47
116
#include <avahi-common/malloc.h>
48
117
#include <avahi-common/error.h>
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
65
#include <errno.h> /* perror() */
120
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
123
init_gnutls_session(),
125
#include <gnutls/openpgp.h>
126
/* gnutls_certificate_set_openpgp_key_file(),
127
GNUTLS_OPENPGP_FMT_BASE64 */
130
#include <gpgme.h> /* All GPGME types, constants and
133
GPGME_PROTOCOL_OpenPGP,
71
136
#define BUFFER_SIZE 256
74
const char *certdir = "/conf/conf.d/cryptkeyreq/";
75
const char *certfile = "openpgp-client.txt";
76
const char *certkey = "openpgp-client-key.txt";
138
#define PATHDIR "/conf/conf.d/mandos"
139
#define SECKEY "seckey.txt"
140
#define PUBKEY "pubkey.txt"
141
#define HOOKDIR "/lib/mandos/network-hooks.d"
78
143
bool debug = false;
144
static const char mandos_protocol_version[] = "1";
145
const char *argp_program_version = "mandos-client " VERSION;
146
const char *argp_program_bug_address = "<mandos@recompile.se>";
147
static const char sys_class_net[] = "/sys/class/net";
148
char *connect_to = NULL;
149
const char *hookdir = HOOKDIR;
154
/* Doubly linked list that need to be circularly linked when used */
155
typedef struct server{
158
AvahiIfIndex if_index;
160
struct timespec last_seen;
165
/* Used for passing in values through the Avahi callback functions */
81
gnutls_session_t session;
82
168
gnutls_certificate_credentials_t cred;
169
unsigned int dh_bits;
83
170
gnutls_dh_params_t dh_params;
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
89
gpgme_data_t dh_crypto, dh_plain;
171
const char *priority;
173
server *current_server;
175
size_t interfaces_size;
178
/* global so signal handler can reach it*/
179
AvahiSimplePoll *simple_poll;
181
sig_atomic_t quit_now = 0;
182
int signal_received = 0;
184
/* Function to use when printing errors */
185
void perror_plus(const char *print_text){
187
fprintf(stderr, "Mandos plugin %s: ",
188
program_invocation_short_name);
193
__attribute__((format (gnu_printf, 2, 3), nonnull))
194
int fprintf_plus(FILE *stream, const char *format, ...){
196
va_start (ap, format);
198
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
199
program_invocation_short_name));
200
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
204
* Make additional room in "buffer" for at least BUFFER_SIZE more
205
* bytes. "buffer_capacity" is how much is currently allocated,
206
* "buffer_length" is how much is already used.
208
__attribute__((nonnull, warn_unused_result))
209
size_t incbuffer(char **buffer, size_t buffer_length,
210
size_t buffer_capacity){
211
if(buffer_length + BUFFER_SIZE > buffer_capacity){
212
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
214
int old_errno = errno;
221
buffer_capacity += BUFFER_SIZE;
223
return buffer_capacity;
226
/* Add server to set of servers to retry periodically */
227
__attribute__((nonnull, warn_unused_result))
228
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
229
int af, server **current_server){
231
server *new_server = malloc(sizeof(server));
232
if(new_server == NULL){
233
perror_plus("malloc");
236
*new_server = (server){ .ip = strdup(ip),
238
.if_index = if_index,
240
if(new_server->ip == NULL){
241
perror_plus("strdup");
245
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
247
perror_plus("clock_gettime");
249
#pragma GCC diagnostic push
250
#pragma GCC diagnostic ignored "-Wcast-qual"
252
free((char *)(new_server->ip));
254
#pragma GCC diagnostic pop
259
/* Special case of first server */
260
if(*current_server == NULL){
261
new_server->next = new_server;
262
new_server->prev = new_server;
263
*current_server = new_server;
265
/* Place the new server last in the list */
266
new_server->next = *current_server;
267
new_server->prev = (*current_server)->prev;
268
new_server->prev->next = new_server;
269
(*current_server)->prev = new_server;
277
__attribute__((nonnull, warn_unused_result))
278
static bool init_gpgme(const char * const seckey,
279
const char * const pubkey,
280
const char * const tempdir,
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
95
283
gpgme_engine_info_t engine_info;
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
286
* Helper function to insert pub and seckey to the engine keyring.
288
bool import_key(const char * const filename){
291
gpgme_data_t pgp_data;
293
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
299
rc = gpgme_data_new_from_fd(&pgp_data, fd);
300
if(rc != GPG_ERR_NO_ERROR){
301
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
302
gpgme_strsource(rc), gpgme_strerror(rc));
306
rc = gpgme_op_import(mc->ctx, pgp_data);
307
if(rc != GPG_ERR_NO_ERROR){
308
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
309
gpgme_strsource(rc), gpgme_strerror(rc));
315
perror_plus("close");
317
gpgme_data_release(pgp_data);
322
fprintf_plus(stderr, "Initializing GPGME\n");
102
326
gpgme_check_version(NULL);
103
327
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
104
if (rc != GPG_ERR_NO_ERROR){
105
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
106
gpgme_strsource(rc), gpgme_strerror(rc));
328
if(rc != GPG_ERR_NO_ERROR){
329
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
330
gpgme_strsource(rc), gpgme_strerror(rc));
110
/* Set GPGME home directory */
111
rc = gpgme_get_engine_info (&engine_info);
112
if (rc != GPG_ERR_NO_ERROR){
113
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
114
gpgme_strsource(rc), gpgme_strerror(rc));
334
/* Set GPGME home directory for the OpenPGP engine only */
335
rc = gpgme_get_engine_info(&engine_info);
336
if(rc != GPG_ERR_NO_ERROR){
337
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
338
gpgme_strsource(rc), gpgme_strerror(rc));
117
341
while(engine_info != NULL){
118
342
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
119
343
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
120
engine_info->file_name, homedir);
344
engine_info->file_name, tempdir);
123
347
engine_info = engine_info->next;
125
349
if(engine_info == NULL){
126
fprintf(stderr, "Could not set home dir to %s\n", homedir);
130
/* Create new GPGME data buffer from packet buffer */
131
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
132
if (rc != GPG_ERR_NO_ERROR){
133
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
134
gpgme_strsource(rc), gpgme_strerror(rc));
350
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
355
/* Create new GPGME "context" */
356
rc = gpgme_new(&(mc->ctx));
357
if(rc != GPG_ERR_NO_ERROR){
358
fprintf_plus(stderr, "Mandos plugin mandos-client: "
359
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
364
if(not import_key(pubkey) or not import_key(seckey)){
372
* Decrypt OpenPGP data.
