=== modified file 'Makefile' --- Makefile 2008-09-05 08:38:30 +0000 +++ Makefile 2008-09-05 16:24:33 +0000 @@ -21,9 +21,6 @@ KEYDIR=$(DESTDIR)/etc/keys/mandos # MANDIR=/usr/local/man MANDIR=$(DESTDIR)/usr/share/man -PIDDIR=/var/run/mandos -USER=nobody -GROUP=nogroup GNUTLS_CFLAGS=$(shell libgnutls-config --cflags) GNUTLS_LIBS=$(shell libgnutls-config --libs) @@ -138,8 +135,6 @@ install-server: doc install --directory $(CONFDIR) $(MANDIR)/man5 \ $(MANDIR)/man8 - install --mode=u=rwx,go=rx --owner=$(USER) --group=$(GROUP) \ - --directory $(PIDDIR) install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos install --mode=u=rw,go=r --target-directory=$(CONFDIR) \ mandos.conf @@ -205,7 +200,7 @@ $(MANDIR)/man5/mandos.conf.5.gz \ $(MANDIR)/man5/mandos-clients.conf.5.gz update-rc.d -f mandos remove - -rmdir $(CONFDIR) $(PIDDIR) + -rmdir $(CONFDIR) uninstall-client: # Refuse to uninstall client if /etc/crypttab is explicitly configured === modified file 'init.d-mandos' --- init.d-mandos 2008-09-05 08:38:30 +0000 +++ init.d-mandos 2008-09-05 16:24:33 +0000 @@ -19,11 +19,11 @@ # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="Gives encrypted passwords to Mandos clients" +DESC="Mandos root file system password server" NAME=mandos DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" -PIDFILE=/var/run/mandos/$NAME.pid +PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed === modified file 'mandos' --- mandos 2008-08-27 01:18:25 +0000 +++ mandos 2008-09-05 16:24:33 +0000 @@ -55,6 +55,7 @@ import stat import logging import logging.handlers +import pwd import dbus import gobject @@ -517,6 +518,7 @@ Attributes: settings: Server settings clients: Set() of Client objects + enabled: Boolean; whether this server is activated yet """ address_family = socket.AF_INET6 def __init__(self, *args, **kwargs): @@ -526,6 +528,7 @@ if "clients" in kwargs: self.clients = kwargs["clients"] del kwargs["clients"] + self.enabled = False return super(type(self), self).__init__(*args, **kwargs) def server_bind(self): """This overrides the normal server_bind() function @@ -562,6 +565,11 @@ # (self.settings # ["interface"])) return super(type(self), self).server_bind() + def server_activate(self): + if self.enabled: + return super(type(self), self).server_activate() + def enable(self): + self.enabled = True def string_to_delta(interval): @@ -758,6 +766,35 @@ client_config.read(os.path.join(server_settings["configdir"], "clients.conf")) + clients = Set() + tcp_server = IPv6_TCPServer((server_settings["address"], + server_settings["port"]), + tcp_handler, + settings=server_settings, + clients=clients) + uid = 65534 + gid = 65534 + try: + uid = pwd.getpwnam("mandos").pw_uid + except KeyError: + try: + uid = pwd.getpwnam("nobody").pw_uid + except KeyError: + pass + try: + gid = pwd.getpwnam("mandos").pw_gid + except KeyError: + try: + gid = pwd.getpwnam("nogroup").pw_gid + except KeyError: + pass + try: + os.setuid(uid) + os.setgid(gid) + except OSError, error: + if error[0] != errno.EPERM: + raise error + global service service = AvahiService(name = server_settings["servicename"], type = "_mandos._tcp", ); @@ -777,7 +814,6 @@ avahi.DBUS_INTERFACE_SERVER) # End of Avahi example code - clients = Set() def remove_from_clients(client): clients.remove(client) if not clients: @@ -805,7 +841,7 @@ # Close all input and output, do double fork, etc. daemon() - pidfilename = "/var/run/mandos/mandos.pid" + pidfilename = "/var/run/mandos.pid" pid = os.getpid() try: pidfile = open(pidfilename, "w") @@ -840,11 +876,9 @@ for client in clients: client.start() - tcp_server = IPv6_TCPServer((server_settings["address"], - server_settings["port"]), - tcp_handler, - settings=server_settings, - clients=clients) + tcp_server.enable() + tcp_server.server_activate() + # Find out what port we got service.port = tcp_server.socket.getsockname()[1] logger.info(u"Now listening on address %r, port %d, flowinfo %d," === modified file 'mandos-keygen' --- mandos-keygen 2008-09-04 21:42:02 +0000 +++ mandos-keygen 2008-09-05 16:24:33 +0000 @@ -22,7 +22,7 @@ VERSION="1.0" -KEYDIR="/etc/mandos" +KEYDIR="/etc/keys/mandos" KEYTYPE=DSA KEYLENGTH=2048 SUBKEYTYPE=ELG-E === modified file 'mandos.xml' --- mandos.xml 2008-09-04 13:36:59 +0000 +++ mandos.xml 2008-09-05 16:24:33 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -379,7 +379,7 @@ - /var/run/mandos/mandos.pid + /var/run/mandos.pid The file containing the process id of @@ -487,8 +487,8 @@ Running this &COMMANDNAME; server program should not in itself present any security risk to the host - computer running it. The program does not need any special - privileges to run, and is designed to run as a non-root user. + computer running it. The program switches to a non-root user + soon after startup. === modified file 'plugin-runner.xml' --- plugin-runner.xml 2008-09-04 14:04:09 +0000 +++ plugin-runner.xml 2008-09-05 16:24:33 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -564,15 +564,15 @@ - Run plugins from a different directory and add two - options to the password-request + Run plugins from a different directory, read a different + configuration file, and add two options to the + password-request 8mandos plugin: -&COMMANDNAME; --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt +&COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=password-request:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt