To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- bugs.xml
- debian/tests
- debian/upstream
- dracut-module
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2012 Teddy Hogeborn
13
* Copyright © 2008-2012 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
32
33
/* Needed by GPGME, specifically gpgme_data_seek() */
33
34
#ifndef _LARGEFILE_SOURCE
34
35
#define _LARGEFILE_SOURCE
35
#endif
36
#endif /* not _LARGEFILE_SOURCE */
36
37
#ifndef _FILE_OFFSET_BITS
37
38
#define _FILE_OFFSET_BITS 64
38
#endif
39
#endif /* not _FILE_OFFSET_BITS */
39
40
40
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
42
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
stdout, ferror() */
44
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
46
#include <stddef.h> /* NULL, size_t, ssize_t */
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
55
57
opendir(), DIR */
56
58
#include <sys/stat.h> /* open(), S_ISREG */
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect() */
59
#include <fcntl.h> /* open() */
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
61
64
*/
62
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
66
strtoimax() */
64
#include <assert.h> /* assert() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
73
79
*/
74
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
81
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit() */
77
#include <arpa/inet.h> /* inet_pton(), htons, inet_ntop() */
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
78
85
#include <iso646.h> /* not, or, and */
79
86
#include <argp.h> /* struct argp_option, error_t, struct
80
87
argp_state, struct argp,
92
99
argz_delete(), argz_append(),
93
100
argz_stringify(), argz_add(),
94
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
95
104
96
105
#ifdef __linux__
97
106
#include <sys/klog.h> /* klogctl() */
114
123
gnutls_*
115
124
init_gnutls_session(),
116
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
117
127
#include <gnutls/openpgp.h>
118
128
/* gnutls_certificate_set_openpgp_key_file(),
119
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
120
135
121
136
/* GPGME */
122
137
#include <gpgme.h> /* All GPGME types, constants and
130
145
#define PATHDIR "/conf/conf.d/mandos"
131
146
#define SECKEY "seckey.txt"
132
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
133
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
134
151
135
152
bool debug = false;
139
156
static const char sys_class_net[] = "/sys/class/net";
140
157
char *connect_to = NULL;
141
158
const char *hookdir = HOOKDIR;
159
int hookdir_fd = -1;
142
160
uid_t uid = 65534;
143
161
gid_t gid = 65534;
144
162
145
163
/* Doubly linked list that need to be circularly linked when used */
146
164
typedef struct server{
147
165
const char *ip;
148
uint16_t port;
166
in_port_t port;
149
167
AvahiIfIndex if_index;
150
168
int af;
151
169
struct timespec last_seen;
155
173
156
174
/* Used for passing in values through the Avahi callback functions */
157
175
typedef struct {
158
AvahiSimplePoll *simple_poll;
159
176
AvahiServer *server;
160
177
gnutls_certificate_credentials_t cred;
161
178
unsigned int dh_bits;
163
180
const char *priority;
164
181
gpgme_ctx_t ctx;
165
182
server *current_server;
183
char *interfaces;
184
size_t interfaces_size;
166
185
} mandos_context;
167
186
168
/* global context so signal handler can reach it*/
169
mandos_context mc = { .simple_poll = NULL, .server = NULL,
170
.dh_bits = 1024, .priority = "SECURE256"
171
":!CTYPE-X.509:+CTYPE-OPENPGP",
172
.current_server = NULL };
187
/* global so signal handler can reach it*/
188
AvahiSimplePoll *simple_poll;
173
189
174
190
sig_atomic_t quit_now = 0;
175
191
int signal_received = 0;
183
199
perror(print_text);
184
200
}
185
201
186
__attribute__((format (gnu_printf, 2, 3)))
202
__attribute__((format (gnu_printf, 2, 3), nonnull))
187
203
int fprintf_plus(FILE *stream, const char *format, ...){
188
204
va_list ap;
189
205
va_start (ap, format);
190
206
191
207
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
192
208
program_invocation_short_name));
193
return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
209
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
194
210
}
195
211
196
212
/*
198
214
* bytes. "buffer_capacity" is how much is currently allocated,
199
215
* "buffer_length" is how much is already used.
200
216
*/
217
__attribute__((nonnull, warn_unused_result))
201
218
size_t incbuffer(char **buffer, size_t buffer_length,
202
219
size_t buffer_capacity){
203
220
if(buffer_length + BUFFER_SIZE > buffer_capacity){
204
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
205
if(buffer == NULL){
221
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
222
if(new_buf == NULL){
223
int old_errno = errno;
224
free(*buffer);
225
errno = old_errno;
226
*buffer = NULL;
206
227
return 0;
207
228
}
229
*buffer = new_buf;
208
230
buffer_capacity += BUFFER_SIZE;
209
231
}
210
232
return buffer_capacity;
211
233
}
212
234
213
235
/* Add server to set of servers to retry periodically */
214
bool add_server(const char *ip, uint16_t port, AvahiIfIndex if_index,
215
int af){
236
__attribute__((nonnull, warn_unused_result))
237
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
238
int af, server **current_server){
216
239
int ret;
217
240
server *new_server = malloc(sizeof(server));
218
241
if(new_server == NULL){
225
248
.af = af };
226
249
if(new_server->ip == NULL){
227
250
perror_plus("strdup");
251
free(new_server);
252
return false;
253
}
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
255
if(ret == -1){
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
228
266
return false;
229
267
}
230
268
/* Special case of first server */
231
if (mc.current_server == NULL){
269
if(*current_server == NULL){
232
270
new_server->next = new_server;
233
271
new_server->prev = new_server;
234
mc.current_server = new_server;
235
/* Place the new server last in the list */
272
*current_server = new_server;
236
273
} else {
237
new_server->next = mc.current_server;
238
new_server->prev = mc.current_server->prev;
274
/* Place the new server last in the list */
275
new_server->next = *current_server;
276
new_server->prev = (*current_server)->prev;
239
277
new_server->prev->next = new_server;
240
mc.current_server->prev = new_server;
241
}
242
ret = clock_gettime(CLOCK_MONOTONIC, &mc.current_server->last_seen);
243
if(ret == -1){
244
perror_plus("clock_gettime");
245
return false;
278
(*current_server)->prev = new_server;
246
279
}
247
280
return true;
248
281
}
249
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
250
335
/*
251
336
* Initialize GPGME.
252
337
*/
253
static bool init_gpgme(const char *seckey, const char *pubkey,
254
const char *tempdir){
338
__attribute__((nonnull, warn_unused_result))
339
static bool init_gpgme(const char * const seckey,
340
const char * const pubkey,
341
const char * const tempdir,
342
mandos_context *mc){
255
343
gpgme_error_t rc;
256
344
gpgme_engine_info_t engine_info;
257
345
258
259
346
/*
260
347
* Helper function to insert pub and seckey to the engine keyring.
261
348
*/
262
bool import_key(const char *filename){
349
bool import_key(const char * const filename){
263
350
int ret;
264
351
int fd;
265
352
gpgme_data_t pgp_data;
270
357
return false;
271
358
}
272
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
273
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
274
411
if(rc != GPG_ERR_NO_ERROR){
275
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
277
414
return false;
278
415
}
279
416
280
rc = gpgme_op_import(mc.ctx, pgp_data);
417
rc = gpgme_op_import(mc->ctx, pgp_data);
281
418
if(rc != GPG_ERR_NO_ERROR){
282
419
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
283
420
gpgme_strsource(rc), gpgme_strerror(rc));
284
421
return false;
285
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
286
498
287
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
ret = close(fd);
288
500
if(ret == -1){
289
501
perror_plus("close");
290
502
}
327
539
}
328
540
329
541
/* Create new GPGME "context" */
330
rc = gpgme_new(&(mc.ctx));
542
rc = gpgme_new(&(mc->ctx));
331
543
if(rc != GPG_ERR_NO_ERROR){
332
fprintf_plus(stderr, "Mandos plugin mandos-client: "
333
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
334
gpgme_strerror(rc));
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
335
546
return false;
336
547
}
337
548
346
557
* Decrypt OpenPGP data.