373
* Returns -1 on error
375
__attribute__((nonnull, warn_unused_result))
376
static ssize_t pgp_packet_decrypt(const char *cryptotext,
380
gpgme_data_t dh_crypto, dh_plain;
383
size_t plaintext_capacity = 0;
384
ssize_t plaintext_length = 0;
387
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
390
/* Create new GPGME data buffer from memory cryptotext */
391
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
393
if(rc != GPG_ERR_NO_ERROR){
394
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
395
gpgme_strsource(rc), gpgme_strerror(rc));
138
399
/* Create new empty GPGME data buffer for the plaintext */
139
400
rc = gpgme_data_new(&dh_plain);
140
if (rc != GPG_ERR_NO_ERROR){
141
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
142
gpgme_strsource(rc), gpgme_strerror(rc));
146
/* Create new GPGME "context" */
147
rc = gpgme_new(&ctx);
148
if (rc != GPG_ERR_NO_ERROR){
149
fprintf(stderr, "bad gpgme_new: %s: %s\n",
150
gpgme_strsource(rc), gpgme_strerror(rc));
154
/* Decrypt data from the FILE pointer to the plaintext data
156
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
157
if (rc != GPG_ERR_NO_ERROR){
158
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
159
gpgme_strsource(rc), gpgme_strerror(rc));
164
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
168
gpgme_decrypt_result_t result;
169
result = gpgme_op_decrypt_result(ctx);
171
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
fprintf(stderr, "Unsupported algorithm: %s\n",
174
result->unsupported_algorithm);
175
fprintf(stderr, "Wrong key usage: %d\n",
176
result->wrong_key_usage);
177
if(result->file_name != NULL){
178
fprintf(stderr, "File name: %s\n", result->file_name);
180
gpgme_recipient_t recipient;
181
recipient = result->recipients;
401
if(rc != GPG_ERR_NO_ERROR){
402
fprintf_plus(stderr, "Mandos plugin mandos-client: "
403
"bad gpgme_data_new: %s: %s\n",
404
gpgme_strsource(rc), gpgme_strerror(rc));
405
gpgme_data_release(dh_crypto);
409
/* Decrypt data from the cryptotext data buffer to the plaintext
411
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
412
if(rc != GPG_ERR_NO_ERROR){
413
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
414
gpgme_strsource(rc), gpgme_strerror(rc));
415
plaintext_length = -1;
417
gpgme_decrypt_result_t result;
418
result = gpgme_op_decrypt_result(mc->ctx);
420
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
422
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
423
result->unsupported_algorithm);
424
fprintf_plus(stderr, "Wrong key usage: %u\n",
425
result->wrong_key_usage);
426
if(result->file_name != NULL){
427
fprintf_plus(stderr, "File name: %s\n", result->file_name);
429
gpgme_recipient_t recipient;
430
recipient = result->recipients;
183
431
while(recipient != NULL){
184
fprintf(stderr, "Public key algorithm: %s\n",
185
gpgme_pubkey_algo_name(recipient->pubkey_algo));
186
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
187
fprintf(stderr, "Secret key available: %s\n",
188
recipient->status == GPG_ERR_NO_SECKEY
432
fprintf_plus(stderr, "Public key algorithm: %s\n",
433
gpgme_pubkey_algo_name
434
(recipient->pubkey_algo));
435
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
436
fprintf_plus(stderr, "Secret key available: %s\n",
437
recipient->status == GPG_ERR_NO_SECKEY
190
439
recipient = recipient->next;
196
/* Delete the GPGME FILE pointer cryptotext data buffer */
197
gpgme_data_release(dh_crypto);
447
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
199
450
/* Seek back to the beginning of the GPGME plaintext data buffer */
200
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
451
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
452
perror_plus("gpgme_data_seek");
453
plaintext_length = -1;
204
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
205
*new_packet = realloc(*new_packet,
206
(unsigned int)new_packet_capacity
208
if (*new_packet == NULL){
212
new_packet_capacity += BUFFER_SIZE;
459
plaintext_capacity = incbuffer(plaintext,
460
(size_t)plaintext_length,
462
if(plaintext_capacity == 0){
463
perror_plus("incbuffer");
464
plaintext_length = -1;
215
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
468
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
217
470
/* Print the data, if any */
222
perror("gpgme_data_read");
225
new_packet_length += ret;
228
/* FIXME: check characters before printing to screen so to not print
229
terminal control characters */
231
/* fprintf(stderr, "decrypted password is: "); */
232
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
233
/* fprintf(stderr, "\n"); */
476
perror_plus("gpgme_data_read");
477
plaintext_length = -1;
480
plaintext_length += ret;
484
fprintf_plus(stderr, "Decrypted password is: ");
485
for(ssize_t i = 0; i < plaintext_length; i++){
486
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
488
fprintf(stderr, "\n");
493
/* Delete the GPGME cryptotext data buffer */
494
gpgme_data_release(dh_crypto);
236
496
/* Delete the GPGME plaintext data buffer */
237
497
gpgme_data_release(dh_plain);
238
return new_packet_length;
241
static const char * safer_gnutls_strerror (int value) {
242
const char *ret = gnutls_strerror (value);
248
void debuggnutls(__attribute__((unused)) int level,
250
fprintf(stderr, "%s", string);
253
int initgnutls(encrypted_session *es){
498
return plaintext_length;
501
__attribute__((warn_unused_result, const))
502
static const char *safe_string(const char *str){
508
__attribute__((warn_unused_result))
509
static const char *safer_gnutls_strerror(int value){
510
const char *ret = gnutls_strerror(value);
511
return safe_string(ret);
514
/* GnuTLS log function callback */
515
__attribute__((nonnull))
516
static void debuggnutls(__attribute__((unused)) int level,
518
fprintf_plus(stderr, "GnuTLS: %s", string);
521
__attribute__((nonnull(1, 2, 4), warn_unused_result))
522
static int init_gnutls_global(const char *pubkeyfilename,
523
const char *seckeyfilename,
524
const char *dhparamsfilename,
258
fprintf(stderr, "Initializing GnuTLS\n");
261
if ((ret = gnutls_global_init ())
262
!= GNUTLS_E_SUCCESS) {
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
530
fprintf_plus(stderr, "Initializing GnuTLS\n");
534
/* "Use a log level over 10 to enable all debugging options."
268
537
gnutls_global_set_log_level(11);
269
538
gnutls_global_set_log_function(debuggnutls);
272
/* openpgp credentials */
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
274
!= GNUTLS_E_SUCCESS) {
275
fprintf (stderr, "memory error: %s\n",
276
safer_gnutls_strerror(ret));
541
/* OpenPGP credentials */
542
ret = gnutls_certificate_allocate_credentials(&mc->cred);
543
if(ret != GNUTLS_E_SUCCESS){
544
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
545
safer_gnutls_strerror(ret));
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
550
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
551
" secret key %s as GnuTLS credentials\n",
286
556
ret = gnutls_certificate_set_openpgp_key_file
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
288
if (ret != GNUTLS_E_SUCCESS) {
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
292
ret, certfile, certkey);
293
fprintf(stdout, "The Error is: %s\n",
294
safer_gnutls_strerror(ret));
298
//GnuTLS server initialization
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
300
!= GNUTLS_E_SUCCESS) {
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
302
safer_gnutls_strerror(ret));
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
307
!= GNUTLS_E_SUCCESS) {
308
fprintf (stderr, "Error in prime generation: %s\n",
309
safer_gnutls_strerror(ret));
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
315
// GnuTLS session creation
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
317
!= GNUTLS_E_SUCCESS){
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
319
safer_gnutls_strerror(ret));
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf(stderr, "Syntax error at: %s\n", err);
325
fprintf(stderr, "GnuTLS error: %s\n",
326
safer_gnutls_strerror(ret));
330
if ((ret = gnutls_credentials_set
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
332
!= GNUTLS_E_SUCCESS) {
333
fprintf(stderr, "Error setting a credentials set: %s\n",
334
safer_gnutls_strerror(ret));
557
(mc->cred, pubkeyfilename, seckeyfilename,
558
GNUTLS_OPENPGP_FMT_BASE64);
559
if(ret != GNUTLS_E_SUCCESS){
561
"Error[%d] while reading the OpenPGP key pair ('%s',"
562
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
563
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
564
safer_gnutls_strerror(ret));
568
/* GnuTLS server initialization */
569
ret = gnutls_dh_params_init(&mc->dh_params);
570
if(ret != GNUTLS_E_SUCCESS){
571
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
572
" initialization: %s\n",
573
safer_gnutls_strerror(ret));
576
/* If a Diffie-Hellman parameters file was given, try to use it */
577
if(dhparamsfilename != NULL){
578
gnutls_datum_t params = { .data = NULL, .size = 0 };
580
int dhpfile = open(dhparamsfilename, O_RDONLY);
583
dhparamsfilename = NULL;
586
size_t params_capacity = 0;
588
params_capacity = incbuffer((char **)¶ms.data,
590
(size_t)params_capacity);
591
if(params_capacity == 0){
592
perror_plus("incbuffer");
595
dhparamsfilename = NULL;
598
ssize_t bytes_read = read(dhpfile,
599
params.data + params.size,
605
/* check bytes_read for failure */
610
dhparamsfilename = NULL;
613
params.size += (unsigned int)bytes_read;
615
if(params.data == NULL){
616
dhparamsfilename = NULL;
618
if(dhparamsfilename == NULL){
621
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
622
GNUTLS_X509_FMT_PEM);
623
if(ret != GNUTLS_E_SUCCESS){
624
fprintf_plus(stderr, "Failed to parse DH parameters in file"
625
" \"%s\": %s\n", dhparamsfilename,
626
safer_gnutls_strerror(ret));
627
dhparamsfilename = NULL;
631
if(dhparamsfilename == NULL){
632
if(mc->dh_bits == 0){
633
/* Find out the optimal number of DH bits */
634
/* Try to read the private key file */
635
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
637
int secfile = open(seckeyfilename, O_RDONLY);
642
size_t buffer_capacity = 0;
644
buffer_capacity = incbuffer((char **)&buffer.data,
646
(size_t)buffer_capacity);
647
if(buffer_capacity == 0){
648
perror_plus("incbuffer");
653
ssize_t bytes_read = read(secfile,
654
buffer.data + buffer.size,
660
/* check bytes_read for failure */
667
buffer.size += (unsigned int)bytes_read;
671
/* If successful, use buffer to parse private key */
672
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
673
if(buffer.data != NULL){
675
gnutls_openpgp_privkey_t privkey = NULL;
676
ret = gnutls_openpgp_privkey_init(&privkey);
677
if(ret != GNUTLS_E_SUCCESS){
678
fprintf_plus(stderr, "Error initializing OpenPGP key"
680
safer_gnutls_strerror(ret));
684
ret = gnutls_openpgp_privkey_import
685
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
686
if(ret != GNUTLS_E_SUCCESS){
687
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
688
safer_gnutls_strerror(ret));
694
/* Use private key to suggest an appropriate
696
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
697
gnutls_openpgp_privkey_deinit(privkey);
699
fprintf_plus(stderr, "This OpenPGP key implies using"
700
" a GnuTLS security parameter \"%s\".\n",
701
safe_string(gnutls_sec_param_get_name
707
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
708
/* Err on the side of caution */
709
sec_param = GNUTLS_SEC_PARAM_ULTRA;
711
fprintf_plus(stderr, "Falling back to security parameter"
713
safe_string(gnutls_sec_param_get_name
718
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
723
" implies %u DH bits; using that.\n",
724
safe_string(gnutls_sec_param_get_name
729
fprintf_plus(stderr, "Failed to get implied number of DH"
730
" bits for security parameter \"%s\"): %s\n",
731
safe_string(gnutls_sec_param_get_name
733
safer_gnutls_strerror(ret));
737
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
740
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
741
if(ret != GNUTLS_E_SUCCESS){
742
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
743
" bits): %s\n", mc->dh_bits,
744
safer_gnutls_strerror(ret));
748
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
754
gnutls_certificate_free_credentials(mc->cred);
755
gnutls_dh_params_deinit(mc->dh_params);
759
__attribute__((nonnull, warn_unused_result))
760
static int init_gnutls_session(gnutls_session_t *session,
763
/* GnuTLS session creation */
765
ret = gnutls_init(session, GNUTLS_SERVER);
769
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
770
if(ret != GNUTLS_E_SUCCESS){
772
"Error in GnuTLS session initialization: %s\n",
773
safer_gnutls_strerror(ret));
779
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
781
gnutls_deinit(*session);
784
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
785
if(ret != GNUTLS_E_SUCCESS){
786
fprintf_plus(stderr, "Syntax error at: %s\n", err);
787
fprintf_plus(stderr, "GnuTLS error: %s\n",
788
safer_gnutls_strerror(ret));
789
gnutls_deinit(*session);
795
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
798
gnutls_deinit(*session);
801
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
802
if(ret != GNUTLS_E_SUCCESS){
803
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
804
safer_gnutls_strerror(ret));
805
gnutls_deinit(*session);
338
809
/* ignore client certificate if any. */
339
gnutls_certificate_server_set_request (es->session,
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
810
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
350
int start_mandos_communication(const char *ip, uint16_t port,
351
unsigned int if_index){
353
struct sockaddr_in6 to;
354
encrypted_session es;
815
/* Avahi log function callback */
816
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
817
__attribute__((unused)) const char *txt){}
819
/* Set effective uid to 0, return errno */
820
__attribute__((warn_unused_result))
821
int raise_privileges(void){
822
int old_errno = errno;
824
if(seteuid(0) == -1){
831
/* Set effective and real user ID to 0. Return errno. */
832
__attribute__((warn_unused_result))
833
int raise_privileges_permanently(void){
834
int old_errno = errno;
835
int ret = raise_privileges();
847
/* Set effective user ID to unprivileged saved user ID */
848
__attribute__((warn_unused_result))
849
int lower_privileges(void){
850
int old_errno = errno;
852
if(seteuid(uid) == -1){
859
/* Lower privileges permanently */
860
__attribute__((warn_unused_result))
861
int lower_privileges_permanently(void){
862
int old_errno = errno;
864
if(setuid(uid) == -1){
871
/* Helper function to add_local_route() and delete_local_route() */
872
__attribute__((nonnull, warn_unused_result))
873
static bool add_delete_local_route(const bool add,
875
AvahiIfIndex if_index){
877
char helper[] = "mandos-client-iprouteadddel";
878
char add_arg[] = "add";
879
char delete_arg[] = "delete";
880
char debug_flag[] = "--debug";
881
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
882
if(pluginhelperdir == NULL){
884
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
885
" variable not set; cannot run helper\n");
890
char interface[IF_NAMESIZE];
891
if(if_indextoname((unsigned int)if_index, interface) == NULL){
892
perror_plus("if_indextoname");
896
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
898
perror_plus("open(\"/dev/null\", O_RDONLY)");
904
/* Raise privileges */
905
errno = raise_privileges_permanently();
907
perror_plus("Failed to raise privileges");
908
/* _exit(EX_NOPERM); */
914
perror_plus("setgid");
917
/* Reset supplementary groups */
919
ret = setgroups(0, NULL);
921
perror_plus("setgroups");
925
ret = dup2(devnull, STDIN_FILENO);
927
perror_plus("dup2(devnull, STDIN_FILENO)");
930
ret = close(devnull);
932
perror_plus("close");
935
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
937
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
940
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
if(helperdir_fd == -1){
947
_exit(EX_UNAVAILABLE);
949
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
952
perror_plus("openat");
954
_exit(EX_UNAVAILABLE);
958
#pragma GCC diagnostic push
959
#pragma GCC diagnostic ignored "-Wcast-qual"
961
if(fexecve(helper_fd, (char *const [])
962
{ helper, add ? add_arg : delete_arg, (char *)address,
963
interface, debug ? debug_flag : NULL, NULL },
966
#pragma GCC diagnostic pop
968
perror_plus("fexecve");
980
pret = waitpid(pid, &status, 0);
981
if(pret == -1 and errno == EINTR and quit_now){
982
int errno_raising = 0;
983
if((errno = raise_privileges()) != 0){
984
errno_raising = errno;
985
perror_plus("Failed to raise privileges in order to"
986
" kill helper program");
988
if(kill(pid, SIGTERM) == -1){
991
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
992
perror_plus("Failed to lower privileges after killing"
997
} while(pret == -1 and errno == EINTR);
999
perror_plus("waitpid");
1002
if(WIFEXITED(status)){
1003
if(WEXITSTATUS(status) != 0){
1004
fprintf_plus(stderr, "Error: iprouteadddel exited"
1005
" with status %d\n", WEXITSTATUS(status));
1010
if(WIFSIGNALED(status)){
1011
fprintf_plus(stderr, "Error: iprouteadddel died by"
1012
" signal %d\n", WTERMSIG(status));
1015
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1019
__attribute__((nonnull, warn_unused_result))
1020
static bool add_local_route(const char *address,
1021
AvahiIfIndex if_index){
1023
fprintf_plus(stderr, "Adding route to %s\n", address);
1025
return add_delete_local_route(true, address, if_index);
1028
__attribute__((nonnull, warn_unused_result))
1029
static bool delete_local_route(const char *address,
1030
AvahiIfIndex if_index){
1032
fprintf_plus(stderr, "Removing route to %s\n", address);
1034
return add_delete_local_route(false, address, if_index);
1037
/* Called when a Mandos server is found */
1038
__attribute__((nonnull, warn_unused_result))
1039
static int start_mandos_communication(const char *ip, in_port_t port,
1040
AvahiIfIndex if_index,
1041
int af, mandos_context *mc){
1042
int ret, tcp_sd = -1;
1044
struct sockaddr_storage to;
