To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.7.761
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.761
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- mto: This revision was merged to the branch mainline in revision 398.
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
60
inet_pton(), connect(),
59
61
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
61
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
64
*/
63
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
66
strtoimax() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
117
123
gnutls_*
118
124
init_gnutls_session(),
119
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
120
127
#include <gnutls/openpgp.h>
121
128
/* gnutls_certificate_set_openpgp_key_file(),
122
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
123
135
124
136
/* GPGME */
125
137
#include <gpgme.h> /* All GPGME types, constants and
133
145
#define PATHDIR "/conf/conf.d/mandos"
134
146
#define SECKEY "seckey.txt"
135
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
136
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
151
138
152
bool debug = false;
266
280
return true;
267
281
}
268
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
269
335
/*
270
336
* Initialize GPGME.
271
337
*/
291
357
return false;
292
358
}
293
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
294
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
411
if(rc != GPG_ERR_NO_ERROR){
296
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
304
420
gpgme_strsource(rc), gpgme_strerror(rc));
305
421
return false;
306
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
307
498
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
ret = close(fd);
309
500
if(ret == -1){
310
501
perror_plus("close");
311
502
}
350
541
/* Create new GPGME "context" */
351
542
rc = gpgme_new(&(mc->ctx));
352
543
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
356
546
return false;
357
547
}
358
548
394
584
/* Create new empty GPGME data buffer for the plaintext */
395
585
rc = gpgme_data_new(&dh_plain);
396
586
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
399
588
gpgme_strsource(rc), gpgme_strerror(rc));
400
589
gpgme_data_release(dh_crypto);
401
590
return -1;
414
603
if(result == NULL){
415
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
605
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
421
612
if(result->file_name != NULL){
422
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
614
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
427
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
431
621
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
435
623
}
436
624
}
437
625
}
493
681
return plaintext_length;
494
682
}
495
683
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
496
691
__attribute__((warn_unused_result))
497
692
static const char *safer_gnutls_strerror(int value){
498
693
const char *ret = gnutls_strerror(value);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
694
return safe_string(ret);
502
695
}
503
696
504
697
/* GnuTLS log function callback */
508
701
fprintf_plus(stderr, "GnuTLS: %s", string);
509
702
}
510
703
511
__attribute__((nonnull, warn_unused_result))
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
512
705
static int init_gnutls_global(const char *pubkeyfilename,
513
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
514
708
mandos_context *mc){
515
709
int ret;
516
710
518
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
519
713
}
520
714
521
ret = gnutls_global_init();
522
if(ret != GNUTLS_E_SUCCESS){
523
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
524
safer_gnutls_strerror(ret));
525
return -1;
526
}
527
528
715
if(debug){
529
716
/* "Use a log level over 10 to enable all debugging options."
530
717
* - GnuTLS manual
538
725
if(ret != GNUTLS_E_SUCCESS){
539
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
540
727
safer_gnutls_strerror(ret));
541
gnutls_global_deinit();
542
728
return -1;
543
729
}
544
730
545
731
if(debug){
546
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
547
" secret key %s as GnuTLS credentials\n",
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
548
734
