/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos-client.postinst

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 08:41:14 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 372.
  • Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5
Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

Show diffs side-by-side

added added

removed removed

Lines of Context:
15
15
# If prerm fails during replacement due to conflict:
16
16
#       <postinst> abort-remove in-favour <new-package> <version>
17
17
 
 
18
. /usr/share/debconf/confmodule
 
19
 
18
20
set -e
19
21
 
20
22
# Update the initial RAM file system image
50
52
    fi
51
53
}
52
54
 
53
 
# Create client key pair
54
 
create_key(){
55
 
    if [ -r /etc/keys/mandos/pubkey.txt \
56
 
        -a -r /etc/keys/mandos/seckey.txt ]; then
57
 
        return 0
58
 
    fi
59
 
    mandos-keygen
 
55
# Create client key pairs
 
56
create_keys(){
 
57
    # If the OpenPGP key files do not exist, generate all keys using
 
58
    # mandos-keygen
 
59
    if ! [ -r /etc/keys/mandos/pubkey.txt \
 
60
              -a -r /etc/keys/mandos/seckey.txt ]; then
 
61
        mandos-keygen
 
62
        gpg-connect-agent KILLAGENT /bye || :
 
63
        return 0
 
64
    fi
 
65
 
 
66
    # Remove any bad TLS keys by 1.8.0-1
 
67
    if dpkg --compare-versions "$2" eq "1.8.0-1" \
 
68
       || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
 
69
        # Is the key bad?
 
70
        if ! certtool --password='' \
 
71
             --load-privkey=/etc/keys/mandos/tls-privkey.pem \
 
72
             --outfile=/dev/null --pubkey-info --no-text \
 
73
             2>/dev/null; then
 
74
            shred --remove -- /etc/keys/mandos/tls-privkey.pem
 
75
            rm -- /etc/keys/mandos/tls-pubkey.pem
 
76
        fi
 
77
    fi
 
78
 
 
79
    # If the TLS keys already exists, do nothing
 
80
    if [ -r /etc/keys/mandos/tls-privkey.pem \
 
81
            -a -r /etc/keys/mandos/tls-pubkey.pem ]; then
 
82
        return 0
 
83
    fi
 
84
 
 
85
    # Try to create the TLS keys
 
86
 
 
87
    TLS_PRIVKEYTMP="`mktemp -t mandos-client-privkey.XXXXXXXXXX`"
 
88
 
 
89
    if certtool --generate-privkey --password='' \
 
90
                --outfile "$TLS_PRIVKEYTMP" --sec-param ultra \
 
91
                --key-type=ed25519 --pkcs8 --no-text 2>/dev/null; then
 
92
 
 
93
        local umask=$(umask)
 
94
        umask 077
 
95
        cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem
 
96
        shred --remove -- "$TLS_PRIVKEYTMP"
 
97
 
 
98
        # First try certtool from GnuTLS
 
99
        if ! certtool --password='' \
 
100
             --load-privkey=/etc/keys/mandos/tls-privkey.pem \
 
101
             --outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \
 
102
             --no-text 2>/dev/null; then
 
103
            # Otherwise try OpenSSL
 
104
            if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \
 
105
                 -out /etc/keys/mandos/tls-pubkey.pem -pubout; then
 
106
                rm --force /etc/keys/mandos/tls-pubkey.pem
 
107
                # None of the commands succeded; give up
 
108
                umask $umask
 
109
                return 1
 
110
            fi
 
111
        fi
 
112
        umask $umask
 
113
 
 
114
        key_id=$(mandos-keygen --passfile=/dev/null \
 
115
                     | grep --regexp="^key_id[ =]")
 
116
 
 
117
        db_version 2.0
 
118
        db_fset mandos-client/key_id seen false
 
119
        db_reset mandos-client/key_id
 
120
        db_subst mandos-client/key_id key_id $key_id
 
121
        db_input critical mandos-client/key_id || true
 
122
        db_go
 
123
        db_stop
 
124
    else
 
125
        shred --remove -- "$TLS_PRIVKEYTMP"
 
126
    fi
60
127
}
61
128
 
62
129
create_dh_params(){
87
154
case "$1" in
88
155
    configure)
89
156
        add_mandos_user "$@"
90
 
        create_key "$@"
 
157
        create_keys "$@"
91
158
        create_dh_params "$@" || :
92
159
        update_initramfs "$@"
 
160
        if dpkg --compare-versions "$2" lt-nl "1.7.10-1"; then
 
161
            PLUGINHELPERDIR=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/mandos/plugin-helpers
 
162
            if ! dpkg-statoverride --list "$PLUGINHELPERDIR" \
 
163
                 >/dev/null 2>&1; then
 
164
                chmod u=rwx,go= -- "$PLUGINHELPERDIR"
 
165
            fi
 
166
            if ! dpkg-statoverride --list /etc/mandos/plugin-helpers \
 
167
                 >/dev/null 2>&1; then
 
168
                chmod u=rwx,go= -- /etc/mandos/plugin-helpers
 
169
            fi
 
170
        fi
93
171
        ;;
94
172
    abort-upgrade|abort-deconfigure|abort-remove)
95
173
        ;;