n");
2848
exitcode = EX_USAGE;
2856
port = (in_port_t)tmpmax;
2858
/* Colon in address indicates IPv6 */
2860
if(strchr(connect_to, ':') != NULL){
2862
/* Accept [] around IPv6 address - see RFC 5952 */
2863
if(connect_to[0] == '[' and address[-1] == ']')
2871
address = connect_to;
2877
while(not quit_now){
2878
ret = start_mandos_communication(address, port, if_index, af,
2880
if(quit_now or ret == 0){
2884
fprintf_plus(stderr, "Retrying in %d seconds\n",
2885
(int)retry_interval);
2887
sleep((unsigned int)retry_interval);
2891
exitcode = EXIT_SUCCESS;
651
2902
AvahiServerConfig config;
652
AvahiSServiceBrowser *sb = NULL;
655
int returncode = EXIT_SUCCESS;
656
const char *interface = "eth0";
657
struct ifreq network;
659
char *connect_to = NULL;
660
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
661
mandos_context mc = { .simple_poll = NULL, .server = NULL,
662
.dh_bits = 2048, .priority = "SECURE256"};
665
static struct option long_options[] = {
666
{"debug", no_argument, (int *)&debug, 1},
667
{"connect", required_argument, 0, 'C'},
668
{"interface", required_argument, 0, 'i'},
669
{"certdir", required_argument, 0, 'd'},
670
{"certkey", required_argument, 0, 'c'},
671
{"certfile", required_argument, 0, 'k'},
672
{"dh_bits", required_argument, 0, 'D'},
673
{"priority", required_argument, 0, 'p'},
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
706
tmp = strtol(optarg, NULL, 10);
707
if (errno == ERANGE){
715
mc.priority = optarg;
722
certfile = combinepath(certdir, certfile);
723
if (certfile == NULL){
724
perror("combinepath");
725
returncode = EXIT_FAILURE;
729
certkey = combinepath(certdir, certkey);
730
if (certkey == NULL){
731
perror("combinepath");
732
returncode = EXIT_FAILURE;
736
if_index = (AvahiIfIndex) if_nametoindex(interface);
738
fprintf(stderr, "No such interface: \"%s\"\n", interface);
742
if(connect_to != NULL){
743
/* Connect directly, do not use Zeroconf */
744
/* (Mainly meant for debugging) */
745
char *address = strrchr(connect_to, ':');
747
fprintf(stderr, "No colon in address\n");
751
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
753
perror("Bad port number");
757
address = connect_to;
758
ret = start_mandos_communication(address, port, if_index);
766
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
769
returncode = EXIT_FAILURE;
772
strcpy(network.ifr_name, interface);
773
ret = ioctl(sd, SIOCGIFFLAGS, &network);
776
perror("ioctl SIOCGIFFLAGS");
777
returncode = EXIT_FAILURE;
780
if((network.ifr_flags & IFF_UP) == 0){
781
network.ifr_flags |= IFF_UP;
782
ret = ioctl(sd, SIOCSIFFLAGS, &network);
784
perror("ioctl SIOCSIFFLAGS");
785
returncode = EXIT_FAILURE;
792
avahi_set_log_function(empty_log);
795
/* Initialize the psuedo-RNG */
796
srand((unsigned int) time(NULL));
798
/* Allocate main loop object */
799
if (!(mc.simple_poll = avahi_simple_poll_new())) {
800
fprintf(stderr, "Failed to create simple poll object.\n");
801
returncode = EXIT_FAILURE;
805
/* Do not publish any local records */
2903
/* Do not publish any local Zeroconf records */
806
2904
avahi_server_config_init(&config);
807
2905
config.publish_hinfo = 0;
808
2906
config.publish_addresses = 0;
809
2907
config.publish_workstation = 0;
810
2908
config.publish_domain = 0;
812
2910
/* Allocate a new server */
813
2911
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
814
&config, NULL, NULL, &error);
816
/* Free the configuration data */
2912
&config, NULL, NULL, &ret);
2914
/* Free the Avahi configuration data */
817
2915
avahi_server_config_free(&config);
819
/* Check if creating the server object succeeded */
821
fprintf(stderr, "Failed to create server: %s\n",
822
avahi_strerror(error));
823
returncode = EXIT_FAILURE;
827
/* Create the service browser */
828
sb = avahi_s_service_browser_new(mc.server, if_index,
830
"_mandos._tcp", NULL, 0,
831
browse_callback, &mc);
833
fprintf(stderr, "Failed to create service browser: %s\n",
834
avahi_strerror(avahi_server_errno(mc.server)));
835
returncode = EXIT_FAILURE;
839
/* Run the main loop */
842
fprintf(stderr, "Starting avahi loop search\n");
845
avahi_simple_poll_loop(simple_poll);
850
fprintf(stderr, "%s exiting\n", argv[0]);
855
avahi_s_service_browser_free(sb);
858
avahi_server_free(mc.server);
861
avahi_simple_poll_free(simple_poll);
2918
/* Check if creating the Avahi server object succeeded */
2919
if(mc.server == NULL){
2920
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2921
avahi_strerror(ret));
2922
exitcode = EX_UNAVAILABLE;
2930
/* Create the Avahi service browser */
2931
sb = avahi_s_service_browser_new(mc.server, if_index,
2932
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2933
NULL, 0, browse_callback,
2936
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2937
avahi_strerror(avahi_server_errno(mc.server)));
2938
exitcode = EX_UNAVAILABLE;
2946
/* Run the main loop */
2949
fprintf_plus(stderr, "Starting Avahi loop search\n");
2952
ret = avahi_loop_with_timeout(simple_poll,
2953
(int)(retry_interval * 1000), &mc);
2955
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2956
(ret == 0) ? "successfully" : "with error");
2962
if(signal_received){
2963
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2964
argv[0], signal_received,
2965
strsignal(signal_received));
2967
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2971
/* Cleanup things */
2972
free(mc.interfaces);
2975
avahi_s_service_browser_free(sb);
2977
if(mc.server != NULL)
2978
avahi_server_free(mc.server);
2980
if(simple_poll != NULL)
2981
avahi_simple_poll_free(simple_poll);
2983
if(gnutls_initialized){
2984
gnutls_certificate_free_credentials(mc.cred);
2985
gnutls_dh_params_deinit(mc.dh_params);
2988
if(gpgme_initialized){
2989
gpgme_release(mc.ctx);
2992
/* Cleans up the circular linked list of Mandos servers the client
2994
if(mc.current_server != NULL){
2995
mc.current_server->prev->next = NULL;
2996
while(mc.current_server != NULL){
2997
server *next = mc.current_server->next;
2999
#pragma GCC diagnostic push
3000
#pragma GCC diagnostic ignored "-Wcast-qual"
3002
free((char *)(mc.current_server->ip));
3004
#pragma GCC diagnostic pop
3006
free(mc.current_server);
3007
mc.current_server = next;
3011
/* Re-raise privileges */
3013
ret = raise_privileges();
3016
perror_plus("Failed to raise privileges");
3019
/* Run network hooks */
3020
run_network_hooks("stop", interfaces_hooks != NULL ?
3021
interfaces_hooks : "", delay);
3023
/* Take down the network interfaces which were brought up */
3025
char *interface = NULL;
3026
while((interface = argz_next(interfaces_to_take_down,
3027
interfaces_to_take_down_size,
3029
ret = take_down_interface(interface);
3032
perror_plus("Failed to take down interface");
3035
if(debug and (interfaces_to_take_down == NULL)){
3036
fprintf_plus(stderr, "No interfaces needed to be taken"
3042
ret = lower_privileges_permanently();
3045
perror_plus("Failed to lower privileges permanently");
3049
free(interfaces_to_take_down);
3050
free(interfaces_hooks);
3052
void clean_dir_at(int base, const char * const dirname,
3054
struct dirent **direntries = NULL;
3056
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3062
perror_plus("open");
3064
int numentries = scandirat(dir_fd, ".", &direntries,
3065
notdotentries, alphasort);
3066
if(numentries >= 0){
3067
for(int i = 0; i < numentries; i++){
3069
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3070
dirname, direntries[i]->d_name);
3072
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3074
if(errno == EISDIR){
3075
dret = unlinkat(dir_fd, direntries[i]->d_name,
3078
if((dret == -1) and (errno == ENOTEMPTY)
3079
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3080
== 0) and (level == 0)){
3081
/* Recurse only in this special case */
3082
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3086
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3087
direntries[i]->d_name, strerror(errno));
3090
free(direntries[i]);
3093
/* need to clean even if 0 because man page doesn't specify */
3095
if(numentries == -1){
3096
perror_plus("scandirat");
3098
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3099
if(dret == -1 and errno != ENOENT){
3100
perror_plus("rmdir");
3103
perror_plus("scandirat");
3108
/* Removes the GPGME temp directory and all files inside */
3109
if(tempdir != NULL){
3110
clean_dir_at(-1, tempdir, 0);
3114
sigemptyset(&old_sigterm_action.sa_mask);
3115
old_sigterm_action.sa_handler = SIG_DFL;
3116
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3117
&old_sigterm_action,
3120
perror_plus("sigaction");
3123
ret = raise(signal_received);
3124
} while(ret != 0 and errno == EINTR);
3126
perror_plus("raise");
3129
TEMP_FAILURE_RETRY(pause());