pubkeyfilename,
549
735
seckeyfilename);
550
736
}
551
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
552
751
ret = gnutls_certificate_set_openpgp_key_file
553
752
(mc->cred, pubkeyfilename, seckeyfilename,
554
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
555
757
if(ret != GNUTLS_E_SUCCESS){
556
758
fprintf_plus(stderr,
557
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
"Error[%d] while reading the key pair ('%s',"
558
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
559
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
560
762
safer_gnutls_strerror(ret));
569
771
safer_gnutls_strerror(ret));
570
772
goto globalfail;
571
773
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
580
956
581
957
return 0;
582
958
583
959
globalfail:
584
960
585
961
gnutls_certificate_free_credentials(mc->cred);
586
gnutls_global_deinit();
587
962
gnutls_dh_params_deinit(mc->dh_params);
588
963
return -1;
589
964
}
594
969
int ret;
595
970
/* GnuTLS session creation */
596
971
do {
597
ret = gnutls_init(session, GNUTLS_SERVER);
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
598
980
if(quit_now){
599
981
return -1;
600
982
}
641
1023
/* ignore client certificate if any. */
642
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
643
1025
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
646
1026
return 0;
647
1027
}
648
1028
650
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
651
1031
__attribute__((unused)) const char *txt){}
652
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
653
1206
/* Called when a Mandos server is found */
654
1207
__attribute__((nonnull, warn_unused_result))
655
1208
static int start_mandos_communication(const char *ip, in_port_t port,
666
1219
int retval = -1;
667
1220
gnutls_session_t session;
668
1221
int pf; /* Protocol family */
1222
bool route_added = false;
669
1223
670
1224
errno = 0;
671
1225
693
1247
bool match = false;
694
1248
{
695
1249
char *interface = NULL;
696
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
697
interface))){
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
698
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
699
1254
match = true;
700
1255
break;
729
1284
PRIuMAX "\n", ip, (uintmax_t)port);
730
1285
}
731
1286
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
733
1288
if(tcp_sd < 0){
734
1289
int e = errno;
735
1290
perror_plus("socket");
742
1297
goto mandos_end;
743
1298
}
744
1299
745
memset(&to, 0, sizeof(to));
746
1300
if(af == AF_INET6){
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
749
1304
} else { /* IPv4 */
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
752
1308
}
753
1309
if(ret < 0 ){
754
1310
int e = errno;
824
1380
goto mandos_end;
825
1381
}
826
1382
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
846
1438
}
847
1439
848
1440
const char *out = mandos_protocol_version;
1002
1594
&decrypted_buffer, mc);
1003
1595
if(decrypted_buffer_size >= 0){
1004
1596
1597
clearerr(stdout);
1005
1598
written = 0;
1006
1599
while(written < (size_t) decrypted_buffer_size){
1007
1600
if(quit_now){
1023
1616
}
1024
1617
written += (size_t)ret;
1025
1618
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1026
1629
retval = 0;
1027
1630
}
1028
1631
}
1031
1634
1032
1635
mandos_end:
1033
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1034
1643
int e = errno;
1035
1644
free(decrypted_buffer);
1036
1645
free(buffer);
1037
1646
if(tcp_sd >= 0){
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
ret = close(tcp_sd);
1039
1648
}
1040
1649
if(ret == -1){
1041
1650
if(e == 0){
1053
1662
return retval;
1054
1663
}
1055
1664
1056
__attribute__((nonnull))
1057
1665
static void resolve_callback(AvahiSServiceResolver *r,
1058
1666
AvahiIfIndex interface,
1059
1667
AvahiProtocol proto,
1196
1804
__attribute__((nonnull, warn_unused_result))
1197
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1198
1806
int ret;
1199
error_t ret_errno;
1807
int old_errno;
1200
1808
1201
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1202
1810
if(s < 0){
1203
ret_errno = errno;
1811
old_errno = errno;
1204
1812
perror_plus("socket");
1205
errno = ret_errno;
1813
errno = old_errno;
1206
1814
return false;
1207
1815
}
1208