347
558
* Returns -1 on error
348
559
*/
560
__attribute__((nonnull, warn_unused_result))
349
561
static ssize_t pgp_packet_decrypt(const char *cryptotext,
350
562
size_t crypto_size,
351
char **plaintext){
563
char **plaintext,
564
mandos_context *mc){
352
565
gpgme_data_t dh_crypto, dh_plain;
353
566
gpgme_error_t rc;
354
567
ssize_t ret;
371
584
/* Create new empty GPGME data buffer for the plaintext */
372
585
rc = gpgme_data_new(&dh_plain);
373
586
if(rc != GPG_ERR_NO_ERROR){
374
fprintf_plus(stderr, "Mandos plugin mandos-client: "
375
"bad gpgme_data_new: %s: %s\n",
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
376
588
gpgme_strsource(rc), gpgme_strerror(rc));
377
589
gpgme_data_release(dh_crypto);
378
590
return -1;
380
592
381
593
/* Decrypt data from the cryptotext data buffer to the plaintext
382
594
data buffer */
383
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
595
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
384
596
if(rc != GPG_ERR_NO_ERROR){
385
597
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
386
598
gpgme_strsource(rc), gpgme_strerror(rc));
387
599
plaintext_length = -1;
388
600
if(debug){
389
601
gpgme_decrypt_result_t result;
390
result = gpgme_op_decrypt_result(mc.ctx);
602
result = gpgme_op_decrypt_result(mc->ctx);
391
603
if(result == NULL){
392
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
393
605
} else {
394
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
395
result->unsupported_algorithm);
396
fprintf_plus(stderr, "Wrong key usage: %u\n",
397
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
398
612
if(result->file_name != NULL){
399
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
400
614
}
401
gpgme_recipient_t recipient;
402
recipient = result->recipients;
403
while(recipient != NULL){
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
404
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
405
gpgme_pubkey_algo_name
406
(recipient->pubkey_algo));
407
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
408
621
fprintf_plus(stderr, "Secret key available: %s\n",
409
recipient->status == GPG_ERR_NO_SECKEY
410
? "No" : "Yes");
411
recipient = recipient->next;
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
412
623
}
413
624
}
414
625
}
470
681
return plaintext_length;
471
682
}
472
683
473
static const char * safer_gnutls_strerror(int value){
474
const char *ret = gnutls_strerror(value); /* Spurious warning from
475
-Wunreachable-code */
476
if(ret == NULL)
477
ret = "(unknown)";
478
return ret;
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
691
__attribute__((warn_unused_result))
692
static const char *safer_gnutls_strerror(int value){
693
const char *ret = gnutls_strerror(value);
694
return safe_string(ret);
479
695
}
480
696
481
697
/* GnuTLS log function callback */
698
__attribute__((nonnull))
482
699
static void debuggnutls(__attribute__((unused)) int level,
483
700
const char* string){
484
701
fprintf_plus(stderr, "GnuTLS: %s", string);
485
702
}
486
703
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
487
705
static int init_gnutls_global(const char *pubkeyfilename,
488
const char *seckeyfilename){
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
708
mandos_context *mc){
489
709
int ret;
490
710
491
711
if(debug){
492
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
493
713
}
494
714
495
ret = gnutls_global_init();
496
if(ret != GNUTLS_E_SUCCESS){
497
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
498
safer_gnutls_strerror(ret));
499
return -1;
500
}
501
502
715
if(debug){
503
716
/* "Use a log level over 10 to enable all debugging options."
504
717
* - GnuTLS manual
508
721
}
509
722
510
723
/* OpenPGP credentials */
511
ret = gnutls_certificate_allocate_credentials(&mc.cred);
724
ret = gnutls_certificate_allocate_credentials(&mc->cred);
512
725
if(ret != GNUTLS_E_SUCCESS){
513
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
514
727
safer_gnutls_strerror(ret));
515
gnutls_global_deinit();
516
728
return -1;
517
729
}
518
730
519
731
if(debug){
520
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
521
" secret key %s as GnuTLS credentials\n",
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
522
734
pubkeyfilename,
523
735
seckeyfilename);
524
736
}
525
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
526
751
ret = gnutls_certificate_set_openpgp_key_file
527
(mc.cred, pubkeyfilename, seckeyfilename,
752
(mc->cred, pubkeyfilename, seckeyfilename,
528
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
529
757
if(ret != GNUTLS_E_SUCCESS){
530
758
fprintf_plus(stderr,
531
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
"Error[%d] while reading the key pair ('%s',"
532
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
533
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
534
762
safer_gnutls_strerror(ret));
536
764
}
537
765
538
766
/* GnuTLS server initialization */
539
ret = gnutls_dh_params_init(&mc.dh_params);
767
ret = gnutls_dh_params_init(&mc->dh_params);
540
768
if(ret != GNUTLS_E_SUCCESS){
541
769
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
542
770
" initialization: %s\n",
543
771
safer_gnutls_strerror(ret));
544
772
goto globalfail;
545
773
}
546
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
547
if(ret != GNUTLS_E_SUCCESS){
548
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
549
safer_gnutls_strerror(ret));
550
goto globalfail;
551
}
552
553
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
554
956
555
957
return 0;
556
958
557
959
globalfail:
558
960
559
gnutls_certificate_free_credentials(mc.cred);
560
gnutls_global_deinit();
561
gnutls_dh_params_deinit(mc.dh_params);
961
gnutls_certificate_free_credentials(mc->cred);
962
gnutls_dh_params_deinit(mc->dh_params);
562
963
return -1;
563
964
}
564
965
565
static int init_gnutls_session(gnutls_session_t *session){
966
__attribute__((nonnull, warn_unused_result))
967
static int init_gnutls_session(gnutls_session_t *session,
968
mandos_context *mc){
566
969
int ret;
567
970
/* GnuTLS session creation */
568
971
do {
569
ret = gnutls_init(session, GNUTLS_SERVER);
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
570
980
if(quit_now){
571
981
return -1;
572
982
}
580
990
{
581
991
const char *err;
582
992
do {
583
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
993
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
584
994
if(quit_now){
585
995
gnutls_deinit(*session);
586
996
return -1;
597
1007
598
1008
do {
599
1009
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
600
mc.cred);
1010
mc->cred);
601
1011
if(quit_now){
602
1012
gnutls_deinit(*session);
603
1013
return -1;
613
1023
/* ignore client certificate if any. */
614
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
615
1025
616
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
617
618
1026
return 0;
619
1027
}
620
1028
622
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
623
1031
__attribute__((unused)) const char *txt){}
624
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
625
1206
/* Called when a Mandos server is found */
626
static int start_mandos_communication(const char *ip, uint16_t port,
1207
__attribute__((nonnull, warn_unused_result))
1208
static int start_mandos_communication(const char *ip, in_port_t port,
627
1209
AvahiIfIndex if_index,
628
int af){
1210
int af, mandos_context *mc){
629
1211
int ret, tcp_sd = -1;
630
1212
ssize_t sret;
631
union {
632
struct sockaddr_in in;
633
struct sockaddr_in6 in6;
634
} to;
1213
struct sockaddr_storage to;
635
1214
char *buffer = NULL;
636
1215
char *decrypted_buffer = NULL;
637
1216
size_t buffer_length = 0;
640
1219
int retval = -1;
641
1220
gnutls_session_t session;
642
1221
int pf; /* Protocol family */
1222
bool route_added = false;
643
1223
644
1224
errno = 0;
645
1225
661
1241
return -1;
662
1242
}
663
1243
664
ret = init_gnutls_session(&session);
1244
/* If the interface is specified and we have a list of interfaces */
1245
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1246
/* Check if the interface is one of the interfaces we are using */
1247
bool match = false;
1248
{
1249
char *interface = NULL;
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
1254
match = true;
1255
break;
1256
}
1257
}
1258
}
1259
if(not match){
1260
/* This interface does not match any in the list, so we don't
1261
connect to the server */
1262
if(debug){
1263
char interface[IF_NAMESIZE];
1264
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1265
perror_plus("if_indextoname");
1266
} else {
1267
fprintf_plus(stderr, "Skipping server on non-used interface"
1268
" \"%s\"\n",
1269
if_indextoname((unsigned int)if_index,
1270
interface));
1271
}
1272
}
1273
return -1;
1274
}
1275
}
1276
1277
ret = init_gnutls_session(&session, mc);
665
1278
if(ret != 0){
666
1279
return -1;
667
1280
}
668
1281
669
1282
if(debug){
670
1283
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
671
PRIu16 "\n", ip, port);
1284
PRIuMAX "\n", ip, (uintmax_t)port);
672
1285
}
673
1286
674
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
675
1288
if(tcp_sd < 0){
676
1289
int e = errno;
677
1290
perror_plus("socket");
684
1297
goto mandos_end;
685
1298
}
686
1299
687
memset(&to, 0, sizeof(to));
688
1300
if(af == AF_INET6){
689
to.in6.sin6_family = (sa_family_t)af;
690
ret = inet_pton(af, ip, &to.in6.sin6_addr);
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
691
1304
} else { /* IPv4 */
692
to.in.sin_family = (sa_family_t)af;
693
ret = inet_pton(af, ip, &to.in.sin_addr);
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
694
1308
}
695
1309
if(ret < 0 ){
696
1310
int e = errno;
705
1319
goto mandos_end;
706
1320
}
707
1321
if(af == AF_INET6){
708
to.in6.sin6_port = htons(port); /* Spurious warnings from
709
-Wconversion and
710
-Wunreachable-code */
711
712
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
713
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
714
-Wunreachable-code*/
1322
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1323
if(IN6_IS_ADDR_LINKLOCAL
1324
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
715
1325
if(if_index == AVAHI_IF_UNSPEC){
716
1326
fprintf_plus(stderr, "An IPv6 link-local address is"
717
1327
" incomplete without a network interface\n");
719
1329
goto mandos_end;
720
1330
}
721
1331
/* Set the network interface number as scope */
722
to.in6.sin6_scope_id = (uint32_t)if_index;
1332
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
723
1333
}
724
1334
} else {
725
to.in.sin_port = htons(port); /* Spurious warnings from
726
-Wconversion and
727
-Wunreachable-code */
1335
((struct sockaddr_in *)&to)->sin_port = htons(port);
728
1336
}
729
1337
730
1338
if(quit_now){
738
1346
if(if_indextoname((unsigned int)if_index, interface) == NULL){
739
1347
perror_plus("if_indextoname");
740
1348
} else {
741
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIu16
742
"\n", ip, interface, port);
1349
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1350
"\n", ip, interface, (uintmax_t)port);
743
1351
}
744
1352
} else {
745
fprintf_plus(stderr, "Connection to: %s, port %" PRIu16 "\n",
746
ip, port);
1353
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1354
ip, (uintmax_t)port);
747
1355
}
748
1356
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
749
1357
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
750
const char *pcret;
751
if(af == AF_INET6){
752
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
753
sizeof(addrstr));
754
} else {
755
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
756
sizeof(addrstr));
757
}
758
if(pcret == NULL){
759
perror_plus("inet_ntop");
760
} else {
761
if(strcmp(addrstr, ip) != 0){
762
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
763
}
764
}
765
}
766
767
if(quit_now){
768
errno = EINTR;
769
goto mandos_end;
770
}
771
772
if(af == AF_INET6){
773
ret = connect(tcp_sd, &to.in6, sizeof(to));
774
} else {
775
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
776
}
777
if(ret < 0){
778
if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
779
int e = errno;
780
perror_plus("connect");
781
errno = e;
782
}
783
goto mandos_end;
784
}
785
786
if(quit_now){
787
errno = EINTR;
788
goto mandos_end;
1358
if(af == AF_INET6){
1359
ret = getnameinfo((struct sockaddr *)&to,
1360
sizeof(struct sockaddr_in6),
1361
addrstr, sizeof(addrstr), NULL, 0,
1362
NI_NUMERICHOST);
1363
} else {
1364
ret = getnameinfo((struct sockaddr *)&to,
1365
sizeof(struct sockaddr_in),
1366
addrstr, sizeof(addrstr), NULL, 0,
1367
NI_NUMERICHOST);
1368
}
1369
if(ret == EAI_SYSTEM){
1370
perror_plus("getnameinfo");
1371
} else if(ret != 0) {
1372
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1373
} else if(strcmp(addrstr, ip) != 0){
1374
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1375
}
1376
}
1377
1378
if(quit_now){
1379
errno = EINTR;
1380
goto mandos_end;
1381
}
1382
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
789
1438
}
790
1439
791
1440
const char *out = mandos_protocol_version;
942
1591
if(buffer_length > 0){
943
1592
ssize_t decrypted_buffer_size;
944
1593
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
945
&decrypted_buffer);
1594
&decrypted_buffer, mc);
946
1595
if(decrypted_buffer_size >= 0){
947
1596
1597
clearerr(stdout);
948
1598
written = 0;
949
1599
while(written < (size_t) decrypted_buffer_size){
950
1600
if(quit_now){
966
1616
}
967
1617
written += (size_t)ret;
968
1618
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
969
1629
retval = 0;
970
1630
}
971
1631
}
974
1634
975
1635
mandos_end:
976
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
977
1643
int e = errno;
978
1644
free(decrypted_buffer);
979
1645
free(buffer);
980
1646
if(tcp_sd >= 0){
981
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
ret = close(tcp_sd);
982
1648
}
983
1649
if(ret == -1){
984
1650
if(e == 0){
1009
1675
AVAHI_GCC_UNUSED AvahiStringList *txt,
1010
1676
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1011
1677
flags,
1012
AVAHI_GCC_UNUSED void* userdata){
1013
assert(r);
1678
void *mc){
1679
if(r == NULL){
1680
return;
1681
}
1014
1682
1015
1683
/* Called whenever a service has been resolved successfully or
1016
1684
timed out */
1017
1685
1018
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1019
1688
return;
1020
1689
}
1021
1690
1025
1694
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1026
1695
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1027
1696
domain,
1028
avahi_strerror(avahi_server_errno(mc.server)));
1697
avahi_strerror(avahi_server_errno
1698
(((mandos_context*)mc)->server)));
1029
1699
break;
1030
1700
1031
1701
case AVAHI_RESOLVER_FOUND:
1037
1707
PRIdMAX ") on port %" PRIu16 "\n", name,
1038
1708
host_name, ip, (intmax_t)interface, port);
1039
1709
}
1040
int ret = start_mandos_communication(ip, port, interface,
1041
avahi_proto_to_af(proto));
1710
int ret = start_mandos_communication(ip, (in_port_t)port,
1711
interface,
1712
avahi_proto_to_af(proto),
1713
mc);
1042
1714
if(ret == 0){
1043
avahi_simple_poll_quit(mc.simple_poll);
1715
avahi_simple_poll_quit(simple_poll);
1044
1716
} else {
1045
if(not add_server(ip, port, interface,
1046
avahi_proto_to_af(proto))){
1717
if(not add_server(ip, (in_port_t)port, interface,
1718
avahi_proto_to_af(proto),
1719
&((mandos_context*)mc)->current_server)){
1047
1720
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1048
1721
" list\n", name);
1049
1722
}
1062
1735
const char *domain,
1063
1736
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1064
1737
flags,
1065
AVAHI_GCC_UNUSED void* userdata){
1066
assert(b);
1738
void *mc){
1739
if(b == NULL){
1740
return;
1741
}
1067
1742
1068
1743
/* Called whenever a new services becomes available on the LAN or
1069
1744
is removed from the LAN */
1077
1752
case AVAHI_BROWSER_FAILURE:
1078
1753
1079
1754
fprintf_plus(stderr, "(Avahi browser) %s\n",
1080
avahi_strerror(avahi_server_errno(mc.server)));
1081
avahi_simple_poll_quit(mc.simple_poll);
1755
avahi_strerror(avahi_server_errno
1756
(((mandos_context*)mc)->server)));
1757
avahi_simple_poll_quit(simple_poll);
1082
1758
return;
1083
1759
1084
1760
case AVAHI_BROWSER_NEW:
1087
1763
the callback function is called the Avahi server will free the
1088
1764
resolver for us. */
1089
1765
1090
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
1091
name, type, domain, protocol, 0,
1092
resolve_callback, NULL) == NULL)
1766
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1767
interface, protocol, name, type,
1768
domain, protocol, 0,
1769
resolve_callback, mc) == NULL)
1093
1770
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1094
1771
" %s\n", name,
1095
avahi_strerror(avahi_server_errno(mc.server)));
1772
avahi_strerror(avahi_server_errno
1773
(((mandos_context*)mc)->server)));
1096
1774
break;
1097
1775
1098
1776
case AVAHI_BROWSER_REMOVE:
1117
1795
signal_received = sig;
1118
1796
int old_errno = errno;
1119
1797
/* set main loop to exit */
1120
if(mc.simple_poll != NULL){
1121
avahi_simple_poll_quit(mc.simple_poll);
1798
if(simple_poll != NULL){
1799
avahi_simple_poll_quit(simple_poll);
1122
1800
}
1123
1801
errno = old_errno;
1124
1802
}
1125
1803
1804
__attribute__((nonnull, warn_unused_result))
1126
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1127
1806
int ret;
1128
error_t ret_errno;
1807
int old_errno;
1129
1808
1130
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1131
1810
if(s < 0){
1132
ret_errno = errno;
1811
old_errno = errno;
1133
1812
perror_plus("socket");
1134
errno = ret_errno;
1813
errno = old_errno;
1135
1814
return false;
1136
1815
}
1137
strcpy(ifr->ifr_name, ifname);
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1138
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1139
1819
if(ret == -1){
1140
1820
if(debug){
1141
ret_errno = errno;
1821
old_errno = errno;
1142
1822
perror_plus("ioctl SIOCGIFFLAGS");
1143
errno = ret_errno;
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1144
1829
}
1145
1830
return false;
1146
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1147
1837
return true;
1148
1838
}
1149
1839
1840
__attribute__((nonnull, warn_unused_result))
1150
1841
bool good_flags(const char *ifname, const struct ifreq *ifr){
1151
1842
1152
1843
/* Reject the loopback device */
1194
1885
* corresponds to an acceptable network device.