355
1045
char *buffer = NULL;
356
char *decrypted_buffer;
1046
char *decrypted_buffer = NULL;
357
1047
size_t buffer_length = 0;
358
1048
size_t buffer_capacity = 0;
359
ssize_t decrypted_buffer_size;
362
char interface[IF_NAMESIZE];
365
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
368
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
374
if(if_indextoname(if_index, interface) == NULL){
376
perror("if_indextoname");
382
fprintf(stderr, "Binding to interface %s\n", interface);
385
memset(&to,0,sizeof(to)); /* Spurious warning */
386
to.sin6_family = AF_INET6;
387
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
1051
gnutls_session_t session;
1052
int pf; /* Protocol family */
1053
bool route_added = false;
1070
fprintf_plus(stderr, "Bad address family: %d\n", af);
1075
/* If the interface is specified and we have a list of interfaces */
1076
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1077
/* Check if the interface is one of the interfaces we are using */
1080
char *interface = NULL;
1081
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1083
if(if_nametoindex(interface) == (unsigned int)if_index){
1090
/* This interface does not match any in the list, so we don't
1091
connect to the server */
1093
char interface[IF_NAMESIZE];
1094
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1095
perror_plus("if_indextoname");
1097
fprintf_plus(stderr, "Skipping server on non-used interface"
1099
if_indextoname((unsigned int)if_index,
1107
ret = init_gnutls_session(&session, mc);
1113
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1114
PRIuMAX "\n", ip, (uintmax_t)port);
1117
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1120
perror_plus("socket");
1131
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1132
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1133
ret = inet_pton(af, ip, &to6->sin6_addr);
1135
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1136
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1137
ret = inet_pton(af, ip, &to4->sin_addr);
1141
perror_plus("inet_pton");
393
fprintf(stderr, "Bad address: %s\n", ip);
396
to.sin6_port = htons(port); /* Spurious warning */
398
to.sin6_scope_id = (uint32_t)if_index;
401
fprintf(stderr, "Connection to: %s\n", ip);
404
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
410
ret = initgnutls (&es);
416
gnutls_transport_set_ptr (es.session,
417
(gnutls_transport_ptr_t) tcp_sd);
420
fprintf(stderr, "Establishing TLS session with %s\n", ip);
423
ret = gnutls_handshake (es.session);
425
if (ret != GNUTLS_E_SUCCESS){
1147
fprintf_plus(stderr, "Bad address: %s\n", ip);
1152
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1153
if(IN6_IS_ADDR_LINKLOCAL
1154
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1155
if(if_index == AVAHI_IF_UNSPEC){
1156
fprintf_plus(stderr, "An IPv6 link-local address is"
1157
" incomplete without a network interface\n");
1161
/* Set the network interface number as scope */
1162
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1165
((struct sockaddr_in *)&to)->sin_port = htons(port);
1174
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1175
char interface[IF_NAMESIZE];
1176
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1177
perror_plus("if_indextoname");
1179
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1180
"\n", ip, interface, (uintmax_t)port);
1183
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1184
ip, (uintmax_t)port);
1186
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1187
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1189
ret = getnameinfo((struct sockaddr *)&to,
1190
sizeof(struct sockaddr_in6),
1191
addrstr, sizeof(addrstr), NULL, 0,
1194
ret = getnameinfo((struct sockaddr *)&to,
1195
sizeof(struct sockaddr_in),
1196
addrstr, sizeof(addrstr), NULL, 0,
1199
if(ret == EAI_SYSTEM){
1200
perror_plus("getnameinfo");
1201
} else if(ret != 0) {
1202
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1203
} else if(strcmp(addrstr, ip) != 0){
1204
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1215
ret = connect(tcp_sd, (struct sockaddr *)&to,
1216
sizeof(struct sockaddr_in6));
1218
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1219
sizeof(struct sockaddr_in));
1222
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1223
and if_index != AVAHI_IF_UNSPEC
1224
and connect_to == NULL
1225
and not route_added and
1226
((af == AF_INET6 and not
1227
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1229
or (af == AF_INET and
1230
/* Not a a IPv4LL address */
1231
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1232
& 0xFFFF0000L) != 0xA9FE0000L))){
1233
/* Work around Avahi bug - Avahi does not announce link-local
1234
addresses if it has a global address, so local hosts with
1235
*only* a link-local address (e.g. Mandos clients) cannot
1236
connect to a Mandos server announced by Avahi on a server
1237
host with a global address. Work around this by retrying
1238
with an explicit route added with the server's address.
1240
Avahi bug reference:
1241
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1242
https://bugs.debian.org/587961
1245
fprintf_plus(stderr, "Mandos server unreachable, trying"
1249
route_added = add_local_route(ip, if_index);
1255
if(errno != ECONNREFUSED or debug){
1257
perror_plus("connect");
1270
const char *out = mandos_protocol_version;
1273
size_t out_size = strlen(out);
1274
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1275
out_size - written));
1278
perror_plus("write");
1282
written += (size_t)ret;
1283
if(written < out_size){
1286
if(out == mandos_protocol_version){
1301
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1309
/* This casting via intptr_t is to eliminate warning about casting
1310
an int to a pointer type. This is exactly how the GnuTLS Guile
1311
function "set-session-transport-fd!" does it. */
1312
gnutls_transport_set_ptr(session,
1313
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1321
ret = gnutls_handshake(session);
1326
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1328
if(ret != GNUTLS_E_SUCCESS){
427
fprintf(stderr, "\n*** Handshake failed ***\n");
1330
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
434
//Retrieve OpenPGP packet that contains the wanted password
1337
/* Read OpenPGP packet that contains the wanted password */
437
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
1340
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
442
if (buffer_length + BUFFER_SIZE > buffer_capacity){
443
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
448
buffer_capacity += BUFFER_SIZE;
451
ret = gnutls_record_recv
452
(es.session, buffer+buffer_length, BUFFER_SIZE);
1351
buffer_capacity = incbuffer(&buffer, buffer_length,
1353
if(buffer_capacity == 0){
1355
perror_plus("incbuffer");
1365
sret = gnutls_record_recv(session, buffer+buffer_length,
458
1372
case GNUTLS_E_INTERRUPTED:
459
1373
case GNUTLS_E_AGAIN:
461
1375
case GNUTLS_E_REHANDSHAKE:
462
ret = gnutls_handshake (es.session);
464
fprintf(stderr, "\n*** Handshake failed ***\n");
1377
ret = gnutls_handshake(session);
1383
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1385
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
471
fprintf(stderr, "Unknown error while reading data from"
472
" encrypted session with mandos server\n");
474
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
1393
fprintf_plus(stderr, "Unknown error while reading data from"
1394
" encrypted session with Mandos server\n");
1395
gnutls_bye(session, GNUTLS_SHUT_RDWR);
478
buffer_length += (size_t) ret;
482
if (buffer_length > 0){
483
decrypted_buffer_size = pgp_packet_decrypt(buffer,
487
if (decrypted_buffer_size >= 0){
488
while(written < decrypted_buffer_size){
489
ret = (int)fwrite (decrypted_buffer + written, 1,
490
(size_t)decrypted_buffer_size - written,
1400
buffer_length += (size_t) sret;
1405
fprintf_plus(stderr, "Closing TLS session\n");
1414
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1419
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1421
if(buffer_length > 0){
1422
ssize_t decrypted_buffer_size;
1423
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1424
&decrypted_buffer, mc);
1425
if(decrypted_buffer_size >= 0){
1429
while(written < (size_t) decrypted_buffer_size){
1435
ret = (int)fwrite(decrypted_buffer + written, 1,
1436
(size_t)decrypted_buffer_size - written,
492
1438
if(ret == 0 and ferror(stdout)){
494
fprintf(stderr, "Error writing encrypted data: %s\n",
1441
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
500
1447
written += (size_t)ret;
502
free(decrypted_buffer);
1449
ret = fflush(stdout);
1453
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1463
/* Shutdown procedure */
1468
if(not delete_local_route(ip, if_index)){
1469
fprintf_plus(stderr, "Failed to delete local route to %s on"
1470
" interface %d", ip, if_index);
1474
free(decrypted_buffer);
1477
ret = close(tcp_sd);
1483
perror_plus("close");
1485
gnutls_deinit(session);
511
fprintf(stderr, "Closing TLS session\n");
515
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
518
gnutls_deinit (es.session);
519
gnutls_certificate_free_credentials (es.cred);
520
gnutls_global_deinit ();
524
static AvahiSimplePoll *simple_poll = NULL;
525
static AvahiServer *server = NULL;
527
static void resolve_callback(
528
AvahiSServiceResolver *r,
529
AvahiIfIndex interface,
530
AVAHI_GCC_UNUSED AvahiProtocol protocol,
531
AvahiResolverEvent event,
535
const char *host_name,
536
const AvahiAddress *address,
538
AVAHI_GCC_UNUSED AvahiStringList *txt,
539
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
540
AVAHI_GCC_UNUSED void* userdata) {
542
assert(r); /* Spurious warning */
1495
__attribute__((nonnull))
1496
static void resolve_callback(AvahiSServiceResolver *r,
1497
AvahiIfIndex interface,
1498
AvahiProtocol proto,
1499
AvahiResolverEvent event,
1503
const char *host_name,
1504
const AvahiAddress *address,
1506
AVAHI_GCC_UNUSED AvahiStringList *txt,
1507
AVAHI_GCC_UNUSED AvahiLookupResultFlags
544
1514
/* Called whenever a service has been resolved successfully or
1518
avahi_s_service_resolver_free(r);
549
1524
case AVAHI_RESOLVER_FAILURE:
550
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
551
" type '%s' in domain '%s': %s\n", name, type, domain,
552
avahi_strerror(avahi_server_errno(server)));
1525
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1526
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1528
avahi_strerror(avahi_server_errno
1529
(((mandos_context*)mc)->server)));
555
1532
case AVAHI_RESOLVER_FOUND:
557
1534
char ip[AVAHI_ADDRESS_STR_MAX];
558
1535
avahi_address_snprint(ip, sizeof(ip), address);
560
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
561
" port %d\n", name, host_name, ip, port);
1537
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1538
PRIdMAX ") on port %" PRIu16 "\n", name,
1539
host_name, ip, (intmax_t)interface, port);
563
int ret = start_mandos_communication(ip, port,
564
(unsigned int) interface);
1541
int ret = start_mandos_communication(ip, (in_port_t)port,
1543
avahi_proto_to_af(proto),
1546
avahi_simple_poll_quit(simple_poll);
1548
if(not add_server(ip, (in_port_t)port, interface,
1549
avahi_proto_to_af(proto),
1550
&((mandos_context*)mc)->current_server)){
1551
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
570
1557
avahi_s_service_resolver_free(r);
573
static void browse_callback(
574
AvahiSServiceBrowser *b,
575
AvahiIfIndex interface,
576
AvahiProtocol protocol,
577
AvahiBrowserEvent event,
581
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
584
AvahiServer *s = userdata;
585
assert(b); /* Spurious warning */
587
/* Called whenever a new services becomes available on the LAN or
588
is removed from the LAN */
592
case AVAHI_BROWSER_FAILURE:
594
fprintf(stderr, "(Browser) %s\n",
595
avahi_strerror(avahi_server_errno(server)));
596
avahi_simple_poll_quit(simple_poll);
1560
static void browse_callback(AvahiSServiceBrowser *b,
1561
AvahiIfIndex interface,
1562
AvahiProtocol protocol,
1563
AvahiBrowserEvent event,
1567
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1574
/* Called whenever a new services becomes available on the LAN or
1575
is removed from the LAN */
1583
case AVAHI_BROWSER_FAILURE:
1585
fprintf_plus(stderr, "(Avahi browser) %s\n",
1586
avahi_strerror(avahi_server_errno
1587
(((mandos_context*)mc)->server)));
1588
avahi_simple_poll_quit(simple_poll);
1591
case AVAHI_BROWSER_NEW:
1592
/* We ignore the returned Avahi resolver object. In the callback
1593
function we free it. If the Avahi server is terminated before
1594
the callback function is called the Avahi server will free the
1597
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1598
interface, protocol, name, type,
1599
domain, protocol, 0,
1600
resolve_callback, mc) == NULL)
1601
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1603
avahi_strerror(avahi_server_errno
1604
(((mandos_context*)mc)->server)));
1607
case AVAHI_BROWSER_REMOVE:
1610
case AVAHI_BROWSER_ALL_FOR_NOW:
1611
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1613
fprintf_plus(stderr, "No Mandos server found, still"
1620
/* Signal handler that stops main loop after SIGTERM */
1621
static void handle_sigterm(int sig){
1626
signal_received = sig;
1627
int old_errno = errno;
1628
/* set main loop to exit */
1629
if(simple_poll != NULL){
1630
avahi_simple_poll_quit(simple_poll);
1635
__attribute__((nonnull, warn_unused_result))
1636
bool get_flags(const char *ifname, struct ifreq *ifr){
1640
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1643
perror_plus("socket");
1647
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1648
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1649
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1653
perror_plus("ioctl SIOCGIFFLAGS");
1661
__attribute__((nonnull, warn_unused_result))
1662
bool good_flags(const char *ifname, const struct ifreq *ifr){
1664
/* Reject the loopback device */
1665
if(ifr->ifr_flags & IFF_LOOPBACK){
1667
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1672
/* Accept point-to-point devices only if connect_to is specified */
1673
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1675
fprintf_plus(stderr, "Accepting point-to-point interface"
1676
" \"%s\"\n", ifname);
1680
/* Otherwise, reject non-broadcast-capable devices */
1681
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1683
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1684
" \"%s\"\n", ifname);
1688
/* Reject non-ARP interfaces (including dummy interfaces) */
1689
if(ifr->ifr_flags & IFF_NOARP){
1691
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1697
/* Accept this device */
1699
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1705
* This function determines if a directory entry in /sys/class/net
1706
* corresponds to an acceptable network device.
1707
* (This function is passed to scandir(3) as a filter function.)
1709
__attribute__((nonnull, warn_unused_result))
1710
int good_interface(const struct dirent *if_entry){
1711
if(if_entry->d_name[0] == '.'){
1716
if(not get_flags(if_entry->d_name, &ifr)){
1718
fprintf_plus(stderr, "Failed to get flags for interface "
1719
"\"%s\"\n", if_entry->d_name);
1724
if(not good_flags(if_entry->d_name, &ifr)){
1731
* This function determines if a network interface is up.
1733
__attribute__((nonnull, warn_unused_result))
1734
bool interface_is_up(const char *interface){
1736
if(not get_flags(interface, &ifr)){
1738
fprintf_plus(stderr, "Failed to get flags for interface "
1739
"\"%s\"\n", interface);
1744
return (bool)(ifr.ifr_flags & IFF_UP);
1748
* This function determines if a network interface is running
1750
__attribute__((nonnull, warn_unused_result))
1751
bool interface_is_running(const char *interface){
1753
if(not get_flags(interface, &ifr)){
1755
fprintf_plus(stderr, "Failed to get flags for interface "
1756
"\"%s\"\n", interface);
1761
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1764
__attribute__((nonnull, pure, warn_unused_result))
1765
int notdotentries(const struct dirent *direntry){
1766
/* Skip "." and ".." */
1767
if(direntry->d_name[0] == '.'
1768
and (direntry->d_name[1] == '\0'
1769
or (direntry->d_name[1] == '.'
1770
and direntry->d_name[2] == '\0'))){
1776
/* Is this directory entry a runnable program? */
1777
__attribute__((nonnull, warn_unused_result))
1778
int runnable_hook(const struct dirent *direntry){
1783
if((direntry->d_name)[0] == '\0'){
1788
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1789
"abcdefghijklmnopqrstuvwxyz"
1792
if((direntry->d_name)[sret] != '\0'){
1793
/* Contains non-allowed characters */
1795
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1801
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1804
perror_plus("Could not stat hook");
1808
if(not (S_ISREG(st.st_mode))){
1809
/* Not a regular file */
1811
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1816
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1817
/* Not executable */
1819
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1825
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1831
__attribute__((nonnull, warn_unused_result))
1832
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1833
mandos_context *mc){
1835
struct timespec now;
1836
struct timespec waited_time;
1837
intmax_t block_time;
1840
if(mc->current_server == NULL){
1842
fprintf_plus(stderr, "Wait until first server is found."
1845
ret = avahi_simple_poll_iterate(s, -1);
1848
fprintf_plus(stderr, "Check current_server if we should run"
1851
/* the current time */
1852
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1854
perror_plus("clock_gettime");
1857
/* Calculating in ms how long time between now and server
1858
who we visted longest time ago. Now - last seen. */
1859
waited_time.tv_sec = (now.tv_sec
1860
- mc->current_server->last_seen.tv_sec);
1861
waited_time.tv_nsec = (now.tv_nsec
1862
- mc->current_server->last_seen.tv_nsec);
1863
/* total time is 10s/10,000ms.
1864
Converting to s from ms by dividing by 1,000,
1865
and ns to ms by dividing by 1,000,000. */
1866
block_time = ((retry_interval
1867
- ((intmax_t)waited_time.tv_sec * 1000))
1868
- ((intmax_t)waited_time.tv_nsec / 1000000));
1871
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1875
if(block_time <= 0){
1876
ret = start_mandos_communication(mc->current_server->ip,
1877
mc->current_server->port,
1878
mc->current_server->if_index,
1879
mc->current_server->af, mc);
1881
avahi_simple_poll_quit(s);
1884
ret = clock_gettime(CLOCK_MONOTONIC,
1885
&mc->current_server->last_seen);
1887
perror_plus("clock_gettime");
1890
mc->current_server = mc->current_server->next;
1891
block_time = 0; /* Call avahi to find new Mandos
1892
servers, but don't block */
1895
ret = avahi_simple_poll_iterate(s, (int)block_time);
1898
if(ret > 0 or errno != EINTR){
1899
return (ret != 1) ? ret : 0;
1905
__attribute__((nonnull))
1906
void run_network_hooks(const char *mode, const char *interface,
1908
struct dirent **direntries = NULL;
1909
if(hookdir_fd == -1){
1910
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1912
if(hookdir_fd == -1){
1913
if(errno == ENOENT){
1915
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1916
" found\n", hookdir);
1919
perror_plus("open");
599
case AVAHI_BROWSER_NEW:
600
/* We ignore the returned resolver object. In the callback
601
function we free it. If the server is terminated before
602
the callback function is called the server will free
603
the resolver for us. */
605
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
607
AVAHI_PROTO_INET6, 0,
608
resolve_callback, s)))
609
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
610
avahi_strerror(avahi_server_errno(s)));
613
case AVAHI_BROWSER_REMOVE:
616
case AVAHI_BROWSER_ALL_FOR_NOW:
617
case AVAHI_BROWSER_CACHE_EXHAUSTED:
622
/* combinds two strings and returns the malloced new string. som sane checks could/should be added */
623
const char *combinestrings(const char *first, const char *second){
1924
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1925
runnable_hook, alphasort);
1927
perror_plus("scandir");
1930
struct dirent *direntry;
1932
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1934
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
for(int i = 0; i < numhooks; i++){
1938
direntry = direntries[i];
1940
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1943
pid_t hook_pid = fork();
1946
/* Raise privileges */
1947
errno = raise_privileges_permanently();
1949
perror_plus("Failed to raise privileges");
1956
perror_plus("setgid");
1959
/* Reset supplementary groups */
1961
ret = setgroups(0, NULL);
1963
perror_plus("setgroups");
1966
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1968
perror_plus("setenv");
1971
ret = setenv("DEVICE", interface, 1);
1973
perror_plus("setenv");
1976
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1978
perror_plus("setenv");
1981
ret = setenv("MODE", mode, 1);
1983
perror_plus("setenv");
1987
ret = asprintf(&delaystring, "%f", (double)delay);
1989
perror_plus("asprintf");
1992
ret = setenv("DELAY", delaystring, 1);
1995
perror_plus("setenv");
1999
if(connect_to != NULL){
2000
ret = setenv("CONNECT", connect_to, 1);
2002
perror_plus("setenv");
2006
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2010
perror_plus("openat");
2011
_exit(EXIT_FAILURE);
2013
if(close(hookdir_fd) == -1){
2014
perror_plus("close");
2015
_exit(EXIT_FAILURE);
2017
ret = dup2(devnull, STDIN_FILENO);
2019
perror_plus("dup2(devnull, STDIN_FILENO)");
2022
ret = close(devnull);
2024
perror_plus("close");
2027
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2029
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2032
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2034
perror_plus("fexecve");
2035
_exit(EXIT_FAILURE);
2039
perror_plus("fork");
2044
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2045
perror_plus("waitpid");
2049
if(WIFEXITED(status)){
2050
if(WEXITSTATUS(status) != 0){
2051
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2052
" with status %d\n", direntry->d_name,
2053
WEXITSTATUS(status));
2057
} else if(WIFSIGNALED(status)){
2058
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2059
" signal %d\n", direntry->d_name,
2064
fprintf_plus(stderr, "Warning: network hook \"%s\""
2065
" crashed\n", direntry->d_name);
2071
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2077
if(close(hookdir_fd) == -1){
2078
perror_plus("close");
2085
__attribute__((nonnull, warn_unused_result))
2086
int bring_up_interface(const char *const interface,
2088
int old_errno = errno;
2090
struct ifreq network;
2091
unsigned int if_index = if_nametoindex(interface);
2093
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2103
if(not interface_is_up(interface)){
2105
int ioctl_errno = 0;
2106
if(not get_flags(interface, &network)){
2108
fprintf_plus(stderr, "Failed to get flags for interface "
2109
"\"%s\"\n", interface);
2113
network.ifr_flags |= IFF_UP; /* set flag */
2115
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2118
perror_plus("socket");
2126
perror_plus("close");
2133
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2137
/* Raise privileges */
2138
ret_errno = raise_privileges();
2141
perror_plus("Failed to raise privileges");
2146
bool restore_loglevel = false;
2148
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2149
messages about the network interface to mess up the prompt */
2150
ret_linux = klogctl(8, NULL, 5);
2151
if(ret_linux == -1){
2152
perror_plus("klogctl");
2154
restore_loglevel = true;
2157
#endif /* __linux__ */
2158
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2159
ioctl_errno = errno;
2161
if(restore_loglevel){
2162
ret_linux = klogctl(7, NULL, 0);
2163
if(ret_linux == -1){
2164
perror_plus("klogctl");
2167
#endif /* __linux__ */
2169
/* If raise_privileges() succeeded above */
2171
/* Lower privileges */
2172
ret_errno = lower_privileges();
2175
perror_plus("Failed to lower privileges");
2179
/* Close the socket */
2182
perror_plus("close");
2185
if(ret_setflags == -1){
2186
errno = ioctl_errno;
2187
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2192
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2196
/* Sleep checking until interface is running.
2197
Check every 0.25s, up to total time of delay */
2198
for(int i=0; i < delay * 4; i++){
2199
if(interface_is_running(interface)){
2202
struct timespec sleeptime = { .tv_nsec = 250000000 };
2203
ret = nanosleep(&sleeptime, NULL);
2204
if(ret == -1 and errno != EINTR){
2205
perror_plus("nanosleep");
2213
__attribute__((nonnull, warn_unused_result))
2214
int take_down_interface(const char *const interface){
2215
int old_errno = errno;
2216
struct ifreq network;
2217
unsigned int if_index = if_nametoindex(interface);
2219
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2223
if(interface_is_up(interface)){
2225
int ioctl_errno = 0;
2226
if(not get_flags(interface, &network) and debug){
2228
fprintf_plus(stderr, "Failed to get flags for interface "
2229
"\"%s\"\n", interface);
2233
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2235
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2238
perror_plus("socket");
2244
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2248
/* Raise privileges */
2249
ret_errno = raise_privileges();
2252
perror_plus("Failed to raise privileges");
2255
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2256
ioctl_errno = errno;
2258
/* If raise_privileges() succeeded above */
2260
/* Lower privileges */
2261
ret_errno = lower_privileges();
2264
perror_plus("Failed to lower privileges");
2268
/* Close the socket */
2269
int ret = close(sd);
2271
perror_plus("close");
2274
if(ret_setflags == -1){
2275
errno = ioctl_errno;
2276
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2281
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2289
int main(int argc, char *argv[]){
2290
mandos_context mc = { .server = NULL, .dh_bits = 0,
2291
.priority = "SECURE256:!CTYPE-X.509"
2292
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2293
.current_server = NULL, .interfaces = NULL,
2294
.interfaces_size = 0 };
2295
AvahiSServiceBrowser *sb = NULL;
625
tmp = malloc(strlen(first) + strlen(second));
636
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
2300
int exitcode = EXIT_SUCCESS;
2301
char *interfaces_to_take_down = NULL;
2302
size_t interfaces_to_take_down_size = 0;
2303
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2304
char old_tempdir[] = "/tmp/mandosXXXXXX";
2305
char *tempdir = NULL;
2306
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2307
const char *seckey = PATHDIR "/" SECKEY;
2308
const char *pubkey = PATHDIR "/" PUBKEY;
2309
const char *dh_params_file = NULL;
2310
char *interfaces_hooks = NULL;
2312
bool gnutls_initialized = false;
2313
bool gpgme_initialized = false;
