To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- bugs.xml
- debian/tests
- debian/upstream
- dracut-module
- plugin-helpers
- files removed:
- debian/upstream-signing-key.pgp
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2013 Teddy Hogeborn
13
* Copyright © 2008-2013 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
32
33
/* Needed by GPGME, specifically gpgme_data_seek() */
33
34
#ifndef _LARGEFILE_SOURCE
34
35
#define _LARGEFILE_SOURCE
35
#endif
36
#endif /* not _LARGEFILE_SOURCE */
36
37
#ifndef _FILE_OFFSET_BITS
37
38
#define _FILE_OFFSET_BITS 64
38
#endif
39
#endif /* not _FILE_OFFSET_BITS */
39
40
40
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
42
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
stdout, ferror() */
44
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
46
#include <stddef.h> /* NULL, size_t, ssize_t */
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
60
inet_pton(), connect(),
59
61
getnameinfo() */
60
#include <fcntl.h> /* open() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
61
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
64
*/
63
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
66
strtoimax() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
73
79
*/
74
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
81
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit() */
82
setgid(), pause(), _exit(),
83
unlinkat() */
77
84
#include <arpa/inet.h> /* inet_pton(), htons() */
78
85
#include <iso646.h> /* not, or, and */
79
86
#include <argp.h> /* struct argp_option, error_t, struct
116
123
gnutls_*
117
124
init_gnutls_session(),
118
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
119
127
#include <gnutls/openpgp.h>
120
128
/* gnutls_certificate_set_openpgp_key_file(),
121
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
122
135
123
136
/* GPGME */
124
137
#include <gpgme.h> /* All GPGME types, constants and
132
145
#define PATHDIR "/conf/conf.d/mandos"
133
146
#define SECKEY "seckey.txt"
134
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
135
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
136
151
137
152
bool debug = false;
141
156
static const char sys_class_net[] = "/sys/class/net";
142
157
char *connect_to = NULL;
143
158
const char *hookdir = HOOKDIR;
159
int hookdir_fd = -1;
144
160
uid_t uid = 65534;
145
161
gid_t gid = 65534;
146
162
232
248
.af = af };
233
249
if(new_server->ip == NULL){
234
250
perror_plus("strdup");
251
free(new_server);
235
252
return false;
236
253
}
237
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
238
255
if(ret == -1){
239
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
240
266
return false;
241
267
}
242
268
/* Special case of first server */
254
280
return true;
255
281
}
256
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
257
335
/*
258
336
* Initialize GPGME.
259
337
*/
260
338
__attribute__((nonnull, warn_unused_result))
261
static bool init_gpgme(const char *seckey, const char *pubkey,
262
const char *tempdir, mandos_context *mc){
339
static bool init_gpgme(const char * const seckey,
340
const char * const pubkey,
341
const char * const tempdir,
342
mandos_context *mc){
263
343
gpgme_error_t rc;
264
344
gpgme_engine_info_t engine_info;
265
345
266
346
/*
267
347
* Helper function to insert pub and seckey to the engine keyring.
268
348
*/
269
bool import_key(const char *filename){
349
bool import_key(const char * const filename){
270
350
int ret;
271
351
int fd;
272
352
gpgme_data_t pgp_data;
277
357
return false;
278
358
}
279
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
280
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
281
411
if(rc != GPG_ERR_NO_ERROR){
282
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
290
420
gpgme_strsource(rc), gpgme_strerror(rc));
291
421
return false;
292
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
293
498
294
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
ret = close(fd);
295
500
if(ret == -1){
296
501
perror_plus("close");
297
502
}
336
541
/* Create new GPGME "context" */
337
542
rc = gpgme_new(&(mc->ctx));
338
543
if(rc != GPG_ERR_NO_ERROR){
339
fprintf_plus(stderr, "Mandos plugin mandos-client: "
340
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
341
gpgme_strerror(rc));
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
342
546
return false;
343
547
}
344
548
380
584
