/mandos/release : revision 237.7.499

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 368.
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files modified:
Makefile

NEWS

common.ent

debian/changelog

debian/control

debian/mandos.lintian-overrides

init.d-mandos

mandos

mandos-ctl

mandos-keygen

mandos-monitor

mandos.lsm

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugins.d/mandos-client.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

272

return true;

273

}

274

275

/* Set effective uid to 0, return errno */

276

__attribute__((warn_unused_result))

277

int raise_privileges(void){

278

int old_errno = errno;

279

int ret = 0;

280

if(seteuid(0) == -1){

281

ret = errno;

282

}

283

errno = old_errno;

284

return ret;

285

}

286

287

/* Set effective and real user ID to 0. Return errno. */

288

__attribute__((warn_unused_result))

289

int raise_privileges_permanently(void){

290

int old_errno = errno;

291

int ret = raise_privileges();

292

if(ret != 0){

293

errno = old_errno;

294

return ret;

295

}

296

if(setuid(0) == -1){

297

ret = errno;

298

}

299

errno = old_errno;

300

return ret;

301

}

302

303

/* Set effective user ID to unprivileged saved user ID */

304

__attribute__((warn_unused_result))

305

int lower_privileges(void){

306

int old_errno = errno;

307

int ret = 0;

308

if(seteuid(uid) == -1){

309

ret = errno;

310

}

311

errno = old_errno;

312

return ret;

313

}

314

315

/* Lower privileges permanently */

316

__attribute__((warn_unused_result))

317

int lower_privileges_permanently(void){

318

int old_errno = errno;

319

int ret = 0;

320

if(setuid(uid) == -1){

321

ret = errno;

322

}

323

errno = old_errno;

324

return ret;

325

}

326

275

327

276

328

* Initialize GPGME.

277

329

297

349

return false;

298

350

}

299

351

352

/* Workaround for systems without a real-time clock; see also

353

Debian bug #894495: <https://bugs.debian.org/894495> */

354

do {

355

{

356

time_t currtime = time(NULL);

357

if(currtime != (time_t)-1){

358

struct tm tm;

359

if(gmtime_r(&currtime, &tm) == NULL) {

360

perror_plus("gmtime_r");

361

break;

362

}

363

if(tm.tm_year != 70 or tm.tm_mon != 0){

364

break;

365

}

366

if(debug){

367

fprintf_plus(stderr, "System clock is January 1970");

368

}

369

} else {

370

if(debug){

371

fprintf_plus(stderr, "System clock is invalid");

372

}

373

}

374

}

375

struct stat keystat;

376

ret = fstat(fd, &keystat);

377

if(ret != 0){

378

perror_plus("fstat");

379

break;

380

}

381

ret = raise_privileges();

382

if(ret != 0){

383

errno = ret;

384

perror_plus("Failed to raise privileges");

385

break;

386

}

387

if(debug){

388

fprintf_plus(stderr,

389

"Setting system clock to key file mtime");

390

}

391

time_t keytime = keystat.st_mtim.tv_sec;

392

if(stime(&keytime) != 0){

393

perror_plus("stime");

394

}

395

ret = lower_privileges();

396

if(ret != 0){

397

errno = ret;

398

perror_plus("Failed to lower privileges");

399

}

400

} while(false);

401

300

402

rc = gpgme_data_new_from_fd(&pgp_data, fd);

301

403

if(rc != GPG_ERR_NO_ERROR){

302

404

fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

310

412

gpgme_strsource(rc), gpgme_strerror(rc));

311

413

return false;

312

414

}

415

{

416

gpgme_import_result_t import_result

417

= gpgme_op_import_result(mc->ctx);

418

if((import_result->imported < 1

419

or import_result->not_imported > 0)

420

and import_result->unchanged == 0){

421

fprintf_plus(stderr, "bad gpgme_op_import_results:\n");

422

fprintf_plus(stderr,

423

"The total number of considered keys: %d\n",

424

import_result->considered);

425

fprintf_plus(stderr,

426

"The number of keys without user ID: %d\n",

427

import_result->no_user_id);

428

fprintf_plus(stderr,

429

"The total number of imported keys: %d\n",

430

import_result->imported);

431

fprintf_plus(stderr, "The number of imported RSA keys: %d\n",

432

import_result->imported_rsa);

433

fprintf_plus(stderr, "The number of unchanged keys: %d\n",

434

import_result->unchanged);

435

fprintf_plus(stderr, "The number of new user IDs: %d\n",

436

import_result->new_user_ids);