1195
1886
* (This function is passed to scandir(3) as a filter function.)
1196
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1197
1889
int good_interface(const struct dirent *if_entry){
1198
1890
if(if_entry->d_name[0] == '.'){
1199
1891
return 0;
1217
1909
/*
1218
1910
* This function determines if a network interface is up.
1219
1911
*/
1912
__attribute__((nonnull, warn_unused_result))
1220
1913
bool interface_is_up(const char *interface){
1221
1914
struct ifreq ifr;
1222
1915
if(not get_flags(interface, &ifr)){
1233
1926
/*
1234
1927
* This function determines if a network interface is running
1235
1928
*/
1929
__attribute__((nonnull, warn_unused_result))
1236
1930
bool interface_is_running(const char *interface){
1237
1931
struct ifreq ifr;
1238
1932
if(not get_flags(interface, &ifr)){
1246
1940
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1247
1941
}
1248
1942
1943
__attribute__((nonnull, pure, warn_unused_result))
1249
1944
int notdotentries(const struct dirent *direntry){
1250
1945
/* Skip "." and ".." */
1251
1946
if(direntry->d_name[0] == '.'
1258
1953
}
1259
1954
1260
1955
/* Is this directory entry a runnable program? */
1956
__attribute__((nonnull, warn_unused_result))
1261
1957
int runnable_hook(const struct dirent *direntry){
1262
1958
int ret;
1263
1959
size_t sret;
1271
1967
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1272
1968
"abcdefghijklmnopqrstuvwxyz"
1273
1969
"0123456789"
1274
"_-");
1970
"_.-");
1275
1971
if((direntry->d_name)[sret] != '\0'){
1276
1972
/* Contains non-allowed characters */
1277
1973
if(debug){
1281
1977
return 0;
1282
1978
}
1283
1979
1284
char *fullname = NULL;
1285
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1286
if(ret < 0){
1287
perror_plus("asprintf");
1288
return 0;
1289
}
1290
1291
ret = stat(fullname, &st);
1980
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1292
1981
if(ret == -1){
1293
1982
if(debug){
1294
1983
perror_plus("Could not stat hook");
1318
2007
return 1;
1319
2008
}
1320
2009
1321
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval){
2010
__attribute__((nonnull, warn_unused_result))
2011
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
2012
mandos_context *mc){
1322
2013
int ret;
1323
2014
struct timespec now;
1324
2015
struct timespec waited_time;
1325
2016
intmax_t block_time;
1326
2017
1327
2018
while(true){
1328
if(mc.current_server == NULL){
1329
if (debug){
2019
if(mc->current_server == NULL){
2020
if(debug){
1330
2021
fprintf_plus(stderr, "Wait until first server is found."
1331
2022
" No timeout!\n");
1332
2023
}
1333
2024
ret = avahi_simple_poll_iterate(s, -1);
1334
2025
} else {
1335
if (debug){
2026
if(debug){
1336
2027
fprintf_plus(stderr, "Check current_server if we should run"
1337
2028
" it, or wait\n");
1338
2029
}
1345
2036
/* Calculating in ms how long time between now and server
1346
2037
who we visted longest time ago. Now - last seen. */
1347
2038
waited_time.tv_sec = (now.tv_sec
1348
- mc.current_server->last_seen.tv_sec);
2039
- mc->current_server->last_seen.tv_sec);
1349
2040
waited_time.tv_nsec = (now.tv_nsec
1350
- mc.current_server->last_seen.tv_nsec);
2041
- mc->current_server->last_seen.tv_nsec);
1351
2042
/* total time is 10s/10,000ms.
1352
2043
Converting to s from ms by dividing by 1,000,
1353
2044
and ns to ms by dividing by 1,000,000. */
1355
2046
- ((intmax_t)waited_time.tv_sec * 1000))
1356
2047
- ((intmax_t)waited_time.tv_nsec / 1000000));
1357
2048
1358
if (debug){
2049
if(debug){
1359
2050
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1360
2051
block_time);
1361
2052
}
1362
2053
1363
2054
if(block_time <= 0){
1364
ret = start_mandos_communication(mc.current_server->ip,
1365
mc.current_server->port,
1366
mc.current_server->if_index,
1367
mc.current_server->af);
2055
ret = start_mandos_communication(mc->current_server->ip,
2056
mc->current_server->port,
2057
mc->current_server->if_index,
2058
mc->current_server->af, mc);
1368
2059
if(ret == 0){
1369
avahi_simple_poll_quit(mc.simple_poll);
2060
avahi_simple_poll_quit(s);
1370
2061
return 0;
1371
2062
}
1372
2063
ret = clock_gettime(CLOCK_MONOTONIC,
1373
&mc.current_server->last_seen);
2064
&mc->current_server->last_seen);
1374
2065
if(ret == -1){
1375
2066
perror_plus("clock_gettime");
1376
2067
return -1;
1377
2068
}
1378
mc.current_server = mc.current_server->next;
2069
mc->current_server = mc->current_server->next;
1379
2070
block_time = 0; /* Call avahi to find new Mandos
1380
2071
servers, but don't block */
1381
2072
}
1383
2074
ret = avahi_simple_poll_iterate(s, (int)block_time);
1384
2075
}
1385
2076
if(ret != 0){
1386
if (ret > 0 or errno != EINTR){
2077
if(ret > 0 or errno != EINTR){
1387
2078
return (ret != 1) ? ret : 0;
1388
2079
}
1389
2080
}
1390
2081
}
1391
2082
}
1392
2083
1393
/* Set effective uid to 0, return errno */
1394
error_t raise_privileges(void){
1395
error_t old_errno = errno;
1396
error_t ret_errno = 0;
1397
if(seteuid(0) == -1){
1398
ret_errno = errno;
1399
perror_plus("seteuid");
1400
}
1401
errno = old_errno;
1402
return ret_errno;
1403
}
1404
1405
/* Set effective and real user ID to 0. Return errno. */
1406
error_t raise_privileges_permanently(void){
1407
error_t old_errno = errno;
1408
error_t ret_errno = raise_privileges();
1409
if(ret_errno != 0){
1410
errno = old_errno;
1411
return ret_errno;
1412
}
1413
if(setuid(0) == -1){
1414
ret_errno = errno;
1415
perror_plus("seteuid");
1416
}
1417
errno = old_errno;
1418
return ret_errno;
1419
}
1420
1421
/* Set effective user ID to unprivileged saved user ID */
1422
error_t lower_privileges(void){
1423
error_t old_errno = errno;
1424
error_t ret_errno = 0;
1425
if(seteuid(uid) == -1){
1426
ret_errno = errno;
1427
perror_plus("seteuid");
1428
}
1429
errno = old_errno;
1430
return ret_errno;
1431
}
1432
1433
/* Lower privileges permanently */
1434
error_t lower_privileges_permanently(void){
1435
error_t old_errno = errno;
1436
error_t ret_errno = 0;
1437
if(setuid(uid) == -1){
1438
ret_errno = errno;
1439
perror_plus("setuid");
1440
}
1441
errno = old_errno;
1442
return ret_errno;
1443
}
1444
1445
bool run_network_hooks(const char *mode, const char *interface,
2084
__attribute__((nonnull))
2085
void run_network_hooks(const char *mode, const char *interface,
1446
2086
const float delay){
1447
struct dirent **direntries;
1448
struct dirent *direntry;
1449
int ret;
1450
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1451
alphasort);
2087
struct dirent **direntries = NULL;
2088
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
2091
if(hookdir_fd == -1){
2092
if(errno == ENOENT){
2093
if(debug){
2094
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2095
" found\n", hookdir);
2096
}
2097
} else {
2098
perror_plus("open");
2099
}
2100
return;
2101
}
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
runnable_hook, alphasort);
1452
2110
if(numhooks == -1){
1453
2111
perror_plus("scandir");