2315
double retry_interval = 10; /* 10s between trying a server and
2316
retrying the same server again */
2318
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2319
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2324
/* Lower any group privileges we might have, just to be safe */
2328
perror_plus("setgid");
2331
/* Lower user privileges (temporarily) */
2335
perror_plus("seteuid");
2343
struct argp_option options[] = {
2344
{ .name = "debug", .key = 128,
2345
.doc = "Debug mode", .group = 3 },
2346
{ .name = "connect", .key = 'c',
2347
.arg = "ADDRESS:PORT",
2348
.doc = "Connect directly to a specific Mandos server",
2350
{ .name = "interface", .key = 'i',
2352
.doc = "Network interface that will be used to search for"
2355
{ .name = "seckey", .key = 's',
2357
.doc = "OpenPGP secret key file base name",
2359
{ .name = "pubkey", .key = 'p',
2361
.doc = "OpenPGP public key file base name",
2363
{ .name = "dh-bits", .key = 129,
2365
.doc = "Bit length of the prime number used in the"
2366
" Diffie-Hellman key exchange",
2368
{ .name = "dh-params", .key = 134,
2370
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2371
" for the Diffie-Hellman key exchange",
2373
{ .name = "priority", .key = 130,
2375
.doc = "GnuTLS priority string for the TLS handshake",
2377
{ .name = "delay", .key = 131,
2379
.doc = "Maximum delay to wait for interface startup",
2381
{ .name = "retry", .key = 132,
2383
.doc = "Retry interval used when denied by the Mandos server",
2385
{ .name = "network-hook-dir", .key = 133,
2387
.doc = "Directory where network hooks are located",
2390
* These reproduce what we would get without ARGP_NO_HELP
2392
{ .name = "help", .key = '?',
2393
.doc = "Give this help list", .group = -1 },
2394
{ .name = "usage", .key = -3,
2395
.doc = "Give a short usage message", .group = -1 },
2396
{ .name = "version", .key = 'V',
2397
.doc = "Print program version", .group = -1 },
2401
error_t parse_opt(int key, char *arg,
2402
struct argp_state *state){
2405
case 128: /* --debug */
2408
case 'c': /* --connect */
2411
case 'i': /* --interface */
2412
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2415
argp_error(state, "%s", strerror(ret_errno));
2418
case 's': /* --seckey */
2421
case 'p': /* --pubkey */
2424
case 129: /* --dh-bits */
2426
tmpmax = strtoimax(arg, &tmp, 10);
2427
if(errno != 0 or tmp == arg or *tmp != '\0'
2428
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2429
argp_error(state, "Bad number of DH bits");
2431
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2433
case 134: /* --dh-params */
2434
dh_params_file = arg;
2436
case 130: /* --priority */
2439
case 131: /* --delay */
2441
delay = strtof(arg, &tmp);
2442
if(errno != 0 or tmp == arg or *tmp != '\0'){
2443
argp_error(state, "Bad delay");
2445
case 132: /* --retry */
2447
retry_interval = strtod(arg, &tmp);
2448
if(errno != 0 or tmp == arg or *tmp != '\0'
2449
or (retry_interval * 1000) > INT_MAX
2450
or retry_interval < 0){
2451
argp_error(state, "Bad retry interval");
2454
case 133: /* --network-hook-dir */
2458
* These reproduce what we would get without ARGP_NO_HELP
2460
case '?': /* --help */
2461
argp_state_help(state, state->out_stream,
2462
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2463
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2464
case -3: /* --usage */
2465
argp_state_help(state, state->out_stream,
2466
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2467
case 'V': /* --version */
2468
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2469
exit(argp_err_exit_status);
2472
return ARGP_ERR_UNKNOWN;
2477
struct argp argp = { .options = options, .parser = parse_opt,
2479
.doc = "Mandos client -- Get and decrypt"
2480
" passwords from a Mandos server" };
2481
ret_errno = argp_parse(&argp, argc, argv,
2482
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2489
perror_plus("argp_parse");
2490
exitcode = EX_OSERR;
2493
exitcode = EX_USAGE;
2499
/* Work around Debian bug #633582:
2500
<https://bugs.debian.org/633582> */
2502
/* Re-raise privileges */
2503
ret = raise_privileges();
2506
perror_plus("Failed to raise privileges");
2510
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2511
int seckey_fd = open(seckey, O_RDONLY);
2512
if(seckey_fd == -1){
2513
perror_plus("open");
2515
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2517
perror_plus("fstat");
2519
if(S_ISREG(st.st_mode)
2520
and st.st_uid == 0 and st.st_gid == 0){
2521
ret = fchown(seckey_fd, uid, gid);
2523
perror_plus("fchown");
2531
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2532
int pubkey_fd = open(pubkey, O_RDONLY);
2533
if(pubkey_fd == -1){
2534
perror_plus("open");
2536
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2538
perror_plus("fstat");
2540
if(S_ISREG(st.st_mode)
2541
and st.st_uid == 0 and st.st_gid == 0){
2542
ret = fchown(pubkey_fd, uid, gid);
2544
perror_plus("fchown");
2552
if(dh_params_file != NULL
2553
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2554
int dhparams_fd = open(dh_params_file, O_RDONLY);
2555
if(dhparams_fd == -1){
2556
perror_plus("open");
2558
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2560
perror_plus("fstat");
2562
if(S_ISREG(st.st_mode)
2563
and st.st_uid == 0 and st.st_gid == 0){
2564
ret = fchown(dhparams_fd, uid, gid);
2566
perror_plus("fchown");
2574
/* Lower privileges */
2575
ret = lower_privileges();
2578
perror_plus("Failed to lower privileges");
2583
/* Remove invalid interface names (except "none") */
2585
char *interface = NULL;
2586
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2588
if(strcmp(interface, "none") != 0
2589
and if_nametoindex(interface) == 0){
2590
if(interface[0] != '\0'){
2591
fprintf_plus(stderr, "Not using nonexisting interface"
2592
" \"%s\"\n", interface);
2594
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2600
/* Run network hooks */
2602
if(mc.interfaces != NULL){
2603
interfaces_hooks = malloc(mc.interfaces_size);
2604
if(interfaces_hooks == NULL){
2605
perror_plus("malloc");
2608
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2609
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2611
run_network_hooks("start", interfaces_hooks != NULL ?
2612
interfaces_hooks : "", delay);
2616
avahi_set_log_function(empty_log);
2619
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2620
from the signal handler */
2621
/* Initialize the pseudo-RNG for Avahi */
2622
srand((unsigned int) time(NULL));
2623
simple_poll = avahi_simple_poll_new();
2624
if(simple_poll == NULL){
2625
fprintf_plus(stderr,
2626
"Avahi: Failed to create simple poll object.\n");
2627
exitcode = EX_UNAVAILABLE;
2631
sigemptyset(&sigterm_action.sa_mask);
2632
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2634
perror_plus("sigaddset");
2635
exitcode = EX_OSERR;
2638
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2640
perror_plus("sigaddset");
2641
exitcode = EX_OSERR;
2644
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2646
perror_plus("sigaddset");
2647
exitcode = EX_OSERR;
2650
/* Need to check if the handler is SIG_IGN before handling:
2651
| [[info:libc:Initial Signal Actions]] |
2652
| [[info:libc:Basic Signal Handling]] |
2654
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2656
perror_plus("sigaction");
2659
if(old_sigterm_action.sa_handler != SIG_IGN){
2660
ret = sigaction(SIGINT, &sigterm_action, NULL);
2662
perror_plus("sigaction");
2663
exitcode = EX_OSERR;
2667
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2669
perror_plus("sigaction");
2672
if(old_sigterm_action.sa_handler != SIG_IGN){
2673
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2675
perror_plus("sigaction");
2676
exitcode = EX_OSERR;
2680
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2682
perror_plus("sigaction");
2685
if(old_sigterm_action.sa_handler != SIG_IGN){
2686
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2688
perror_plus("sigaction");
2689
exitcode = EX_OSERR;
2694
/* If no interfaces were specified, make a list */
2695
if(mc.interfaces == NULL){
2696
struct dirent **direntries = NULL;
2697
/* Look for any good interfaces */
2698
ret = scandir(sys_class_net, &direntries, good_interface,
2701
/* Add all found interfaces to interfaces list */
2702
for(int i = 0; i < ret; ++i){
2703
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2704
direntries[i]->d_name);
2707
perror_plus("argz_add");
2708
free(direntries[i]);
2712
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2713
direntries[i]->d_name);
2715
free(direntries[i]);
2722
fprintf_plus(stderr, "Could not find a network interface\n");
2723
exitcode = EXIT_FAILURE;
2728
/* Bring up interfaces which are down, and remove any "none"s */
2730
char *interface = NULL;
2731
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2733
/* If interface name is "none", stop bringing up interfaces.
