To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
60
inet_pton(), connect(),
59
61
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
61
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
64
*/
63
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
66
strtoimax() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
117
123
gnutls_*
118
124
init_gnutls_session(),
119
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
120
127
#include <gnutls/openpgp.h>
121
128
/* gnutls_certificate_set_openpgp_key_file(),
122
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
123
135
124
136
/* GPGME */
125
137
#include <gpgme.h> /* All GPGME types, constants and
133
145
#define PATHDIR "/conf/conf.d/mandos"
134
146
#define SECKEY "seckey.txt"
135
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
136
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
151
138
152
bool debug = false;
234
248
.af = af };
235
249
if(new_server->ip == NULL){
236
250
perror_plus("strdup");
251
free(new_server);
237
252
return false;
238
253
}
239
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
240
255
if(ret == -1){
241
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
242
266
return false;
243
267
}
244
268
/* Special case of first server */
256
280
return true;
257
281
}
258
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
259
335
/*
260
336
* Initialize GPGME.
261
337
*/
281
357
return false;
282
358
}
283
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
284
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
285
411
if(rc != GPG_ERR_NO_ERROR){
286
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
294
420
gpgme_strsource(rc), gpgme_strerror(rc));
295
421
return false;
296
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
297
498
298
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
ret = close(fd);
299
500
if(ret == -1){
300
501
perror_plus("close");
301
502
}
340
541
/* Create new GPGME "context" */
341
542
rc = gpgme_new(&(mc->ctx));
342
543
if(rc != GPG_ERR_NO_ERROR){
343
fprintf_plus(stderr, "Mandos plugin mandos-client: "
344
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
345
gpgme_strerror(rc));
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
346
546
return false;
347
547
}
348
548
384
584
/* Create new empty GPGME data buffer for the plaintext */
385
585
rc = gpgme_data_new(&dh_plain);
386
586
if(rc != GPG_ERR_NO_ERROR){
387
fprintf_plus(stderr, "Mandos plugin mandos-client: "
388
"bad gpgme_data_new: %s: %s\n",
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
389
588
gpgme_strsource(rc), gpgme_strerror(rc));
390
589
gpgme_data_release(dh_crypto);
391
590
return -1;
404
603
if(result == NULL){
405
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
406
605
} else {
407
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
408
result->unsupported_algorithm);
409
fprintf_plus(stderr, "Wrong key usage: %u\n",
410
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
411
612
if(result->file_name != NULL){
412
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
413
614
}
414
gpgme_recipient_t recipient;
415
recipient = result->recipients;
416
while(recipient != NULL){
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
417
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
418
gpgme_pubkey_algo_name
419
(recipient->pubkey_algo));
420
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
421
621
fprintf_plus(stderr, "Secret key available: %s\n",
422
recipient->status == GPG_ERR_NO_SECKEY
423
? "No" : "Yes");
424
recipient = recipient->next;
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
425
623
}
426
624
}
427
625
}
483
681
return plaintext_length;
484
682
}
485
683
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
486
691
__attribute__((warn_unused_result))
487
692
static const char *safer_gnutls_strerror(int value){
488
693
const char *ret = gnutls_strerror(value);
489
if(ret == NULL)
490
ret = "(unknown)";
491
return ret;
694
return safe_string(ret);
492
695
}
493
696
494
697
/* GnuTLS log function callback */
498
701
fprintf_plus(stderr, "GnuTLS: %s", string);
499
702
}
500
703
501
__attribute__((nonnull, warn_unused_result))
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
502
705
static int init_gnutls_global(const char *pubkeyfilename,
503
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
504
708
mandos_context *mc){
505
709
int ret;
506
710
508
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
509
713
}
510
714
511
ret = gnutls_global_init();
512
if(ret != GNUTLS_E_SUCCESS){
513
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
514
safer_gnutls_strerror(ret));
515
return -1;
516
}
517
518
715
if(debug){
519
716
/* "Use a log level over 10 to enable all debugging options."