strcpy(ifr->ifr_name, ifname);
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1209
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1210
1819
if(ret == -1){
1211
1820
if(debug){
1212
ret_errno = errno;
1821
old_errno = errno;
1213
1822
perror_plus("ioctl SIOCGIFFLAGS");
1214
errno = ret_errno;
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1215
1829
}
1216
1830
return false;
1217
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1218
1837
return true;
1219
1838
}
1220
1839
1462
2081
}
1463
2082
}
1464
2083
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1517
2084
__attribute__((nonnull))
1518
2085
void run_network_hooks(const char *mode, const char *interface,
1519
2086
const float delay){
1520
2087
struct dirent **direntries = NULL;
1521
2088
if(hookdir_fd == -1){
1522
hookdir_fd = open(hookdir, O_RDONLY);
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
1523
2091
if(hookdir_fd == -1){
1524
2092
if(errno == ENOENT){
1525
2093
if(debug){
1532
2100
return;
1533
2101
}
1534
2102
}
1535
#ifdef __GLIBC__
1536
#if __GLIBC_PREREQ(2, 15)
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
1537
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1538
2109
runnable_hook, alphasort);
1539
#else /* not __GLIBC_PREREQ(2, 15) */
1540
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1541
alphasort);
1542
#endif /* not __GLIBC_PREREQ(2, 15) */
1543
#else /* not __GLIBC__ */
1544
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1545
alphasort);
1546
#endif /* not __GLIBC__ */
1547
2110
if(numhooks == -1){
1548
2111
perror_plus("scandir");
2112
close(devnull);
1549
2113
return;
1550
2114
}
1551
2115
struct dirent *direntry;
1552
2116
int ret;
1553
int devnull = open("/dev/null", O_RDONLY);
1554
2117
for(int i = 0; i < numhooks; i++){
1555
2118
direntry = direntries[i];
1556
2119
if(debug){
1580
2143
perror_plus("setgroups");
1581
2144
_exit(EX_NOPERM);
1582
2145
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
1598
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1599
2147
if(ret == -1){
1600
2148
perror_plus("setenv");
1635
2183
_exit(EX_OSERR);
1636
2184
}
1637
2185
}
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
1639
2189
if(hook_fd == -1){
1640
2190
perror_plus("openat");
1641
2191
_exit(EXIT_FAILURE);
1642
2192
}
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2193
if(close(hookdir_fd) == -1){
1644
2194
perror_plus("close");
1645
2195
_exit(EXIT_FAILURE);
1646
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
1647
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1648
2213
environ) == -1){
1649
2214
perror_plus("fexecve");
1650
2215
_exit(EXIT_FAILURE);
1651
2216
}
1652
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
1653
2223
int status;
1654
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1655
2225
perror_plus("waitpid");
1684
2254
free(direntry);
1685
2255
}
1686
2256
free(direntries);
1687
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2257
if(close(hookdir_fd) == -1){
1688
2258
perror_plus("close");
1689
2259
} else {
1690
2260
hookdir_fd = -1;
1693
2263
}
1694
2264
1695
2265
__attribute__((nonnull, warn_unused_result))
1696
error_t bring_up_interface(const char *const interface,
1697
const float delay){
1698
error_t old_errno = errno;
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
1699
2269
int ret;
1700
2270
struct ifreq network;
1701
2271
unsigned int if_index = if_nametoindex(interface);
1711
2281
}
1712
2282
1713
2283
if(not interface_is_up(interface)){
1714
error_t ret_errno = 0, ioctl_errno = 0;
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
1715
2286
if(not get_flags(interface, &network)){
1716
2287
ret_errno = errno;
1717
2288
fprintf_plus(stderr, "Failed to get flags for interface "
1730
2301
}
1731
2302
1732
2303
if(quit_now){
1733
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2304
ret = close(sd);
1734
2305
if(ret == -1){
1735
2306
perror_plus("close");
1736
2307
}
1786
2357
}
1787
2358
1788
2359
/* Close the socket */
1789
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
ret = close(sd);
1790
2361
if(ret == -1){
1791
2362
perror_plus("close");
1792
2363
}
1804
2375
1805
2376
/* Sleep checking until interface is running.