2734
Also remove all instances of "none" from the list */
2735
if(strcmp(interface, "none") == 0){
2736
argz_delete(&mc.interfaces, &mc.interfaces_size,
2739
while((interface = argz_next(mc.interfaces,
2740
mc.interfaces_size, interface))){
2741
if(strcmp(interface, "none") == 0){
2742
argz_delete(&mc.interfaces, &mc.interfaces_size,
2749
bool interface_was_up = interface_is_up(interface);
2750
errno = bring_up_interface(interface, delay);
2751
if(not interface_was_up){
2753
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2754
" %s\n", interface, strerror(errno));
2756
errno = argz_add(&interfaces_to_take_down,
2757
&interfaces_to_take_down_size,
2760
perror_plus("argz_add");
2765
if(debug and (interfaces_to_take_down == NULL)){
2766
fprintf_plus(stderr, "No interfaces were brought up\n");
2770
/* If we only got one interface, explicitly use only that one */
2771
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2773
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2776
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2783
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2785
fprintf_plus(stderr, "init_gnutls_global failed\n");
2786
exitcode = EX_UNAVAILABLE;
2789
gnutls_initialized = true;
2796
/* Try /run/tmp before /tmp */
2797
tempdir = mkdtemp(run_tempdir);
2798
if(tempdir == NULL and errno == ENOENT){
2800
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2801
run_tempdir, old_tempdir);
2803
tempdir = mkdtemp(old_tempdir);
2805
if(tempdir == NULL){
2806
perror_plus("mkdtemp");
2814
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2815
fprintf_plus(stderr, "init_gpgme failed\n");
2816
exitcode = EX_UNAVAILABLE;
2819
gpgme_initialized = true;
2826
if(connect_to != NULL){
2827
/* Connect directly, do not use Zeroconf */
2828
/* (Mainly meant for debugging) */
2829
char *address = strrchr(connect_to, ':');
2831
if(address == NULL){
2832
fprintf_plus(stderr, "No colon in address\n");
2833
exitcode = EX_USAGE;
2843
tmpmax = strtoimax(address+1, &tmp, 10);
2844
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2845
or tmpmax != (in_port_t)tmpmax){
2846
fprintf_plus(stderr, "Bad port number\n");
2847
exitcode = EX_USAGE;
2855
port = (in_port_t)tmpmax;
2857
/* Colon in address indicates IPv6 */
2859
if(strchr(connect_to, ':') != NULL){
2861
/* Accept [] around IPv6 address - see RFC 5952 */
2862
if(connect_to[0] == '[' and address[-1] == ']')
2870
address = connect_to;
2876
while(not quit_now){
2877
ret = start_mandos_communication(address, port, if_index, af,
2879
if(quit_now or ret == 0){
2883
fprintf_plus(stderr, "Retrying in %d seconds\n",
2884
(int)retry_interval);
2886
sleep((unsigned int)retry_interval);
2890
exitcode = EXIT_SUCCESS;
637
2901
AvahiServerConfig config;
638
AvahiSServiceBrowser *sb = NULL;
641
int returncode = EXIT_SUCCESS;
642
const char *interface = "eth0";
645
static struct option long_options[] = {
646
{"debug", no_argument, (int *)&debug, 1},
647
{"interface", required_argument, 0, 'i'},
648
{"certdir", required_argument, 0, 'd'},
649
{"certkey", required_argument, 0, 'c'},
650
{"certfile", required_argument, 0, 'k'},
653
int option_index = 0;
654
ret = getopt_long (argc, argv, "i:", long_options,
681
certfile = combinestrings(certdir, certfile);
682
if (certfile == NULL){
686
certkey = combinestrings(certdir, certkey);
687
if (certkey == NULL){
692
avahi_set_log_function(empty_log);
695
/* Initialize the psuedo-RNG */
696
srand((unsigned int) time(NULL));
698
/* Allocate main loop object */
699
if (!(simple_poll = avahi_simple_poll_new())) {
700
fprintf(stderr, "Failed to create simple poll object.\n");
705
/* Do not publish any local records */
2902
/* Do not publish any local Zeroconf records */
706
2903
avahi_server_config_init(&config);
707
2904
config.publish_hinfo = 0;
708
2905
config.publish_addresses = 0;
709
2906
config.publish_workstation = 0;
710
2907
config.publish_domain = 0;
712
2909
/* Allocate a new server */
713
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
714
&config, NULL, NULL, &error);
716
/* Free the configuration data */
2910
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2911
&config, NULL, NULL, &ret);
2913
/* Free the Avahi configuration data */
717
2914
avahi_server_config_free(&config);
719
/* Check if creating the server object succeeded */
721
fprintf(stderr, "Failed to create server: %s\n",
722
avahi_strerror(error));
723
returncode = EXIT_FAILURE;
727
/* Create the service browser */
728
sb = avahi_s_service_browser_new(server,
730
if_nametoindex(interface),
732
"_mandos._tcp", NULL, 0,
733
browse_callback, server);
735
fprintf(stderr, "Failed to create service browser: %s\n",
736
avahi_strerror(avahi_server_errno(server)));
737
returncode = EXIT_FAILURE;
741
/* Run the main loop */
744
fprintf(stderr, "Starting avahi loop search\n");
747
avahi_simple_poll_loop(simple_poll);
752
fprintf(stderr, "%s exiting\n", argv[0]);
757
avahi_s_service_browser_free(sb);
760
avahi_server_free(server);
763
avahi_simple_poll_free(simple_poll);
2917
/* Check if creating the Avahi server object succeeded */
2918
if(mc.server == NULL){
2919
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2920
avahi_strerror(ret));
2921
exitcode = EX_UNAVAILABLE;
2929
/* Create the Avahi service browser */
2930
sb = avahi_s_service_browser_new(mc.server, if_index,
2931
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2932
NULL, 0, browse_callback,
2935
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2936
avahi_strerror(avahi_server_errno(mc.server)));
2937
exitcode = EX_UNAVAILABLE;
2945
/* Run the main loop */
2948
fprintf_plus(stderr, "Starting Avahi loop search\n");
2951
ret = avahi_loop_with_timeout(simple_poll,
2952
(int)(retry_interval * 1000), &mc);
2954
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2955
(ret == 0) ? "successfully" : "with error");
2961
if(signal_received){
2962
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2963
argv[0], signal_received,
2964
strsignal(signal_received));
2966
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2970
/* Cleanup things */
2971
free(mc.interfaces);
2974
avahi_s_service_browser_free(sb);
2976
if(mc.server != NULL)
2977
avahi_server_free(mc.server);
2979
if(simple_poll != NULL)
2980
avahi_simple_poll_free(simple_poll);
2982
if(gnutls_initialized){
2983
gnutls_certificate_free_credentials(mc.cred);
2984
gnutls_dh_params_deinit(mc.dh_params);
2987
if(gpgme_initialized){
2988
gpgme_release(mc.ctx);
2991
/* Cleans up the circular linked list of Mandos servers the client
2993
if(mc.current_server != NULL){
2994
mc.current_server->prev->next = NULL;
2995
while(mc.current_server != NULL){
2996
server *next = mc.current_server->next;
2998
#pragma GCC diagnostic push
2999
#pragma GCC diagnostic ignored "-Wcast-qual"
3001
free((char *)(mc.current_server->ip));
3003
#pragma GCC diagnostic pop
3005
free(mc.current_server);
3006
mc.current_server = next;
3010
/* Re-raise privileges */
3012
ret = raise_privileges();
3015
perror_plus("Failed to raise privileges");
3018
/* Run network hooks */
3019
run_network_hooks("stop", interfaces_hooks != NULL ?
3020
interfaces_hooks : "", delay);
3022
/* Take down the network interfaces which were brought up */
3024
char *interface = NULL;
3025
while((interface=argz_next(interfaces_to_take_down,
3026
interfaces_to_take_down_size,
3028
ret = take_down_interface(interface);
3031
perror_plus("Failed to take down interface");
3034
if(debug and (interfaces_to_take_down == NULL)){
3035
fprintf_plus(stderr, "No interfaces needed to be taken"
3041
ret = lower_privileges_permanently();
3044
perror_plus("Failed to lower privileges permanently");
3048
free(interfaces_to_take_down);
3049
free(interfaces_hooks);
3051
void clean_dir_at(int base, const char * const dirname,
3053
struct dirent **direntries = NULL;
3055
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3061
perror_plus("open");
3063
int numentries = scandirat(dir_fd, ".", &direntries,
3064
notdotentries, alphasort);
3065
if(numentries >= 0){
3066
for(int i = 0; i < numentries; i++){
3068
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3069
dirname, direntries[i]->d_name);
3071
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3073
if(errno == EISDIR){
3074
dret = unlinkat(dir_fd, direntries[i]->d_name,
3077
if((dret == -1) and (errno == ENOTEMPTY)
3078
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3079
== 0) and (level == 0)){
3080
/* Recurse only in this special case */
3081
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3085
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3086
direntries[i]->d_name, strerror(errno));
3089
free(direntries[i]);
3092
/* need to clean even if 0 because man page doesn't specify */
3094
if(numentries == -1){
3095
perror_plus("scandirat");
3097
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3098
if(dret == -1 and errno != ENOENT){
3099
perror_plus("rmdir");
3102
perror_plus("scandirat");
3107
/* Removes the GPGME temp directory and all files inside */
3108
if(tempdir != NULL){
3109
clean_dir_at(-1, tempdir, 0);
3113
sigemptyset(&old_sigterm_action.sa_mask);
3114
old_sigterm_action.sa_handler = SIG_DFL;
3115
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3116
&old_sigterm_action,
3119
perror_plus("sigaction");
3122
ret = raise(signal_received);
3123
} while(ret != 0 and errno == EINTR);
3125
perror_plus("raise");
3128
TEMP_FAILURE_RETRY(pause());