/* Create new empty GPGME data buffer for the plaintext */
381
585
rc = gpgme_data_new(&dh_plain);
382
586
if(rc != GPG_ERR_NO_ERROR){
383
fprintf_plus(stderr, "Mandos plugin mandos-client: "
384
"bad gpgme_data_new: %s: %s\n",
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
385
588
gpgme_strsource(rc), gpgme_strerror(rc));
386
589
gpgme_data_release(dh_crypto);
387
590
return -1;
400
603
if(result == NULL){
401
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
402
605
} else {
403
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
404
result->unsupported_algorithm);
405
fprintf_plus(stderr, "Wrong key usage: %u\n",
406
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
407
612
if(result->file_name != NULL){
408
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
409
614
}
410
gpgme_recipient_t recipient;
411
recipient = result->recipients;
412
while(recipient != NULL){
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
413
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
414
gpgme_pubkey_algo_name
415
(recipient->pubkey_algo));
416
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
417
621
fprintf_plus(stderr, "Secret key available: %s\n",
418
recipient->status == GPG_ERR_NO_SECKEY
419
? "No" : "Yes");
420
recipient = recipient->next;
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
421
623
}
422
624
}
423
625
}
479
681
return plaintext_length;
480
682
}
481
683
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
482
691
__attribute__((warn_unused_result))
483
692
static const char *safer_gnutls_strerror(int value){
484
693
const char *ret = gnutls_strerror(value);
485
if(ret == NULL)
486
ret = "(unknown)";
487
return ret;
694
return safe_string(ret);
488
695
}
489
696
490
697
/* GnuTLS log function callback */
494
701
fprintf_plus(stderr, "GnuTLS: %s", string);
495
702
}
496
703
497
__attribute__((nonnull, warn_unused_result))
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
498
705
static int init_gnutls_global(const char *pubkeyfilename,
499
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
500
708
mandos_context *mc){
501
709
int ret;
502
710
504
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
505
713
}
506
714
507
ret = gnutls_global_init();
508
if(ret != GNUTLS_E_SUCCESS){
509
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
510
safer_gnutls_strerror(ret));
511
return -1;
512
}
513
514
715
if(debug){
515
716
/* "Use a log level over 10 to enable all debugging options."
516
717
* - GnuTLS manual
524
725
if(ret != GNUTLS_E_SUCCESS){
525
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
526
727
safer_gnutls_strerror(ret));
527
gnutls_global_deinit();
528
728
return -1;
529
729
}
530
730
531
731
if(debug){
532
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
533
" secret key %s as GnuTLS credentials\n",
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
534
734
pubkeyfilename,
535
735
seckeyfilename);
536
736
}
537
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
538
751
ret = gnutls_certificate_set_openpgp_key_file
539
752
(mc->cred, pubkeyfilename, seckeyfilename,
540
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
541
757
if(ret != GNUTLS_E_SUCCESS){
542
758
fprintf_plus(stderr,
543
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
"Error[%d] while reading the key pair ('%s',"
544
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
545
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
546
762
safer_gnutls_strerror(ret));
555
771
safer_gnutls_strerror(ret));
556
772
goto globalfail;
557
773
}
558
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
559
if(ret != GNUTLS_E_SUCCESS){
560
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
561
safer_gnutls_strerror(ret));
562
goto globalfail;
563
}
564
565
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
566
956
567
957
return 0;
568
958
569
959
globalfail:
570
960
571
961
gnutls_certificate_free_credentials(mc->cred);
572
gnutls_global_deinit();
573
962
gnutls_dh_params_deinit(mc->dh_params);
574
963
return -1;
575
964
}
580
969
int ret;
581
970
/* GnuTLS session creation */
582
971
do {
583
ret = gnutls_init(session, GNUTLS_SERVER);
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
584
980
if(quit_now){
585
981
return -1;
586
982
}
627
1023
/* ignore client certificate if any. */
628
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
629
1025
630