1454
} else {
1455
int devnull = open("/dev/null", O_RDONLY);
1456
for(int i = 0; i < numhooks; i++){
1457
direntry = direntries[i];
1458
char *fullname = NULL;
1459
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1460
if(ret < 0){
2112
close(devnull);
2113
return;
2114
}
2115
struct dirent *direntry;
2116
int ret;
2117
for(int i = 0; i < numhooks; i++){
2118
direntry = direntries[i];
2119
if(debug){
2120
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2121
direntry->d_name);
2122
}
2123
pid_t hook_pid = fork();
2124
if(hook_pid == 0){
2125
/* Child */
2126
/* Raise privileges */
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
2129
perror_plus("Failed to raise privileges");
2130
_exit(EX_NOPERM);
2131
}
2132
/* Set group */
2133
errno = 0;
2134
ret = setgid(0);
2135
if(ret == -1){
2136
perror_plus("setgid");
2137
_exit(EX_NOPERM);
2138
}
2139
/* Reset supplementary groups */
2140
errno = 0;
2141
ret = setgroups(0, NULL);
2142
if(ret == -1){
2143
perror_plus("setgroups");
2144
_exit(EX_NOPERM);
2145
}
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
if(ret == -1){
2148
perror_plus("setenv");
2149
_exit(EX_OSERR);
2150
}
2151
ret = setenv("DEVICE", interface, 1);
2152
if(ret == -1){
2153
perror_plus("setenv");
2154
_exit(EX_OSERR);
2155
}
2156
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2157
if(ret == -1){
2158
perror_plus("setenv");
2159
_exit(EX_OSERR);
2160
}
2161
ret = setenv("MODE", mode, 1);
2162
if(ret == -1){
2163
perror_plus("setenv");
2164
_exit(EX_OSERR);
2165
}
2166
char *delaystring;
2167
ret = asprintf(&delaystring, "%f", (double)delay);
2168
if(ret == -1){
1461
2169
perror_plus("asprintf");
1462
continue;
1463
}
1464
if(debug){
1465
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1466
direntry->d_name);
1467
}
1468
pid_t hook_pid = fork();
1469
if(hook_pid == 0){
1470
/* Child */
1471
/* Raise privileges */
1472
raise_privileges_permanently();
1473
/* Set group */
1474
errno = 0;
1475
ret = setgid(0);
1476
if(ret == -1){
1477
perror_plus("setgid");
1478
}
1479
/* Reset supplementary groups */
1480
errno = 0;
1481
ret = setgroups(0, NULL);
1482
if(ret == -1){
1483
perror_plus("setgroups");
1484
}
1485
dup2(devnull, STDIN_FILENO);
1486
close(devnull);
1487
dup2(STDERR_FILENO, STDOUT_FILENO);
1488
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1489
if(ret == -1){
1490
perror_plus("setenv");
1491
_exit(EX_OSERR);
1492
}
1493
ret = setenv("DEVICE", interface, 1);
1494
if(ret == -1){
1495
perror_plus("setenv");
1496
_exit(EX_OSERR);
1497
}
1498
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1499
if(ret == -1){
1500
perror_plus("setenv");
1501
_exit(EX_OSERR);
1502
}
1503
ret = setenv("MODE", mode, 1);
1504
if(ret == -1){
1505
perror_plus("setenv");
1506
_exit(EX_OSERR);
1507
}
1508
char *delaystring;
1509
ret = asprintf(&delaystring, "%f", delay);
1510
if(ret == -1){
1511
perror_plus("asprintf");
1512
_exit(EX_OSERR);
1513
}
1514
ret = setenv("DELAY", delaystring, 1);
1515
if(ret == -1){
1516
free(delaystring);
1517
perror_plus("setenv");
1518
_exit(EX_OSERR);
1519
}
2170
_exit(EX_OSERR);
2171
}
2172
ret = setenv("DELAY", delaystring, 1);
2173
if(ret == -1){
1520
2174
free(delaystring);
1521
if(connect_to != NULL){
1522
ret = setenv("CONNECT", connect_to, 1);
1523
if(ret == -1){
1524
perror_plus("setenv");
1525
_exit(EX_OSERR);
1526
}
1527
}
1528
if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1529
perror_plus("execl");
1530
_exit(EXIT_FAILURE);
1531
}
2175
perror_plus("setenv");
2176
_exit(EX_OSERR);
2177
}
2178
free(delaystring);
2179
if(connect_to != NULL){
2180
ret = setenv("CONNECT", connect_to, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
2189
if(hook_fd == -1){
2190
perror_plus("openat");
2191
_exit(EXIT_FAILURE);
2192
}
2193
if(close(hookdir_fd) == -1){
2194
perror_plus("close");
2195
_exit(EXIT_FAILURE);
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
environ) == -1){
2214
perror_plus("fexecve");
2215
_exit(EXIT_FAILURE);
2216
}
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
int status;
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
perror_plus("waitpid");
2226
free(direntry);
2227
continue;
2228
}
2229
if(WIFEXITED(status)){
2230
if(WEXITSTATUS(status) != 0){
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2232
" with status %d\n", direntry->d_name,
2233
WEXITSTATUS(status));
2234
free(direntry);
2235
continue;
2236
}
2237
} else if(WIFSIGNALED(status)){
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2239
" signal %d\n", direntry->d_name,
2240
WTERMSIG(status));
2241
free(direntry);
2242
continue;
1532
2243
} else {
1533
int status;
1534
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1535
perror_plus("waitpid");
1536
free(fullname);
1537
continue;
1538
}
1539
if(WIFEXITED(status)){
1540
if(WEXITSTATUS(status) != 0){
1541
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1542
" with status %d\n", direntry->d_name,
1543
WEXITSTATUS(status));
1544
free(fullname);
1545
continue;
1546
}
1547
} else if(WIFSIGNALED(status)){
1548
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1549
" signal %d\n", direntry->d_name,
1550
WTERMSIG(status));
1551
free(fullname);
1552
continue;
1553
} else {
1554
fprintf_plus(stderr, "Warning: network hook \"%s\""
1555
" crashed\n", direntry->d_name);
1556
free(fullname);
1557
continue;
1558
}
1559
}
1560
free(fullname);
1561
if(debug){
1562
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1563
direntry->d_name);
1564
}
1565
}
1566
close(devnull);
1567
}
1568
return true;
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
2247
continue;
2248
}
2249
}
2250
if(debug){
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2252
direntry->d_name);
2253
}
2254
free(direntry);
2255
}
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
2258
perror_plus("close");
2259
} else {
2260
hookdir_fd = -1;
2261
}
2262
close(devnull);
1569
2263
}
1570
2264
1571
error_t bring_up_interface(const char *const interface,
1572
const float delay){
1573
int sd = -1;
1574
error_t old_errno = errno;
1575
error_t ret_errno = 0;
1576
int ret, ret_setflags;
2265
__attribute__((nonnull, warn_unused_result))
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
2269
int ret;
1577
2270
struct ifreq network;
1578
2271
unsigned int if_index = if_nametoindex(interface);
1579
2272
if(if_index == 0){
1588
2281
}
1589
2282
1590
2283
if(not interface_is_up(interface)){
1591
if(not get_flags(interface, &network) and debug){
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
2286
if(not get_flags(interface, &network)){
1592
2287
ret_errno = errno;
1593
2288
fprintf_plus(stderr, "Failed to get flags for interface "
1594
2289
"\"%s\"\n", interface);
2290
errno = old_errno;
1595
2291
return ret_errno;
1596
2292
}
1597
network.ifr_flags |= IFF_UP;
2293
network.ifr_flags |= IFF_UP; /* set flag */
1598
2294
1599
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1600