437

fprintf_plus(stderr, "The number of new sub keys: %d\n",

438

import_result->new_sub_keys);

439

fprintf_plus(stderr, "The number of new signatures: %d\n",

440

import_result->new_signatures);

441

fprintf_plus(stderr, "The number of new revocations: %d\n",

442

import_result->new_revocations);

443

fprintf_plus(stderr,

444

"The total number of secret keys read: %d\n",

445

import_result->secret_read);

446

fprintf_plus(stderr,

447

"The number of imported secret keys: %d\n",

448

import_result->secret_imported);

449

fprintf_plus(stderr,

450

"The number of unchanged secret keys: %d\n",

451

import_result->secret_unchanged);

452

fprintf_plus(stderr, "The number of keys not imported: %d\n",

453

import_result->not_imported);

454

for(gpgme_import_status_t import_status

455

= import_result->imports;

456

import_status != NULL;

457

import_status = import_status->next){

458

fprintf_plus(stderr, "Import status for key: %s\n",

459

import_status->fpr);

460

if(import_status->result != GPG_ERR_NO_ERROR){

461

fprintf_plus(stderr, "Import result: %s: %s\n",

462

gpgme_strsource(import_status->result),

463

gpgme_strerror(import_status->result));

464

}

465

fprintf_plus(stderr, "Key status:\n");

466

fprintf_plus(stderr,

467

import_status->status & GPGME_IMPORT_NEW

468

? "The key was new.\n"

469

: "The key was not new.\n");

470

fprintf_plus(stderr,

471

import_status->status & GPGME_IMPORT_UID

472

? "The key contained new user IDs.\n"

473

: "The key did not contain new user IDs.\n");

474

fprintf_plus(stderr,

475

import_status->status & GPGME_IMPORT_SIG

476

? "The key contained new signatures.\n"

477

: "The key did not contain new signatures.\n");

478

fprintf_plus(stderr,

479

import_status->status & GPGME_IMPORT_SUBKEY

480

? "The key contained new sub keys.\n"

481

: "The key did not contain new sub keys.\n");

482

fprintf_plus(stderr,

483

import_status->status & GPGME_IMPORT_SECRET

484

? "The key contained a secret key.\n"

485

: "The key did not contain a secret key.\n");

486

}

487

return false;

488

}

489

}

313

490

314

491

ret = close(fd);

315

492

if(ret == -1){

356

533

/* Create new GPGME "context" */

357

534

rc = gpgme_new(&(mc->ctx));

358

535

if(rc != GPG_ERR_NO_ERROR){

359

fprintf_plus(stderr, "Mandos plugin mandos-client: "

360

"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),

361

gpgme_strerror(rc));

536

fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",

537

gpgme_strsource(rc), gpgme_strerror(rc));

362

538

return false;

363

539

}

364

540

400

576

/* Create new empty GPGME data buffer for the plaintext */

401

577

rc = gpgme_data_new(&dh_plain);

402

578

if(rc != GPG_ERR_NO_ERROR){

403

fprintf_plus(stderr, "Mandos plugin mandos-client: "

404

"bad gpgme_data_new: %s: %s\n",

579

fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",

405

580

gpgme_strsource(rc), gpgme_strerror(rc));

406

581

gpgme_data_release(dh_crypto);

407

582

return -1;

420

595

if(result == NULL){

421

596

fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");

422

597

} else {

423

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

424

result->unsupported_algorithm);

425

fprintf_plus(stderr, "Wrong key usage: %u\n",

426

result->wrong_key_usage);

598

if(result->unsupported_algorithm != NULL) {

599

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

600

result->unsupported_algorithm);

601

}

602

fprintf_plus(stderr, "Wrong key usage: %s\n",

603

result->wrong_key_usage ? "Yes" : "No");

427

604

if(result->file_name != NULL){

428

605

fprintf_plus(stderr, "File name: %s\n", result->file_name);

429

606

}

430

gpgme_recipient_t recipient;

431

recipient = result->recipients;

432

while(recipient != NULL){

607

608

for(gpgme_recipient_t r = result->recipients; r != NULL;

609

r = r->next){

433

610

fprintf_plus(stderr, "Public key algorithm: %s\n",

434

gpgme_pubkey_algo_name

435

(recipient->pubkey_algo));

436

fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);

611

gpgme_pubkey_algo_name(r->pubkey_algo));

612

fprintf_plus(stderr, "Key ID: %s\n", r->keyid);

437

613

fprintf_plus(stderr, "Secret key available: %s\n",

438

recipient->status == GPG_ERR_NO_SECKEY

439

? "No" : "Yes");

440

recipient = recipient->next;

614

r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

441

615

}

442

616

}

443

617

}

613

787

}

614

788

params.size += (unsigned int)bytes_read;

615

789

}

790

ret = close(dhpfile);

791

if(ret == -1){

792

perror_plus("close");

793

}

616

794

if(params.data == NULL){

617

795

dhparamsfilename = NULL;

618

796

}

818

996

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

819

997

__attribute__((unused)) const char *txt){}

820

998

821

/* Set effective uid to 0, return errno */

822

__attribute__((warn_unused_result))

823

int raise_privileges(void){

824

int old_errno = errno;

825

int ret = 0;

826

if(seteuid(0) == -1){

827

ret = errno;

828

}

829

errno = old_errno;

830

return ret;

831

}

832

833

/* Set effective and real user ID to 0. Return errno. */

834

__attribute__((warn_unused_result))

835

int raise_privileges_permanently(void){

836

int old_errno = errno;

837

int ret = raise_privileges();

838

if(ret != 0){

839

errno = old_errno;

840

return ret;

841

}

842

if(setuid(0) == -1){

843

ret = errno;

844

}

845

errno = old_errno;

846

return ret;

847

}

848

849

/* Set effective user ID to unprivileged saved user ID */

850

__attribute__((warn_unused_result))

851

int lower_privileges(void){

852

int old_errno = errno;

853

int ret = 0;

854

if(seteuid(uid) == -1){

855

ret = errno;

856

}

857

errno = old_errno;

858

return ret;

859

}

860

861

/* Lower privileges permanently */

862

__attribute__((warn_unused_result))

863

int lower_privileges_permanently(void){

864

int old_errno = errno;

865

int ret = 0;

866

if(setuid(uid) == -1){

867

ret = errno;

868

}

869

errno = old_errno;

870

return ret;

871

}

872

873

999

/* Helper function to add_local_route() and delete_local_route() */

874

1000

__attribute__((nonnull, warn_unused_result))

875

1001

static bool add_delete_local_route(const bool add,

1655

1781

perror_plus("ioctl SIOCGIFFLAGS");

1656

1782

errno = old_errno;

1657

1783

}

1784

if((close(s) == -1) and debug){

1785

old_errno = errno;

1786

perror_plus("close");

1787

errno = old_errno;

1788

}

1658

1789

return false;

1659

1790

}

1791

if((close(s) == -1) and debug){

1792

old_errno = errno;

1793

perror_plus("close");

1794

errno = old_errno;

1795

}

1660

1796

return true;

1661

1797

}

1662

1798

1923

2059

return;

1924

2060

}

1925

2061

}

2062

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

2063

if(devnull == -1){

2064

perror_plus("open(\"/dev/null\", O_RDONLY)");

2065

return;

2066

}

1926

2067

int numhooks = scandirat(hookdir_fd, ".", &direntries,

1927

2068

runnable_hook, alphasort);

1928

2069

if(numhooks == -1){

1929

2070

perror_plus("scandir");

2071

close(devnull);

1930

2072

return;

1931

2073

}

1932

2074

struct dirent *direntry;

1933

2075

int ret;

1934

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

1935

if(devnull == -1){

1936

perror_plus("open(\"/dev/null\", O_RDONLY)");

1937

return;

1938

}

1939

2076

for(int i = 0; i < numhooks; i++){

1940

2077

direntry = direntries[i];

1941

2078

if(debug){

3061

3198

| O_PATH));

3062

3199

if(dir_fd == -1){

3063

3200

perror_plus("open");

3201

return;

3064

3202

}

3065

3203

int numentries = scandirat(dir_fd, ".", &direntries,

3066

3204

notdotentries, alphasort);

3083

3221

clean_dir_at(dir_fd, direntries[i]->d_name, level+1);

3084

3222

dret = 0;

3085

3223

}

3086

if(dret == -1){

3224

if((dret == -1) and (errno != ENOENT)){

3087

3225

fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,

3088

3226

direntries[i]->d_name, strerror(errno));

3089

3227

}

3093

3231

3094

3232

/* need to clean even if 0 because man page doesn't specify */

3095

3233

free(direntries);

3096

if(numentries == -1){

3097

perror_plus("scandirat");

3098

}

3099

3234

dret = unlinkat(base, dirname, AT_REMOVEDIR);

3100

3235

if(dret == -1 and errno != ENOENT){

3101

3236

perror_plus("rmdir");

Older »