520
717
* - GnuTLS manual
528
725
if(ret != GNUTLS_E_SUCCESS){
529
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
530
727
safer_gnutls_strerror(ret));
531
gnutls_global_deinit();
532
728
return -1;
533
729
}
534
730
535
731
if(debug){
536
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
537
" secret key %s as GnuTLS credentials\n",
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
538
734
pubkeyfilename,
539
735
seckeyfilename);
540
736
}
541
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
542
751
ret = gnutls_certificate_set_openpgp_key_file
543
752
(mc->cred, pubkeyfilename, seckeyfilename,
544
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
545
757
if(ret != GNUTLS_E_SUCCESS){
546
758
fprintf_plus(stderr,
547
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
"Error[%d] while reading the key pair ('%s',"
548
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
549
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
550
762
safer_gnutls_strerror(ret));
559
771
safer_gnutls_strerror(ret));
560
772
goto globalfail;
561
773
}
562
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
563
if(ret != GNUTLS_E_SUCCESS){
564
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
565
safer_gnutls_strerror(ret));
566
goto globalfail;
567
}
568
569
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
570
956
571
957
return 0;
572
958
573
959
globalfail:
574
960
575
961
gnutls_certificate_free_credentials(mc->cred);
576
gnutls_global_deinit();
577
962
gnutls_dh_params_deinit(mc->dh_params);
578
963
return -1;
579
964
}
584
969
int ret;
585
970
/* GnuTLS session creation */
586
971
do {
587
ret = gnutls_init(session, GNUTLS_SERVER);
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
588
980
if(quit_now){
589
981
return -1;
590
982
}
631
1023
/* ignore client certificate if any. */
632
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
633
1025
634
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
635
636
1026
return 0;
637
1027
}
638
1028
640
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
641
1031
__attribute__((unused)) const char *txt){}
642
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
643
1206
/* Called when a Mandos server is found */
644
1207
__attribute__((nonnull, warn_unused_result))
645
1208
static int start_mandos_communication(const char *ip, in_port_t port,
656
1219
int retval = -1;
657
1220
gnutls_session_t session;
658
1221
int pf; /* Protocol family */
1222
bool route_added = false;
659
1223
660
1224
errno = 0;
661
1225
683
1247
bool match = false;
684
1248
{
685
1249
char *interface = NULL;
686
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
687
interface))){
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
688
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
689
1254
match = true;
690
1255
break;
719
1284
PRIuMAX "\n", ip, (uintmax_t)port);
720
1285
}
721
1286
722
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
723
1288
if(tcp_sd < 0){
724
1289
int e = errno;
725
1290
perror_plus("socket");
732
1297
goto mandos_end;
733
1298
}
734
1299
735
memset(&to, 0, sizeof(to));
736
1300
if(af == AF_INET6){
737
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
738
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
739
1304
} else { /* IPv4 */
740
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
741
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
742
1308
}
743
1309
if(ret < 0 ){
744
1310
int e = errno;
814
1380
goto mandos_end;
815
1381
}
816
1382
817
if(af == AF_INET6){
818
ret = connect(tcp_sd, (struct sockaddr *)&to,
819
sizeof(struct sockaddr_in6));
820
} else {
821
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
822
sizeof(struct sockaddr_in));
823
}
824
if(ret < 0){
825
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
826
int e = errno;
827
perror_plus("connect");
828
errno = e;
829
}
830
goto mandos_end;
831
}
832
833
if(quit_now){
834
errno = EINTR;
835
goto mandos_end;
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
836
1438
}
837
1439
838
1440
const char *out = mandos_protocol_version;
992
1594
&decrypted_buffer, mc);
993
1595
if(decrypted_buffer_size >= 0){
994
1596
1597
clearerr(stdout);
995
1598
written = 0;
996
1599
while(written < (size_t) decrypted_buffer_size){