if(sd < 0){
2295
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2296
if(sd == -1){
1601
2297
ret_errno = errno;
1602
2298
perror_plus("socket");
1603
2299
errno = old_errno;
1604
2300
return ret_errno;
1605
2301
}
1606
2302
1607
2303
if(quit_now){
1608
close(sd);
2304
ret = close(sd);
2305
if(ret == -1){
2306
perror_plus("close");
2307
}
1609
2308
errno = old_errno;
1610
2309
return EINTR;
1611
2310
}
1615
2314
interface);
1616
2315
}
1617
2316
1618
/* Raise priviliges */
1619
raise_privileges();
2317
/* Raise privileges */
2318
ret_errno = raise_privileges();
2319
if(ret_errno != 0){
2320
errno = ret_errno;
2321
perror_plus("Failed to raise privileges");
2322
}
1620
2323
1621
2324
#ifdef __linux__
1622
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1623
messages about the network interface to mess up the prompt */
1624
int ret_linux = klogctl(8, NULL, 5);
1625
bool restore_loglevel = true;
1626
if(ret_linux == -1){
1627
restore_loglevel = false;
1628
perror_plus("klogctl");
2325
int ret_linux;
2326
bool restore_loglevel = false;
2327
if(ret_errno == 0){
2328
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2329
messages about the network interface to mess up the prompt */
2330
ret_linux = klogctl(8, NULL, 5);
2331
if(ret_linux == -1){
2332
perror_plus("klogctl");
2333
} else {
2334
restore_loglevel = true;
2335
}
1629
2336
}
1630
2337
#endif /* __linux__ */
1631
ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1632
ret_errno = errno;
2338
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2339
ioctl_errno = errno;
1633
2340
#ifdef __linux__
1634
2341
if(restore_loglevel){
1635
2342
ret_linux = klogctl(7, NULL, 0);
1639
2346
}
1640
2347
#endif /* __linux__ */
1641
2348
1642
/* Lower privileges */
1643
lower_privileges();
2349
/* If raise_privileges() succeeded above */
2350
if(ret_errno == 0){
2351
/* Lower privileges */
2352
ret_errno = lower_privileges();
2353
if(ret_errno != 0){
2354
errno = ret_errno;
2355
perror_plus("Failed to lower privileges");
2356
}
2357
}
1644
2358
1645
2359
/* Close the socket */
1646
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
ret = close(sd);
1647
2361
if(ret == -1){
1648
2362
perror_plus("close");
1649
2363
}
1650
2364
1651
2365
if(ret_setflags == -1){
1652
errno = ret_errno;
2366
errno = ioctl_errno;
1653
2367
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
1654
2368
errno = old_errno;
1655
return ret_errno;
2369
return ioctl_errno;
1656
2370
}
1657
2371
} else if(debug){
1658
2372
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
1661
2375
1662
2376
/* Sleep checking until interface is running.
1663
2377
Check every 0.25s, up to total time of delay */
1664
for(int i=0; i < delay * 4; i++){
2378
for(int i = 0; i < delay * 4; i++){
1665
2379
if(interface_is_running(interface)){
1666
2380
break;
1667
2381
}
1676
2390
return 0;
1677
2391
}
1678
2392
1679
error_t take_down_interface(const char *const interface){
1680
int sd = -1;
1681
error_t old_errno = errno;
1682
error_t ret_errno = 0;
1683
int ret, ret_setflags;
2393
__attribute__((nonnull, warn_unused_result))
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
1684
2396
struct ifreq network;
1685
2397
unsigned int if_index = if_nametoindex(interface);
1686
2398
if(if_index == 0){
1689
2401
return ENXIO;
1690
2402
}
1691
2403
if(interface_is_up(interface)){
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
1692
2406
if(not get_flags(interface, &network) and debug){
1693
2407
ret_errno = errno;
1694
2408
fprintf_plus(stderr, "Failed to get flags for interface "
1695
2409
"\"%s\"\n", interface);
2410
errno = old_errno;
1696
2411
return ret_errno;
1697
2412
}
1698
2413
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1699
2414
1700
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1701
if(sd < 0){
2415
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2416
if(sd == -1){
1702
2417
ret_errno = errno;
1703
2418
perror_plus("socket");
1704
2419
errno = old_errno;
1710
2425
interface);
1711
2426
}
1712
2427
1713
/* Raise priviliges */
1714
raise_privileges();
1715
1716
ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1717
ret_errno = errno;
1718
1719
/* Lower privileges */
1720
lower_privileges();
2428
/* Raise privileges */
2429
ret_errno = raise_privileges();
2430
if(ret_errno != 0){
2431
errno = ret_errno;
2432
perror_plus("Failed to raise privileges");
2433
}
2434
2435
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2436
ioctl_errno = errno;
2437
2438
/* If raise_privileges() succeeded above */
2439
if(ret_errno == 0){
2440
/* Lower privileges */
2441
ret_errno = lower_privileges();
2442
if(ret_errno != 0){
2443
errno = ret_errno;
2444
perror_plus("Failed to lower privileges");
2445
}
2446
}
1721
2447
1722
2448
/* Close the socket */
1723
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
int ret = close(sd);
1724
2450
if(ret == -1){
1725
2451
perror_plus("close");
1726
2452
}
1727
2453
1728
2454
if(ret_setflags == -1){
1729
errno = ret_errno;
2455
errno = ioctl_errno;
1730
2456
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
1731
2457
errno = old_errno;
1732
return ret_errno;
2458
return ioctl_errno;
1733
2459
}
1734
2460
} else if(debug){
1735
2461
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
1741
2467
}
1742
2468
1743
2469
int main(int argc, char *argv[]){
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
1744
2483
AvahiSServiceBrowser *sb = NULL;
1745
2484
error_t ret_errno;
1746
2485
int ret;
1747
2486
intmax_t tmpmax;
1748
2487
char *tmp;
1749
2488
int exitcode = EXIT_SUCCESS;
1750
char *interfaces = NULL;
1751
size_t interfaces_size = 0;
1752
2489
char *interfaces_to_take_down = NULL;
1753
2490
size_t interfaces_to_take_down_size = 0;
1754
char tempdir[] = "/tmp/mandosXXXXXX";
1755
bool tempdir_created = false;
2491
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2492
char old_tempdir[] = "/tmp/mandosXXXXXX";
2493
char *tempdir = NULL;
1756
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1757
2495
const char *seckey = PATHDIR "/" SECKEY;
1758
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
1759
2502
char *interfaces_hooks = NULL;
1760
size_t interfaces_hooks_size = 0;
1761
2503
1762
2504
bool gnutls_initialized = false;
1763
2505
bool gpgme_initialized = false;
1809
2551
{ .name = "pubkey", .key = 'p',
1810
2552
.arg = "FILE",
1811
2553
.doc = "OpenPGP public key file base name",
1812
.group = 2 },
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
1813
2571
{ .name = "dh-bits", .key = 129,
1814
2572
.arg = "BITS",
1815
2573
.doc = "Bit length of the prime number used in the"
1816
2574
" Diffie-Hellman key exchange",
1817
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
1818
2581
{ .name = "priority", .key = 130,
1819
2582
.arg = "STRING",
1820
2583
.doc = "GnuTLS priority string for the TLS handshake",
1854
2617
connect_to = arg;
1855
2618
break;
1856
2619