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
631
632
1026
return 0;
633
1027
}
634
1028
636
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
637
1031
__attribute__((unused)) const char *txt){}
638
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
639
1206
/* Called when a Mandos server is found */
640
1207
__attribute__((nonnull, warn_unused_result))
641
1208
static int start_mandos_communication(const char *ip, in_port_t port,
652
1219
int retval = -1;
653
1220
gnutls_session_t session;
654
1221
int pf; /* Protocol family */
1222
bool route_added = false;
655
1223
656
1224
errno = 0;
657
1225
679
1247
bool match = false;
680
1248
{
681
1249
char *interface = NULL;
682
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
683
interface))){
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
684
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
685
1254
match = true;
686
1255
break;
715
1284
PRIuMAX "\n", ip, (uintmax_t)port);
716
1285
}
717
1286
718
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
719
1288
if(tcp_sd < 0){
720
1289
int e = errno;
721
1290
perror_plus("socket");
728
1297
goto mandos_end;
729
1298
}
730
1299
731
memset(&to, 0, sizeof(to));
732
1300
if(af == AF_INET6){
733
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
734
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
735
1304
} else { /* IPv4 */
736
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
737
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
738
1308
}
739
1309
if(ret < 0 ){
740
1310
int e = errno;
810
1380
goto mandos_end;
811
1381
}
812
1382
813
if(af == AF_INET6){
814
ret = connect(tcp_sd, (struct sockaddr *)&to,
815
sizeof(struct sockaddr_in6));
816
} else {
817
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
818
sizeof(struct sockaddr_in));
819
}
820
if(ret < 0){
821
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
822
int e = errno;
823
perror_plus("connect");
824
errno = e;
825
}
826
goto mandos_end;
827
}
828
829
if(quit_now){
830
errno = EINTR;
831
goto mandos_end;
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
832
1438
}
833
1439
834
1440
const char *out = mandos_protocol_version;
988
1594
&decrypted_buffer, mc);
989
1595
if(decrypted_buffer_size >= 0){
990
1596
1597
clearerr(stdout);
991
1598
written = 0;
992
1599
while(written < (size_t) decrypted_buffer_size){
993
1600
if(quit_now){
1009
1616
}
1010
1617
written += (size_t)ret;
1011
1618
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1012
1629
retval = 0;
1013
1630
}
1014
1631
}
1017
1634
1018
1635
mandos_end:
1019
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1020
1643
int e = errno;
1021
1644
free(decrypted_buffer);
1022
1645
free(buffer);
1023
1646
if(tcp_sd >= 0){
1024
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
ret = close(tcp_sd);
1025
1648
}
1026
1649
if(ret == -1){
1027
1650
if(e == 0){
1039
1662
return retval;
1040
1663
}
1041
1664
1042
__attribute__((nonnull))
1043
1665
static void resolve_callback(AvahiSServiceResolver *r,
1044
1666
AvahiIfIndex interface,
1045
1667
AvahiProtocol proto,
1062
1684
timed out */
1063
1685
1064
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1065
1688
return;
1066
1689
}
1067
1690
1181
1804
__attribute__((nonnull, warn_unused_result))
1182
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1183
1806
int ret;
1184
error_t ret_errno;
1807
int old_errno;
1185
1808
1186
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1187
1810
if(s < 0){
1188
ret_errno = errno;
1811
old_errno = errno;
1189
1812
perror_plus("socket");
1190
errno = ret_errno;
1813
errno = old_errno;
1191
1814
return false;
1192
1815
}
1193
strcpy(ifr->ifr_name, ifname);
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1194
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1195
1819
if(ret == -1){
1196
1820
if(debug){
1197
ret_errno = errno;
1821
old_errno = errno;
1198
1822
perror_plus("ioctl SIOCGIFFLAGS");
1199
errno = ret_errno;
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1200
1829
}
1201
1830
return false;
1202
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1203
1837
return true;
1204
1838
}
1205
1839
1333
1967
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1334
1968
"abcdefghijklmnopqrstuvwxyz"
1335
1969
"0123456789"
1336
"_-");
1970
"_.-");
1337
1971
if((direntry->d_name)[sret] != '\0'){
1338
1972
/* Contains non-allowed characters */
1339
1973