997
1600
if(quit_now){
1013
1616
}
1014
1617
written += (size_t)ret;
1015
1618
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1016
1629
retval = 0;
1017
1630
}
1018
1631
}
1021
1634
1022
1635
mandos_end:
1023
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1024
1643
int e = errno;
1025
1644
free(decrypted_buffer);
1026
1645
free(buffer);
1027
1646
if(tcp_sd >= 0){
1028
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
ret = close(tcp_sd);
1029
1648
}
1030
1649
if(ret == -1){
1031
1650
if(e == 0){
1043
1662
return retval;
1044
1663
}
1045
1664
1046
__attribute__((nonnull))
1047
1665
static void resolve_callback(AvahiSServiceResolver *r,
1048
1666
AvahiIfIndex interface,
1049
1667
AvahiProtocol proto,
1066
1684
timed out */
1067
1685
1068
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1069
1688
return;
1070
1689
}
1071
1690
1185
1804
__attribute__((nonnull, warn_unused_result))
1186
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1187
1806
int ret;
1188
error_t ret_errno;
1807
int old_errno;
1189
1808
1190
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1191
1810
if(s < 0){
1192
ret_errno = errno;
1811
old_errno = errno;
1193
1812
perror_plus("socket");
1194
errno = ret_errno;
1813
errno = old_errno;
1195
1814
return false;
1196
1815
}
1197
strcpy(ifr->ifr_name, ifname);
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1198
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1199
1819
if(ret == -1){
1200
1820
if(debug){
1201
ret_errno = errno;
1821
old_errno = errno;
1202
1822
perror_plus("ioctl SIOCGIFFLAGS");
1203
errno = ret_errno;
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1204
1829
}
1205
1830
return false;
1206
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1207
1837
return true;
1208
1838
}
1209
1839
1451
2081
}
1452
2082
}
1453
2083
1454
/* Set effective uid to 0, return errno */
1455
__attribute__((warn_unused_result))
1456
error_t raise_privileges(void){
1457
error_t old_errno = errno;
1458
error_t ret_errno = 0;
1459
if(seteuid(0) == -1){
1460
ret_errno = errno;
1461
perror_plus("seteuid");
1462
}
1463
errno = old_errno;
1464
return ret_errno;
1465
}
1466
1467
/* Set effective and real user ID to 0. Return errno. */
1468
__attribute__((warn_unused_result))
1469
error_t raise_privileges_permanently(void){
1470
error_t old_errno = errno;
1471
error_t ret_errno = raise_privileges();
1472
if(ret_errno != 0){
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
if(setuid(0) == -1){
1477
ret_errno = errno;
1478
perror_plus("seteuid");
1479
}
1480
errno = old_errno;
1481
return ret_errno;
1482
}
1483
1484
/* Set effective user ID to unprivileged saved user ID */
1485
__attribute__((warn_unused_result))
1486
error_t lower_privileges(void){
1487
error_t old_errno = errno;
1488
error_t ret_errno = 0;
1489
if(seteuid(uid) == -1){
1490
ret_errno = errno;
1491
perror_plus("seteuid");
1492
}
1493
errno = old_errno;
1494
return ret_errno;
1495
}
1496
1497
/* Lower privileges permanently */
1498
__attribute__((warn_unused_result))
1499
error_t lower_privileges_permanently(void){
1500
error_t old_errno = errno;
1501
error_t ret_errno = 0;
1502
if(setuid(uid) == -1){
1503
ret_errno = errno;
1504
perror_plus("setuid");
1505
}
1506
errno = old_errno;
1507
return ret_errno;
1508
}
1509
1510
2084
__attribute__((nonnull))
1511
2085
void run_network_hooks(const char *mode, const char *interface,
1512
2086
const float delay){
1513
struct dirent **direntries;
2087
struct dirent **direntries = NULL;
1514
2088
if(hookdir_fd == -1){
1515
hookdir_fd = open(hookdir, O_RDONLY);
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
1516
2091
if(hookdir_fd == -1){
1517
2092
if(errno == ENOENT){
1518
2093
if(debug){
1525
2100
return;
1526
2101
}
1527
2102
}
1528
#ifdef __GLIBC__
1529
#if __GLIBC_PREREQ(2, 15)
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
1530
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1531
2109
runnable_hook, alphasort);
1532
#else /* not __GLIBC_PREREQ(2, 15) */
1533
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1534
alphasort);
1535
#endif /* not __GLIBC_PREREQ(2, 15) */
1536
#else /* not __GLIBC__ */
1537
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1538
alphasort);
1539
#endif /* not __GLIBC__ */
1540
2110
if(numhooks == -1){
1541
2111
perror_plus("scandir");
2112
close(devnull);
1542
2113
return;
1543
2114
}
1544
2115
struct dirent *direntry;
1545
2116
int ret;
1546
int devnull = open("/dev/null", O_RDONLY);
1547
2117
for(int i = 0; i < numhooks; i++){
1548
2118
direntry = direntries[i];
1549
2119
if(debug){
1554
2124
if(hook_pid == 0){
1555
2125
/* Child */
1556
2126
/* Raise privileges */
1557
if(raise_privileges_permanently() != 0){
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
1558
2129
perror_plus("Failed to raise privileges");
1559
2130
_exit(EX_NOPERM);
1560
2131
}
1572
2143
perror_plus("setgroups");
1573
2144
_exit(EX_NOPERM);
1574
2145
}
1575
ret = dup2(devnull, STDIN_FILENO);
1576
if(ret == -1){
1577
perror_plus("dup2(devnull, STDIN_FILENO)");
1578
_exit(EX_OSERR);
1579
}
1580
ret = close(devnull);
1581
if(ret == -1){
1582
perror_plus("close");
1583
_exit(EX_OSERR);
1584
}
1585
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1586
if(ret == -1){
1587
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1588
_exit(EX_OSERR);
1589
}
1590
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1591
2147
if(ret == -1){
1592
2148
perror_plus("setenv");
1627
2183
_exit(EX_OSERR);
1628
2184
}
1629
2185
}
1630
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
1631
2189
if(hook_fd == -1){
1632
2190
perror_plus("openat");
1633
2191
_exit(EXIT_FAILURE);
1634
2192
}
1635
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2193
if(close(hookdir_fd) == -1){
1636
2194
perror_plus("close");
1637
2195
_exit(EXIT_FAILURE);
1638
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
1639
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1640
2213
environ) == -1){
1641
2214
perror_plus("fexecve");
1642
2215
_exit(EXIT_FAILURE);
1643
2216
}
1644
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
1645
2223
int status;
1646
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1647
2225
perror_plus("waitpid");
2226
free(direntry);
1648
2227
continue;
1649
2228
}
1650
2229
if(WIFEXITED(status)){
1652
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1653
2232
" with status %d\n", direntry->d_name,
1654
2233
WEXITSTATUS(status));
2234
free(direntry);
1655
2235
continue;
1656
2236
}
1657
2237
} else if(WIFSIGNALED(status)){
1658
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1659
2239
" signal %d\n", direntry->d_name,
1660
2240
WTERMSIG(status));
2241
free(direntry);
1661
2242
continue;
1662
2243
} else {
1663
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
1664
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
1665
2247
continue;
1666
2248
}
1667
2249
}
1669
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1670
2252
direntry->d_name);
1671
2253
}
2254
free(direntry);
1672
2255
}
1673
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
1674
2258
perror_plus("close");
1675
2259
} else {
1676
2260
hookdir_fd = -1;
1679
2263
}
1680
2264
1681
2265
__attribute__((nonnull, warn_unused_result))
1682
error_t bring_up_interface(const char *const interface,
1683
const float delay){
1684
error_t old_errno = errno;
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
1685
2269
int ret;
1686
2270
struct ifreq network;
1687
2271
unsigned int if_index = if_nametoindex(interface);
1697
2281
}
1698
2282
1699
2283
if(not interface_is_up(interface)){
1700
error_t ret_errno = 0, ioctl_errno = 0;
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
1701
2286
if(not get_flags(interface, &network)){
1702
2287
ret_errno = errno;
1703
2288
fprintf_plus(stderr, "Failed to get flags for interface "
1716
2301
}
1717
2302
1718
2303
if(quit_now){
1719
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2304
ret = close(sd);
1720
2305
if(ret == -1){
1721
2306
perror_plus("close");
1722
2307
}
1732
2317
/* Raise privileges */
1733
2318
ret_errno = raise_privileges();
1734
2319
if(ret_errno != 0){
2320
errno = ret_errno;
1735
2321
perror_plus("Failed to raise privileges");
1736
2322
}
1737
2323
1771
2357
}
1772
2358
1773
2359
/* Close the socket */
1774
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
ret = close(sd);
1775
2361
if(ret == -1){
1776
2362
perror_plus("close");
1777
2363
}
1789
2375
1790
2376
/* Sleep checking until interface is running.
1791
2377
Check every 0.25s, up to total time of delay */
1792
for(int i=0; i < delay * 4; i++){
2378
for(int i = 0; i < delay * 4; i++){
1793
2379
if(interface_is_running(interface)){
1794
2380
break;
1795
2381
}
1805
2391
}
1806
2392
1807
2393
__attribute__((nonnull, warn_unused_result))
1808
error_t take_down_interface(const char *const interface){
1809
error_t old_errno = errno;
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
1810
2396
struct ifreq network;
1811
2397
unsigned int if_index = if_nametoindex(interface);
1812
2398
if(if_index == 0){
1815
2401
return ENXIO;
1816
2402
}
1817
2403
if(interface_is_up(interface)){
1818
error_t ret_errno = 0, ioctl_errno = 0;
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
1819
2406
if(not get_flags(interface, &network) and debug){
1820
2407
ret_errno = errno;
1821
2408
fprintf_plus(stderr, "Failed to get flags for interface "
1841
2428
/* Raise privileges */
1842
2429
ret_errno = raise_privileges();
1843
2430
if(ret_errno != 0){
2431
errno = ret_errno;
1844
2432
perror_plus("Failed to raise privileges");
1845
2433
}
1846
2434
1858
2446
}
1859
2447
1860
2448
/* Close the socket */
1861
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
int ret = close(sd);
1862
2450
if(ret == -1){
1863
2451
perror_plus("close");
1864
2452
}
1879
2467
}
1880
2468
1881
2469
int main(int argc, char *argv[]){
1882
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1883
.priority = "SECURE256:!CTYPE-X.509:"
1884
"+CTYPE-OPENPGP", .current_server = NULL,
1885
.interfaces = NULL, .interfaces_size = 0 };
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
1886
2483
AvahiSServiceBrowser *sb = NULL;
1887
2484
error_t ret_errno;
1888
2485
int ret;
1897
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1898
2495
const char *seckey = PATHDIR "/" SECKEY;
1899
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
1900
2502
char *interfaces_hooks = NULL;
1901
2503
1902
2504
bool gnutls_initialized = false;
1949
2551
{ .name = "pubkey", .key = 'p',
1950
2552
.arg = "FILE",
1951
2553
.doc = "OpenPGP public key file base name",
1952
.group = 2 },
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
1953
2571
{ .name = "dh-bits", .key = 129,
1954
2572
.arg = "BITS",
1955
2573
.doc = "Bit length of the prime number used in the"
1956
2574
" Diffie-Hellman key exchange",
1957
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
1958
2581
{ .name = "priority", .key = 130,
1959
2582
.arg = "STRING",
1960
2583
.doc = "GnuTLS priority string for the TLS handshake",
2006
2629
case 'p': /* --pubkey */
2007
2630
pubkey = arg;
2008
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2009
2642
case 129: /* --dh-bits */
2010
2643
errno = 0;
2011
2644
tmpmax = strtoimax(arg, &tmp, 10);
2015
2648
}
2016
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2017
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2018
2654
case 130: /* --priority */
2019
2655
mc.priority = arg;
2020
2656
break;
2043
2679
argp_state_help(state, state->out_stream,
2044
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2045
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2046
2683
case -3: /* --usage */
2047
2684
argp_state_help(state, state->out_stream,
2048
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2049
2687
case 'V': /* --version */
2050