case 'i': /* --interface */
1857
ret_errno = argz_add_sep(&interfaces, &interfaces_size, arg,
1858
(int)',');
2620
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2621
arg, (int)',');
1859
2622
if(ret_errno != 0){
1860
2623
argp_error(state, "%s", strerror(ret_errno));
1861
2624
}
1866
2629
case 'p': /* --pubkey */
1867
2630
pubkey = arg;
1868
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
1869
2642
case 129: /* --dh-bits */
1870
2643
errno = 0;
1871
2644
tmpmax = strtoimax(arg, &tmp, 10);
1875
2648
}
1876
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1877
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
1878
2654
case 130: /* --priority */
1879
2655
mc.priority = arg;
1880
2656
break;
1903
2679
argp_state_help(state, state->out_stream,
1904
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1905
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
1906
2683
case -3: /* --usage */
1907
2684
argp_state_help(state, state->out_stream,
1908
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
1909
2687
case 'V': /* --version */
1910
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
1911
2689
exit(argp_err_exit_status);
1920
2698
.args_doc = "",
1921
2699
.doc = "Mandos client -- Get and decrypt"
1922
2700
" passwords from a Mandos server" };
1923
ret = argp_parse(&argp, argc, argv,
1924
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1925
switch(ret){
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
1926
2704
case 0:
1927
2705
break;
1928
2706
case ENOMEM:
1929
2707
default:
1930
errno = ret;
2708
errno = ret_errno;
1931
2709
perror_plus("argp_parse");
1932
2710
exitcode = EX_OSERR;
1933
2711
goto end;
1936
2714
goto end;
1937
2715
}
1938
2716
}
1939
2717
1940
2718
{
1941
2719
/* Work around Debian bug #633582:
1942
<http://bugs.debian.org/633582> */
2720
<https://bugs.debian.org/633582> */
1943
2721
1944
/* Re-raise priviliges */
1945
if(raise_privileges() == 0){
2722
/* Re-raise privileges */
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2726
perror_plus("Failed to raise privileges");
2727
} else {
1946
2728
struct stat st;
1947
2729
1948
2730
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
1962
2744
}
1963
2745
}
1964
2746
}
1965
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
close(seckey_fd);
1966
2748
}
1967
2749
}
1968
2750
1969
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
1970
2752
int pubkey_fd = open(pubkey, O_RDONLY);
1971
2753
if(pubkey_fd == -1){
1983
2765
}
1984
2766
}
1985
2767
}
1986
TEMP_FAILURE_RETRY(close(pubkey_fd));
1987
}
1988
}
1989
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
1990
2794
/* Lower privileges */
1991
errno = 0;
1992
ret = seteuid(uid);
1993
if(ret == -1){
1994
perror_plus("seteuid");
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2798
perror_plus("Failed to lower privileges");
1995
2799
}
1996
2800
}
1997
2801
}
1998
2802
1999
/* Remove empty interface names */
2803
/* Remove invalid interface names (except "none") */
2000
2804
{
2001
2805
char *interface = NULL;
2002
while((interface = argz_next(interfaces, interfaces_size,
2806
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2003
2807
interface))){
2004
if(if_nametoindex(interface) == 0){
2005
if(interface[0] != '\0' and strcmp(interface, "none") != 0){
2808
if(strcmp(interface, "none") != 0
2809
and if_nametoindex(interface) == 0){
2810
if(interface[0] != '\0'){
2006
2811
fprintf_plus(stderr, "Not using nonexisting interface"
2007
2812
" \"%s\"\n", interface);
2008
2813
}
2009
argz_delete(&interfaces, &interfaces_size, interface);
2814
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2010
2815
interface = NULL;
2011
2816
}
2012
2817
}
2014
2819
2015
2820
/* Run network hooks */
2016
2821
{
2017
ret_errno = argz_append(&interfaces_hooks, &interfaces_hooks_size,
2018
interfaces, interfaces_size);
2019
if(ret_errno != 0){
2020
errno = ret_errno;
2021
perror_plus("argz_append");
2022
goto end;
2023
}
2024
argz_stringify(interfaces_hooks, interfaces_hooks_size, (int)',');
2025
if(not run_network_hooks("start", interfaces_hooks, delay)){
2026
goto end;
2027
}
2822
if(mc.interfaces != NULL){
2823
interfaces_hooks = malloc(mc.interfaces_size);
2824
if(interfaces_hooks == NULL){
2825
perror_plus("malloc");
2826
goto end;
2827
}
2828
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2829
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2830
}
2831
run_network_hooks("start", interfaces_hooks != NULL ?
2832
interfaces_hooks : "", delay);
2028
2833
}
2029
2834
2030
2835
if(not debug){
2035
2840
from the signal handler */
2036
2841
/* Initialize the pseudo-RNG for Avahi */
2037
2842
srand((unsigned int) time(NULL));
2038
mc.simple_poll = avahi_simple_poll_new();
2039
if(mc.simple_poll == NULL){
2843
simple_poll = avahi_simple_poll_new();
2844
if(simple_poll == NULL){
2040
2845
fprintf_plus(stderr,
2041
2846
"Avahi: Failed to create simple poll object.\n");
2042
2847
exitcode = EX_UNAVAILABLE;
2107
2912
}
2108
2913
2109
2914
/* If no interfaces were specified, make a list */
2110
if(interfaces == NULL){
2111
struct dirent **direntries;
2915
if(mc.interfaces == NULL){
2916
struct dirent **direntries = NULL;
2112
2917
/* Look for any good interfaces */
2113
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2114
2919
alphasort);
2115
2920
if(ret >= 1){
2116
2921
/* Add all found interfaces to interfaces list */
2117
2922
for(int i = 0; i < ret; ++i){
2118
ret_errno = argz_add(&interfaces, &interfaces_size,
2923
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2119
2924
direntries[i]->d_name);
2120
2925
if(ret_errno != 0){
2926
errno = ret_errno;
2121
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2122
2929
continue;
2123
2930
}
2124
2931
if(debug){
2125
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2126
2933
direntries[i]->d_name);
2127
2934
}
2935
free(direntries[i]);
2128
2936
}
2129
2937
free(direntries);
2130
2938
} else {
2131
free(direntries);
2939
if(ret == 0){
2940
free(direntries);
2941
}
2132
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2133
2943
exitcode = EXIT_FAILURE;
2134
2944
goto end;
2135
2945
}
2136
2946
}
2137
2947
2138
/* If we only got one interface, explicitly use only that one */
2139
if(argz_count(interfaces, interfaces_size) == 1){
2140
if(debug){
2141
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2142
interfaces);
2143
}
2144
if_index = (AvahiIfIndex)if_nametoindex(interfaces);
2145
}
2146
2147
/* Bring up interfaces which are down */
2148
if(not (argz_count(interfaces, interfaces_size) == 1
2149
and strcmp(interfaces, "none") == 0)){
2948
/* Bring up interfaces which are down, and remove any "none"s */
2949
{
2150
2950
char *interface = NULL;
2151
while((interface = argz_next(interfaces, interfaces_size,
2951
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2152
2952
interface))){
2953
/* If interface name is "none", stop bringing up interfaces.