if(debug){
1343
1977
return 0;
1344
1978
}
1345
1979
1346
char *fullname = NULL;
1347
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1348
if(ret < 0){
1349
perror_plus("asprintf");
1350
return 0;
1351
}
1352
1353
ret = stat(fullname, &st);
1980
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1354
1981
if(ret == -1){
1355
1982
if(debug){
1356
1983
perror_plus("Could not stat hook");
1454
2081
}
1455
2082
}
1456
2083
1457
/* Set effective uid to 0, return errno */
1458
__attribute__((warn_unused_result))
1459
error_t raise_privileges(void){
1460
error_t old_errno = errno;
1461
error_t ret_errno = 0;
1462
if(seteuid(0) == -1){
1463
ret_errno = errno;
1464
perror_plus("seteuid");
1465
}
1466
errno = old_errno;
1467
return ret_errno;
1468
}
1469
1470
/* Set effective and real user ID to 0. Return errno. */
1471
__attribute__((warn_unused_result))
1472
error_t raise_privileges_permanently(void){
1473
error_t old_errno = errno;
1474
error_t ret_errno = raise_privileges();
1475
if(ret_errno != 0){
1476
errno = old_errno;
1477
return ret_errno;
1478
}
1479
if(setuid(0) == -1){
1480
ret_errno = errno;
1481
perror_plus("seteuid");
1482
}
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
1487
/* Set effective user ID to unprivileged saved user ID */
1488
__attribute__((warn_unused_result))
1489
error_t lower_privileges(void){
1490
error_t old_errno = errno;
1491
error_t ret_errno = 0;
1492
if(seteuid(uid) == -1){
1493
ret_errno = errno;
1494
perror_plus("seteuid");
1495
}
1496
errno = old_errno;
1497
return ret_errno;
1498
}
1499
1500
/* Lower privileges permanently */
1501
__attribute__((warn_unused_result))
1502
error_t lower_privileges_permanently(void){
1503
error_t old_errno = errno;
1504
error_t ret_errno = 0;
1505
if(setuid(uid) == -1){
1506
ret_errno = errno;
1507
perror_plus("setuid");
1508
}
1509
errno = old_errno;
1510
return ret_errno;
1511
}
1512
1513
2084
__attribute__((nonnull))
1514
2085
void run_network_hooks(const char *mode, const char *interface,
1515
2086
const float delay){
1516
struct dirent **direntries;
1517
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1518
alphasort);
2087
struct dirent **direntries = NULL;
2088
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
2091
if(hookdir_fd == -1){
2092
if(errno == ENOENT){
2093
if(debug){
2094
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2095
" found\n", hookdir);
2096
}
2097
} else {
2098
perror_plus("open");
2099
}
2100
return;
2101
}
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
runnable_hook, alphasort);
1519
2110
if(numhooks == -1){
1520
if(errno == ENOENT){
1521
if(debug){
1522
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1523
" found\n", hookdir);
1524
}
1525
} else {
1526
perror_plus("scandir");
2111
perror_plus("scandir");
2112
close(devnull);
2113
return;
2114
}
2115
struct dirent *direntry;
2116
int ret;
2117
for(int i = 0; i < numhooks; i++){
2118
direntry = direntries[i];
2119
if(debug){
2120
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2121
direntry->d_name);
1527
2122
}
1528
} else {
1529
struct dirent *direntry;
1530
int ret;
1531
int devnull = open("/dev/null", O_RDONLY);
1532
for(int i = 0; i < numhooks; i++){
1533
direntry = direntries[i];
1534
char *fullname = NULL;
1535
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1536
if(ret < 0){
2123
pid_t hook_pid = fork();
2124
if(hook_pid == 0){
2125
/* Child */
2126
/* Raise privileges */
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
2129
perror_plus("Failed to raise privileges");
2130
_exit(EX_NOPERM);
2131
}
2132
/* Set group */
2133
errno = 0;
2134
ret = setgid(0);
2135
if(ret == -1){
2136
perror_plus("setgid");
2137
_exit(EX_NOPERM);
2138
}
2139
/* Reset supplementary groups */
2140
errno = 0;
2141
ret = setgroups(0, NULL);
2142
if(ret == -1){
2143
perror_plus("setgroups");
2144
_exit(EX_NOPERM);
2145
}
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
if(ret == -1){
2148
perror_plus("setenv");
2149
_exit(EX_OSERR);
2150
}
2151
ret = setenv("DEVICE", interface, 1);
2152
if(ret == -1){
2153
perror_plus("setenv");
2154
_exit(EX_OSERR);
2155
}
2156
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2157
if(ret == -1){
2158
perror_plus("setenv");
2159
_exit(EX_OSERR);
2160
}
2161
ret = setenv("MODE", mode, 1);
2162
if(ret == -1){
2163
perror_plus("setenv");
2164
_exit(EX_OSERR);
2165
}
2166
char *delaystring;
2167
ret = asprintf(&delaystring, "%f", (double)delay);
2168
if(ret == -1){
1537
2169
perror_plus("asprintf");
1538
continue;
1539
}
1540
if(debug){
1541
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1542
direntry->d_name);
1543
}
1544
pid_t hook_pid = fork();
1545
if(hook_pid == 0){
1546
/* Child */
1547
/* Raise privileges */
1548
if(raise_privileges_permanently() != 0){
1549
perror_plus("Failed to raise privileges");
1550
_exit(EX_NOPERM);
1551
}
1552
/* Set group */
1553
errno = 0;
1554
ret = setgid(0);
1555
if(ret == -1){
1556
perror_plus("setgid");
1557
_exit(EX_NOPERM);
1558
}
1559
/* Reset supplementary groups */
1560
errno = 0;
1561
ret = setgroups(0, NULL);
1562
if(ret == -1){
1563
perror_plus("setgroups");
1564
_exit(EX_NOPERM);
1565
}
1566
ret = dup2(devnull, STDIN_FILENO);
1567
if(ret == -1){
1568
perror_plus("dup2(devnull, STDIN_FILENO)");
1569
_exit(EX_OSERR);
1570
}
1571
ret = close(devnull);
1572
if(ret == -1){
1573
perror_plus("close");
1574
_exit(EX_OSERR);
1575
}
1576
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1577
if(ret == -1){
1578
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1579
_exit(EX_OSERR);
1580
}
1581
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1582
if(ret == -1){
1583
perror_plus("setenv");
1584
_exit(EX_OSERR);
1585
}
1586
ret = setenv("DEVICE", interface, 1);
1587
if(ret == -1){
1588
perror_plus("setenv");
1589
_exit(EX_OSERR);
1590
}
1591
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1592
if(ret == -1){
1593
perror_plus("setenv");
1594
_exit(EX_OSERR);
1595
}
1596
ret = setenv("MODE", mode, 1);
1597
if(ret == -1){
1598
perror_plus("setenv");
1599
_exit(EX_OSERR);
1600
}
1601
char *delaystring;
1602
ret = asprintf(&delaystring, "%f", (double)delay);
1603
if(ret == -1){
1604
perror_plus("asprintf");
1605
_exit(EX_OSERR);
1606
}
1607
ret = setenv("DELAY", delaystring, 1);
1608
if(ret == -1){
1609
free(delaystring);
1610
perror_plus("setenv");
1611
_exit(EX_OSERR);
1612
}
2170
_exit(EX_OSERR);
2171
}
2172
ret = setenv("DELAY", delaystring, 1);
2173
if(ret == -1){
1613
2174
free(delaystring);
1614
if(connect_to != NULL){
1615
ret = setenv("CONNECT", connect_to, 1);
1616
if(ret == -1){
1617
perror_plus("setenv");
1618
_exit(EX_OSERR);
1619
}
1620
}
1621
if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1622
perror_plus("execl");
1623
_exit(EXIT_FAILURE);
1624
}
2175
perror_plus("setenv");
2176
_exit(EX_OSERR);
2177
}
2178
free(delaystring);
2179
if(connect_to != NULL){
2180
ret = setenv("CONNECT", connect_to, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
2189
if(hook_fd == -1){
2190
perror_plus("openat");
2191
_exit(EXIT_FAILURE);
2192
}
2193
if(close(hookdir_fd) == -1){
2194
perror_plus("close");
2195
_exit(EXIT_FAILURE);
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
environ) == -1){
2214
perror_plus("fexecve");
2215
_exit(EXIT_FAILURE);
2216
}
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
int status;
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
perror_plus("waitpid");
2226
free(direntry);
2227
continue;
2228
}
2229
if(WIFEXITED(status)){
2230
if(WEXITSTATUS(status) != 0){
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2232
" with status %d\n", direntry->d_name,
2233
WEXITSTATUS(status));
2234
free(direntry);
2235
continue;
2236
}
2237
} else if(WIFSIGNALED(status)){
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2239
" signal %d\n", direntry->d_name,
2240
WTERMSIG(status));
2241
free(direntry);
2242
continue;
1625
2243
} else {
1626
int status;
1627
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1628
perror_plus("waitpid");
1629
free(fullname);
1630
continue;
1631
}
1632
if(WIFEXITED(status)){
1633
if(WEXITSTATUS(status) != 0){
1634
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1635
" with status %d\n", direntry->d_name,
1636
WEXITSTATUS(status));
1637
free(fullname);
1638
continue;
1639
}
1640
} else if(WIFSIGNALED(status)){
1641
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1642
" signal %d\n", direntry->d_name,
1643
WTERMSIG(status));
1644
free(fullname);
1645
continue;
1646
} else {
1647
fprintf_plus(stderr, "Warning: network hook \"%s\""
1648
" crashed\n", direntry->d_name);
1649
free(fullname);
1650
continue;
1651
}
1652
}
1653
free(fullname);
1654
if(debug){
1655
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1656
direntry->d_name);
1657
}
1658
}
1659
close(devnull);
1660
}
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
2247
continue;
2248
}
2249
}
2250
if(debug){
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2252
direntry->d_name);
2253
}
2254
free(direntry);
2255
}
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
2258
perror_plus("close");
2259
} else {
2260
hookdir_fd = -1;
2261
}
2262
close(devnull);
1661
2263
}
1662
2264
1663
2265
__attribute__((nonnull, warn_unused_result))
1664
error_t bring_up_interface(const char *const interface,
1665
const float delay){
1666
error_t old_errno = errno;
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
1667
2269
int ret;
1668
2270
struct ifreq network;
1669
2271
unsigned int if_index = if_nametoindex(interface);
1679
2281
}
1680
2282
1681
2283
if(not interface_is_up(interface)){
1682
error_t ret_errno = 0, ioctl_errno = 0;
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
1683
2286
if(not get_flags(interface, &network)){
1684
2287
ret_errno = errno;
1685
2288
fprintf_plus(stderr, "Failed to get flags for interface "
1698
2301
}
1699
2302
1700
2303
if(quit_now){
1701
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2304
ret = close(sd);
1702
2305
if(ret == -1){
1703
2306
perror_plus("close");
1704
2307
}
1713
2316
1714
2317
/* Raise privileges */
1715
2318
ret_errno = raise_privileges();
2319
if(ret_errno != 0){
2320
errno = ret_errno;
2321
perror_plus("Failed to raise privileges");
2322
}
2323
2324
#ifdef __linux__
2325
int ret_linux;
1716
2326
bool restore_loglevel = false;
1717
if(ret_errno != 0){
1718
perror_plus("Failed to raise privileges");
1719
}
1720
#ifdef __linux__
1721
int ret_linux;
1722
2327
if(ret_errno == 0){
1723
2328
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1724
2329
messages about the network interface to mess up the prompt */
1752
2357
}
1753
2358
1754
2359
/* Close the socket */
1755
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
ret = close(sd);
1756
2361
if(ret == -1){
1757
2362
perror_plus("close");
1758
2363
}
1770
2375
1771
2376
/* Sleep checking until interface is running.
1772
2377
Check every 0.25s, up to total time of delay */
1773
for(int i=0; i < delay * 4; i++){
2378
for(int i = 0; i < delay * 4; i++){
1774
2379
if(interface_is_running(interface)){
1775
2380
break;
1776
2381
}
1786
2391
}
1787
2392
1788
2393
__attribute__((nonnull, warn_unused_result))
1789
error_t take_down_interface(const char *const interface){
1790
error_t old_errno = errno;
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
1791
2396
struct ifreq network;
1792
2397
unsigned int if_index = if_nametoindex(interface);
1793
2398
if(if_index == 0){
1796
2401
return ENXIO;
1797
2402
}
1798
2403
if(interface_is_up(interface)){
1799
error_t ret_errno = 0, ioctl_errno = 0;
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
1800
2406
if(not get_flags(interface, &network) and debug){
1801
2407
ret_errno = errno;
1802
2408
fprintf_plus(stderr, "Failed to get flags for interface "
1822
2428
/* Raise privileges */
1823
2429
ret_errno = raise_privileges();
1824
2430
if(ret_errno != 0){
2431
errno = ret_errno;
1825
2432
perror_plus("Failed to raise privileges");
1826
2433
}
2434
1827
2435
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1828
2436
ioctl_errno = errno;
1829
2437
1838
2446
}
1839
2447
1840
2448
/* Close the socket */
1841
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
int ret = close(sd);
1842
2450
if(ret == -1){
1843
2451
perror_plus("close");
1844
2452
}
1859
2467
}
1860
2468
1861
2469
int main(int argc, char *argv[]){
1862
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1863
.priority = "SECURE256:!CTYPE-X.509:"
1864
"+CTYPE-OPENPGP", .current_server = NULL,
1865
.interfaces = NULL, .interfaces_size = 0 };
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
1866
2483
AvahiSServiceBrowser *sb = NULL;
1867
2484
error_t ret_errno;
1868
2485
int ret;
1871
2488
int exitcode = EXIT_SUCCESS;
1872
2489
char *interfaces_to_take_down = NULL;
1873
2490
size_t interfaces_to_take_down_size = 0;
1874
char tempdir[] = "/tmp/mandosXXXXXX";
1875
bool tempdir_created = false;
2491
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2492
char old_tempdir[] = "/tmp/mandosXXXXXX";
2493
char *tempdir = NULL;
1876
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1877
2495
const char *seckey = PATHDIR "/" SECKEY;
1878
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
1879
2502
char *interfaces_hooks = NULL;
1880
2503
1881
2504
bool gnutls_initialized = false;
1928
2551
{ .name = "pubkey", .key = 'p',
1929
2552
.arg = "FILE",
1930
2553
.doc = "OpenPGP public key file base name",
1931
.group = 2 },
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
1932
2571
{ .name = "dh-bits", .key = 129,
1933
2572
.arg = "BITS",
1934
2573
.doc = "Bit length of the prime number used in the"
1935
2574
" Diffie-Hellman key exchange",
1936
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
1937
2581
{ .name = "priority", .key = 130,
1938
2582
.arg = "STRING",
1939
2583
.doc = "GnuTLS priority string for the TLS handshake",
1985
2629
case 'p': /* --pubkey */
1986
2630
pubkey = arg;
1987
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
1988
2642
case 129: /* --dh-bits */
1989
2643
errno = 0;
1990
2644
tmpmax = strtoimax(arg, &tmp, 10);
1994
2648
}
1995
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1996
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
1997
2654
case 130: /* --priority */
1998
2655
mc.priority = arg;
1999
2656
break;
2022
2679
argp_state_help(state, state->out_stream,
2023
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2024
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2025
2683
case -3: /* --usage */
2026
2684
argp_state_help(state, state->out_stream,
2027
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2028
2687
case 'V': /* --version */
2029
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2030
2689
exit(argp_err_exit_status);
2039
2698
.args_doc = "",
2040
2699
.doc = "Mandos client -- Get and decrypt"
2041
2700
" passwords from a Mandos server" };
2042
ret = argp_parse(&argp, argc, argv,
2043
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2044
switch(ret){
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2045
2704
case 0:
2046
2705
break;
2047
2706
case ENOMEM:
2048
2707
default:
2049
errno = ret;
2708
errno = ret_errno;
2050
2709
perror_plus("argp_parse");
2051
2710
exitcode = EX_OSERR;
2052
2711
goto end;
2055
2714
goto end;
2056
2715
}
2057
2716
}
2058
2717
2059
2718
{
2060
2719
/* Work around Debian bug #633582:
2061
<http://bugs.debian.org/633582> */
2720
<https://bugs.debian.org/633582> */
2062
2721
2063
2722
/* Re-raise privileges */
2064
ret_errno = raise_privileges();
2065
if(ret_errno != 0){
2066
errno = ret_errno;
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2067
2726
perror_plus("Failed to raise privileges");
2068
2727
} else {
2069
2728
struct stat st;
2085
2744
}
2086
2745
}
2087
2746
}
2088
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
close(seckey_fd);
2089
2748
}
2090
2749
}
2091
2750
2092
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2093
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2094
2753
if(pubkey_fd == -1){
2106
2765
}
2107
2766
}
2108
2767
}
2109
TEMP_FAILURE_RETRY(close(pubkey_fd));
2110
}
2111
}
2112
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2113
2794
/* Lower privileges */
2114
ret_errno = lower_privileges();
2115
if(ret_errno != 0){
2116
errno = ret_errno;
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2117
2798
perror_plus("Failed to lower privileges");
2118
2799
}
2119
2800
}
2232
2913
2233
2914
/* If no interfaces were specified, make a list */
2234
2915
if(mc.interfaces == NULL){
2235
struct dirent **direntries;
2916
struct dirent **direntries = NULL;
2236
2917
/* Look for any good interfaces */
2237
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2238
2919
alphasort);
2244
2925
if(ret_errno != 0){
2245
2926
errno = ret_errno;
2246
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2247
2929
continue;
2248
2930
}
2249
2931
if(debug){
2250
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2251
2933
direntries[i]->d_name);
2252
2934
}
2935
free(direntries[i]);
2253
2936
}
2254
2937
free(direntries);
2255
2938
} else {
2256
free(direntries);
2939
if(ret == 0){
2940
free(direntries);
2941
}
2257
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2258
2943
exitcode = EXIT_FAILURE;
2259
2944
goto end;
2285
2970
errno = bring_up_interface(interface, delay);
2286
2971
if(not interface_was_up){
2287
2972
if(errno != 0){
2288
perror_plus("Failed to bring up interface");
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2289
2975
} else {
2290
2976
errno = argz_add(&interfaces_to_take_down,
2291
2977
&interfaces_to_take_down_size,
2314