1806
2377
Check every 0.25s, up to total time of delay */
1807
for(int i=0; i < delay * 4; i++){
2378
for(int i = 0; i < delay * 4; i++){
1808
2379
if(interface_is_running(interface)){
1809
2380
break;
1810
2381
}
1820
2391
}
1821
2392
1822
2393
__attribute__((nonnull, warn_unused_result))
1823
error_t take_down_interface(const char *const interface){
1824
error_t old_errno = errno;
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
1825
2396
struct ifreq network;
1826
2397
unsigned int if_index = if_nametoindex(interface);
1827
2398
if(if_index == 0){
1830
2401
return ENXIO;
1831
2402
}
1832
2403
if(interface_is_up(interface)){
1833
error_t ret_errno = 0, ioctl_errno = 0;
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
1834
2406
if(not get_flags(interface, &network) and debug){
1835
2407
ret_errno = errno;
1836
2408
fprintf_plus(stderr, "Failed to get flags for interface "
1874
2446
}
1875
2447
1876
2448
/* Close the socket */
1877
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
int ret = close(sd);
1878
2450
if(ret == -1){
1879
2451
perror_plus("close");
1880
2452
}
1895
2467
}
1896
2468
1897
2469
int main(int argc, char *argv[]){
1898
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1899
.priority = "SECURE256:!CTYPE-X.509:"
1900
"+CTYPE-OPENPGP", .current_server = NULL,
1901
.interfaces = NULL, .interfaces_size = 0 };
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
1902
2483
AvahiSServiceBrowser *sb = NULL;
1903
2484
error_t ret_errno;
1904
2485
int ret;
1913
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1914
2495
const char *seckey = PATHDIR "/" SECKEY;
1915
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
1916
2502
char *interfaces_hooks = NULL;
1917
2503
1918
2504
bool gnutls_initialized = false;
1965
2551
{ .name = "pubkey", .key = 'p',
1966
2552
.arg = "FILE",
1967
2553
.doc = "OpenPGP public key file base name",
1968
.group = 2 },
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
1969
2571
{ .name = "dh-bits", .key = 129,
1970
2572
.arg = "BITS",
1971
2573
.doc = "Bit length of the prime number used in the"
1972
2574
" Diffie-Hellman key exchange",
1973
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
1974
2581
{ .name = "priority", .key = 130,
1975
2582
.arg = "STRING",
1976
2583
.doc = "GnuTLS priority string for the TLS handshake",
2022
2629
case 'p': /* --pubkey */
2023
2630
pubkey = arg;
2024
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2025
2642
case 129: /* --dh-bits */
2026
2643
errno = 0;
2027
2644
tmpmax = strtoimax(arg, &tmp, 10);
2031
2648
}
2032
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2033
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2034
2654
case 130: /* --priority */
2035
2655
mc.priority = arg;
2036
2656
break;
2059
2679
argp_state_help(state, state->out_stream,
2060
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2061
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2062
2683
case -3: /* --usage */
2063
2684
argp_state_help(state, state->out_stream,
2064
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2065
2687
case 'V': /* --version */
2066
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2067
2689
exit(argp_err_exit_status);
2076
2698
.args_doc = "",
2077
2699
.doc = "Mandos client -- Get and decrypt"
2078
2700
" passwords from a Mandos server" };
2079
ret = argp_parse(&argp, argc, argv,
2080
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2081
switch(ret){
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2082
2704
case 0:
2083
2705
break;
2084
2706
case ENOMEM:
2085
2707
default:
2086
errno = ret;
2708
errno = ret_errno;
2087
2709
perror_plus("argp_parse");
2088
2710
exitcode = EX_OSERR;
2089
2711
goto end;
2092
2714
goto end;
2093
2715
}
2094
2716
}
2095
2717
2096
2718
{
2097
2719
/* Work around Debian bug #633582:
2098
<http://bugs.debian.org/633582> */
2720
<https://bugs.debian.org/633582> */
2099
2721
2100
2722
/* Re-raise privileges */
2101
ret_errno = raise_privileges();
2102
if(ret_errno != 0){
2103
errno = ret_errno;
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2104
2726
perror_plus("Failed to raise privileges");
2105
2727
} else {
2106
2728
struct stat st;
2122
2744
}
2123
2745
}
2124
2746
}
2125
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
close(seckey_fd);
2126
2748
}
2127
2749
}
2128
2750
2129
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2130
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2131
2753
if(pubkey_fd == -1){
2143
2765
}
2144
2766
}
2145
2767
}
2146