2954
Also remove all instances of "none" from the list */
2955
if(strcmp(interface, "none") == 0){
2956
argz_delete(&mc.interfaces, &mc.interfaces_size,
2957
interface);
2958
interface = NULL;
2959
while((interface = argz_next(mc.interfaces,
2960
mc.interfaces_size, interface))){
2961
if(strcmp(interface, "none") == 0){
2962
argz_delete(&mc.interfaces, &mc.interfaces_size,
2963
interface);
2964
interface = NULL;
2965
}
2966
}
2967
break;
2968
}
2153
2969
bool interface_was_up = interface_is_up(interface);
2154
ret = bring_up_interface(interface, delay);
2970
errno = bring_up_interface(interface, delay);
2155
2971
if(not interface_was_up){
2156
if(ret != 0){
2157
errno = ret;
2158
perror_plus("Failed to bring up interface");
2972
if(errno != 0){
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2159
2975
} else {
2160
ret_errno = argz_add(&interfaces_to_take_down,
2161
&interfaces_to_take_down_size,
2162
interface);
2976
errno = argz_add(&interfaces_to_take_down,
2977
&interfaces_to_take_down_size,
2978
interface);
2979
if(errno != 0){
2980
perror_plus("argz_add");
2981
}
2163
2982
}
2164
2983
}
2165
2984
}
2166
free(interfaces);
2167
interfaces = NULL;
2168
interfaces_size = 0;
2169
2985
if(debug and (interfaces_to_take_down == NULL)){
2170
2986
fprintf_plus(stderr, "No interfaces were brought up\n");
2171
2987
}
2172
2988
}
2173
2989
2990
/* If we only got one interface, explicitly use only that one */
2991
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2992
if(debug){
2993
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2994
mc.interfaces);
2995
}
2996
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2997
}
2998
2174
2999
if(quit_now){
2175
3000
goto end;
2176
3001
}
2177
3002
2178
ret = init_gnutls_global(pubkey, seckey);
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2179
3010
if(ret == -1){
2180
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
2181
3012
exitcode = EX_UNAVAILABLE;
2188
3019
goto end;
2189
3020
}
2190
3021
2191
if(mkdtemp(tempdir) == NULL){
3022
/* Try /run/tmp before /tmp */
3023
tempdir = mkdtemp(run_tempdir);
3024
if(tempdir == NULL and errno == ENOENT){
3025
if(debug){
3026
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3027
run_tempdir, old_tempdir);
3028
}
3029
tempdir = mkdtemp(old_tempdir);
3030
}
3031
if(tempdir == NULL){
2192
3032
perror_plus("mkdtemp");
2193
3033
goto end;
2194
3034
}
2195
tempdir_created = true;
2196
3035
2197
3036
if(quit_now){
2198
3037
goto end;
2199
3038
}
2200
3039
2201
if(not init_gpgme(pubkey, seckey, tempdir)){
3040
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2202
3041
fprintf_plus(stderr, "init_gpgme failed\n");
2203
3042
exitcode = EX_UNAVAILABLE;
2204
3043
goto end;
2225
3064
goto end;
2226
3065
}
2227
3066
2228
uint16_t port;
3067
in_port_t port;
2229
3068
errno = 0;
2230
3069
tmpmax = strtoimax(address+1, &tmp, 10);
2231
3070
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2232
or tmpmax != (uint16_t)tmpmax){
3071
or tmpmax != (in_port_t)tmpmax){
2233
3072
fprintf_plus(stderr, "Bad port number\n");
2234
3073
exitcode = EX_USAGE;
2235
3074
goto end;
2236
3075
}
2237
3076
2238
3077
if(quit_now){
2239
3078
goto end;
2240
3079
}
2241
3080
2242
port = (uint16_t)tmpmax;
3081
port = (in_port_t)tmpmax;
2243
3082
*address = '\0';
2244
3083
/* Colon in address indicates IPv6 */
2245
3084
int af;
2261
3100
}
2262
3101
2263
3102
while(not quit_now){
2264
ret = start_mandos_communication(address, port, if_index, af);
3103
ret = start_mandos_communication(address, port, if_index, af,
3104
&mc);
2265
3105
if(quit_now or ret == 0){
2266
3106
break;
2267
3107
}
2269
3109
fprintf_plus(stderr, "Retrying in %d seconds\n",
2270
3110
(int)retry_interval);
2271
3111
}
2272
sleep((int)retry_interval);
3112
sleep((unsigned int)retry_interval);
2273
3113
}
2274
3114
2275
if (not quit_now){
3115
if(not quit_now){
2276
3116
exitcode = EXIT_SUCCESS;
2277
3117
}
2278
3118
2293
3133
config.publish_domain = 0;
2294
3134
2295
3135
/* Allocate a new server */
2296
mc.server = avahi_server_new(avahi_simple_poll_get
2297
(mc.simple_poll), &config, NULL,
2298
NULL, &ret_errno);
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3137
&config, NULL, NULL, &ret);
2299
3138
2300
3139
/* Free the Avahi configuration data */
2301
3140
avahi_server_config_free(&config);
2304
3143
/* Check if creating the Avahi server object succeeded */
2305
3144
if(mc.server == NULL){
2306
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2307
avahi_strerror(ret_errno));
3146
avahi_strerror(ret));
2308
3147
exitcode = EX_UNAVAILABLE;
2309
3148
goto end;
2310
3149
}
2316
3155
/* Create the Avahi service browser */
2317
3156
sb = avahi_s_service_browser_new(mc.server, if_index,
2318
3157
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2319
NULL, 0, browse_callback, NULL);
3158
NULL, 0, browse_callback,
3159
(void *)&mc);
2320
3160
if(sb == NULL){
2321
3161
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2322
3162
avahi_strerror(avahi_server_errno(mc.server)));
2333
3173
if(debug){
2334
3174
fprintf_plus(stderr, "Starting Avahi loop search\n");
2335
3175
}
2336
2337
ret = avahi_loop_with_timeout(mc.simple_poll,
2338
(int)(retry_interval * 1000));
3176
3177
ret = avahi_loop_with_timeout(simple_poll,
3178
(int)(retry_interval * 1000), &mc);
2339
3179
if(debug){
2340
3180
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2341
3181
(ret == 0) ? "successfully" : "with error");
2344
3184
end:
2345
3185
2346
3186
if(debug){
2347
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2348
3194
}
2349
3195
2350
3196
/* Cleanup things */
3197
free(mc.interfaces);
3198
2351
3199
if(sb != NULL)
2352
3200
avahi_s_service_browser_free(sb);
2353
3201
2354
3202
if(mc.server != NULL)
2355
3203
avahi_server_free(mc.server);
2356
3204
2357
if(mc.simple_poll != NULL)
2358
avahi_simple_poll_free(mc.simple_poll);
3205
if(simple_poll != NULL)
3206
avahi_simple_poll_free(simple_poll);
2359
3207
2360
3208
if(gnutls_initialized){
2361
3209
gnutls_certificate_free_credentials(mc.cred);
2362
gnutls_global_deinit();
2363
3210
gnutls_dh_params_deinit(mc.dh_params);
2364
3211
}
2365
3212
2373
3220
mc.current_server->prev->next = NULL;
2374
3221
while(mc.current_server != NULL){
2375
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
2376
3231
free(mc.current_server);
2377
3232
mc.current_server = next;
2378
3233
}
2379
3234
}
2380
3235
2381
/* Re-raise priviliges */
3236
/* Re-raise privileges */
2382
3237
{
2383
raise_privileges();
2384
2385
/* Run network hooks */
2386
run_network_hooks("stop", interfaces_hooks, delay);
2387
2388
/* Take down the network interfaces which were brought up */
2389
{
2390
char *interface = NULL;
2391
while((interface=argz_next(interfaces_to_take_down,
2392
interfaces_to_take_down_size,
2393
interface))){
2394
ret_errno = take_down_interface(interface);
2395
if(ret_errno != 0){
2396
errno = ret_errno;
2397
perror_plus("Failed to take down interface");
2398
}
2399
}
2400
if(debug and (interfaces_to_take_down == NULL)){
2401
fprintf_plus(stderr, "No interfaces needed to be taken"
2402
" down\n");
2403
}
2404
}
2405
2406
lower_privileges_permanently();
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
3241
perror_plus("Failed to raise privileges");
3242
} else {
3243
3244
/* Run network hooks */
3245
run_network_hooks("stop", interfaces_hooks != NULL ?
3246
interfaces_hooks : "", delay);
3247
3248
/* Take down the network interfaces which were brought up */
3249
{
3250
char *interface = NULL;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
3257
perror_plus("Failed to take down interface");
3258
}
3259
}
3260
if(debug and (interfaces_to_take_down == NULL)){
3261
fprintf_plus(stderr, "No interfaces needed to be taken"
3262
" down\n");
3263
}
3264
}
3265
}
3266
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
3270
perror_plus("Failed to lower privileges permanently");
3271
}
2407
3272
}
2408
3273
2409
3274
free(interfaces_to_take_down);
2410
3275
free(interfaces_hooks);
2411
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
2412
3331
/* Removes the GPGME temp directory and all files inside */
2413
if(tempdir_created){
2414
struct dirent **direntries = NULL;
2415
struct dirent *direntry = NULL;
2416
int numentries = scandir(tempdir, &direntries, notdotentries,
2417
alphasort);
2418
if (numentries > 0){
2419
for(int i = 0; i < numentries; i++){
2420
direntry = direntries[i];
2421
char *fullname = NULL;
2422
ret = asprintf(&fullname, "%s/%s", tempdir,
2423
direntry->d_name);
2424
if(ret < 0){
2425
perror_plus("asprintf");
2426
continue;
2427
}
2428
ret = remove(fullname);
2429
if(ret == -1){
2430
fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2431
strerror(errno));
2432
}
2433
free(fullname);
2434
}
2435
}
2436
2437
/* need to clean even if 0 because man page doesn't specify */
2438
free(direntries);
2439
if (numentries == -1){
2440
perror_plus("scandir");
2441
}
2442
ret = rmdir(tempdir);
2443
if(ret == -1 and errno != ENOENT){
2444
perror_plus("rmdir");
2445
}
3332
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
2446
3334
}
2447
3335
2448
3336
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0