3000
goto end;
2315
3001
}
2316
3002
2317
ret = init_gnutls_global(pubkey, seckey, &mc);
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2318
3010
if(ret == -1){
2319
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
2320
3012
exitcode = EX_UNAVAILABLE;
2327
3019
goto end;
2328
3020
}
2329
3021
2330
if(mkdtemp(tempdir) == NULL){
3022
/* Try /run/tmp before /tmp */
3023
tempdir = mkdtemp(run_tempdir);
3024
if(tempdir == NULL and errno == ENOENT){
3025
if(debug){
3026
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3027
run_tempdir, old_tempdir);
3028
}
3029
tempdir = mkdtemp(old_tempdir);
3030
}
3031
if(tempdir == NULL){
2331
3032
perror_plus("mkdtemp");
2332
3033
goto end;
2333
3034
}
2334
tempdir_created = true;
2335
3035
2336
3036
if(quit_now){
2337
3037
goto end;
2434
3134
2435
3135
/* Allocate a new server */
2436
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2437
&config, NULL, NULL, &ret_errno);
3137
&config, NULL, NULL, &ret);
2438
3138
2439
3139
/* Free the Avahi configuration data */
2440
3140
avahi_server_config_free(&config);
2443
3143
/* Check if creating the Avahi server object succeeded */
2444
3144
if(mc.server == NULL){
2445
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2446
avahi_strerror(ret_errno));
3146
avahi_strerror(ret));
2447
3147
exitcode = EX_UNAVAILABLE;
2448
3148
goto end;
2449
3149
}
2473
3173
if(debug){
2474
3174
fprintf_plus(stderr, "Starting Avahi loop search\n");
2475
3175
}
2476
3176
2477
3177
ret = avahi_loop_with_timeout(simple_poll,
2478
3178
(int)(retry_interval * 1000), &mc);
2479
3179
if(debug){
2484
3184
end:
2485
3185
2486
3186
if(debug){
2487
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2488
3194
}
2489
3195
2490
3196
/* Cleanup things */
2501
3207
2502
3208
if(gnutls_initialized){
2503
3209
gnutls_certificate_free_credentials(mc.cred);
2504
gnutls_global_deinit();
2505
3210
gnutls_dh_params_deinit(mc.dh_params);
2506
3211
}
2507
3212
2515
3220
mc.current_server->prev->next = NULL;
2516
3221
while(mc.current_server != NULL){
2517
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
2518
3231
free(mc.current_server);
2519
3232
mc.current_server = next;
2520
3233
}
2522
3235
2523
3236
/* Re-raise privileges */
2524
3237
{
2525
ret_errno = raise_privileges();
2526
if(ret_errno != 0){
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
2527
3241
perror_plus("Failed to raise privileges");
2528
3242
} else {
2529
3243
2534
3248
/* Take down the network interfaces which were brought up */
2535
3249
{
2536
3250
char *interface = NULL;
2537
while((interface=argz_next(interfaces_to_take_down,
2538
interfaces_to_take_down_size,
2539
interface))){
2540
ret_errno = take_down_interface(interface);
2541
if(ret_errno != 0){
2542
errno = ret_errno;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
2543
3257
perror_plus("Failed to take down interface");
2544
3258
}
2545
3259
}
2549
3263
}
2550
3264
}
2551
3265
}
2552
ret_errno = lower_privileges_permanently();
2553
if(ret_errno != 0){
3266
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
2554
3270
perror_plus("Failed to lower privileges permanently");
2555
3271
}
2556
3272
}
2558
3274
free(interfaces_to_take_down);
2559
3275
free(interfaces_hooks);
2560
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
2561
3331
/* Removes the GPGME temp directory and all files inside */
2562
if(tempdir_created){
2563
struct dirent **direntries = NULL;
2564
struct dirent *direntry = NULL;
2565
int numentries = scandir(tempdir, &direntries, notdotentries,
2566
alphasort);
2567
if(numentries > 0){
2568
for(int i = 0; i < numentries; i++){
2569
direntry = direntries[i];
2570
char *fullname = NULL;
2571
ret = asprintf(&fullname, "%s/%s", tempdir,
2572
direntry->d_name);
2573
if(ret < 0){
2574
perror_plus("asprintf");
2575
continue;
2576
}
2577
ret = remove(fullname);
2578
if(ret == -1){
2579
fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2580
strerror(errno));
2581
}
2582
free(fullname);
2583
}
2584
}
2585
2586
/* need to clean even if 0 because man page doesn't specify */
2587
free(direntries);
2588
if(numentries == -1){
2589
perror_plus("scandir");
2590
}
2591
ret = rmdir(tempdir);
2592
if(ret == -1 and errno != ENOENT){
2593
perror_plus("rmdir");
2594
}
3332
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
2595
3334
}
2596
3335
2597
3336
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0