TEMP_FAILURE_RETRY(close(pubkey_fd));
2147
}
2148
}
2149
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2150
2794
/* Lower privileges */
2151
ret_errno = lower_privileges();
2152
if(ret_errno != 0){
2153
errno = ret_errno;
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2154
2798
perror_plus("Failed to lower privileges");
2155
2799
}
2156
2800
}
2326
2970
errno = bring_up_interface(interface, delay);
2327
2971
if(not interface_was_up){
2328
2972
if(errno != 0){
2329
perror_plus("Failed to bring up interface");
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2330
2975
} else {
2331
2976
errno = argz_add(&interfaces_to_take_down,
2332
2977
&interfaces_to_take_down_size,
2355
3000
goto end;
2356
3001
}
2357
3002
2358
ret = init_gnutls_global(pubkey, seckey, &mc);
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2359
3010
if(ret == -1){
2360
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
2361
3012
exitcode = EX_UNAVAILABLE;
2483
3134
2484
3135
/* Allocate a new server */
2485
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2486
&config, NULL, NULL, &ret_errno);
3137
&config, NULL, NULL, &ret);
2487
3138
2488
3139
/* Free the Avahi configuration data */
2489
3140
avahi_server_config_free(&config);
2492
3143
/* Check if creating the Avahi server object succeeded */
2493
3144
if(mc.server == NULL){
2494
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2495
avahi_strerror(ret_errno));
3146
avahi_strerror(ret));
2496
3147
exitcode = EX_UNAVAILABLE;
2497
3148
goto end;
2498
3149
}
2533
3184
end:
2534
3185
2535
3186
if(debug){
2536
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2537
3194
}
2538
3195
2539
3196
/* Cleanup things */
2550
3207
2551
3208
if(gnutls_initialized){
2552
3209
gnutls_certificate_free_credentials(mc.cred);
2553
gnutls_global_deinit();
2554
3210
gnutls_dh_params_deinit(mc.dh_params);
2555
3211
}
2556
3212
2579
3235
2580
3236
/* Re-raise privileges */
2581
3237
{
2582
ret_errno = raise_privileges();
2583
if(ret_errno != 0){
2584
errno = ret_errno;
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
2585
3241
perror_plus("Failed to raise privileges");
2586
3242
} else {
2587
3243
2592
3248
/* Take down the network interfaces which were brought up */
2593
3249
{
2594
3250
char *interface = NULL;
2595
while((interface=argz_next(interfaces_to_take_down,
2596
interfaces_to_take_down_size,
2597
interface))){
2598
ret_errno = take_down_interface(interface);
2599
if(ret_errno != 0){
2600
errno = ret_errno;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
2601
3257
perror_plus("Failed to take down interface");
2602
3258
}
2603
3259
}
2608
3264
}
2609
3265
}
2610
3266
2611
ret_errno = lower_privileges_permanently();
2612
if(ret_errno != 0){
2613
errno = ret_errno;
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
2614
3270
perror_plus("Failed to lower privileges permanently");
2615
3271
}
2616
3272
}
2618
3274
free(interfaces_to_take_down);
2619
3275
free(interfaces_hooks);
2620
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
2621
3331
/* Removes the GPGME temp directory and all files inside */
2622
3332
if(tempdir != NULL){
2623
struct dirent **direntries = NULL;
2624
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2625
O_NOFOLLOW));
2626
if(tempdir_fd == -1){
2627
perror_plus("open");
2628
} else {
2629
#ifdef __GLIBC__
2630
#if __GLIBC_PREREQ(2, 15)
2631
int numentries = scandirat(tempdir_fd, ".", &direntries,
2632
notdotentries, alphasort);
2633
#else /* not __GLIBC_PREREQ(2, 15) */
2634
int numentries = scandir(tempdir, &direntries, notdotentries,
2635
alphasort);
2636
#endif /* not __GLIBC_PREREQ(2, 15) */
2637
#else /* not __GLIBC__ */
2638
int numentries = scandir(tempdir, &direntries, notdotentries,
2639
alphasort);
2640
#endif /* not __GLIBC__ */
2641
if(numentries >= 0){
2642
for(int i = 0; i < numentries; i++){
2643
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2644
if(ret == -1){
2645
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2646
" \"%s\", 0): %s\n", tempdir,
2647
direntries[i]->d_name, strerror(errno));
2648
}
2649
free(direntries[i]);
2650
}
2651
2652
/* need to clean even if 0 because man page doesn't specify */
2653
free(direntries);
2654
if(numentries == -1){
2655
perror_plus("scandir");
2656
}
2657
ret = rmdir(tempdir);
2658
if(ret == -1 and errno != ENOENT){
2659
perror_plus("rmdir");
2660
}
2661
}
2662
TEMP_FAILURE_RETRY(close(tempdir_fd));
2663
}
3333
clean_dir_at(-1, tempdir, 0);
2664
3334
}
2665
3335
2666
3336
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0