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2051
2689
exit(argp_err_exit_status);
2060
2698
.args_doc = "",
2061
2699
.doc = "Mandos client -- Get and decrypt"
2062
2700
" passwords from a Mandos server" };
2063
ret = argp_parse(&argp, argc, argv,
2064
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2065
switch(ret){
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2066
2704
case 0:
2067
2705
break;
2068
2706
case ENOMEM:
2069
2707
default:
2070
errno = ret;
2708
errno = ret_errno;
2071
2709
perror_plus("argp_parse");
2072
2710
exitcode = EX_OSERR;
2073
2711
goto end;
2076
2714
goto end;
2077
2715
}
2078
2716
}
2079
2717
2080
2718
{
2081
2719
/* Work around Debian bug #633582:
2082
<http://bugs.debian.org/633582> */
2720
<https://bugs.debian.org/633582> */
2083
2721
2084
2722
/* Re-raise privileges */
2085
ret_errno = raise_privileges();
2086
if(ret_errno != 0){
2087
errno = ret_errno;
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2088
2726
perror_plus("Failed to raise privileges");
2089
2727
} else {
2090
2728
struct stat st;
2106
2744
}
2107
2745
}
2108
2746
}
2109
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
close(seckey_fd);
2110
2748
}
2111
2749
}
2112
2750
2113
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2114
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2115
2753
if(pubkey_fd == -1){
2127
2765
}
2128
2766
}
2129
2767
}
2130
TEMP_FAILURE_RETRY(close(pubkey_fd));
2131
}
2132
}
2133
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2134
2794
/* Lower privileges */
2135
ret_errno = lower_privileges();
2136
if(ret_errno != 0){
2137
errno = ret_errno;
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2138
2798
perror_plus("Failed to lower privileges");
2139
2799
}
2140
2800
}
2253
2913
2254
2914
/* If no interfaces were specified, make a list */
2255
2915
if(mc.interfaces == NULL){
2256
struct dirent **direntries;
2916
struct dirent **direntries = NULL;
2257
2917
/* Look for any good interfaces */
2258
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2259
2919
alphasort);
2265
2925
if(ret_errno != 0){
2266
2926
errno = ret_errno;
2267
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2268
2929
continue;
2269
2930
}
2270
2931
if(debug){
2271
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2272
2933
direntries[i]->d_name);
2273
2934
}
2935
free(direntries[i]);
2274
2936
}
2275
2937
free(direntries);
2276
2938
} else {
2277
free(direntries);
2939
if(ret == 0){
2940
free(direntries);
2941
}
2278
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2279
2943
exitcode = EXIT_FAILURE;
2280
2944
goto end;
2306
2970
errno = bring_up_interface(interface, delay);
2307
2971
if(not interface_was_up){
2308
2972
if(errno != 0){
2309
perror_plus("Failed to bring up interface");
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2310
2975
} else {
2311
2976
errno = argz_add(&interfaces_to_take_down,
2312
2977
&interfaces_to_take_down_size,
2335
3000
goto end;
2336
3001
}
2337
3002
2338
ret = init_gnutls_global(pubkey, seckey, &mc);
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2339
3010
if(ret == -1){
2340
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
2341
3012
exitcode = EX_UNAVAILABLE;
2463
3134
2464
3135
/* Allocate a new server */
2465
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2466
&config, NULL, NULL, &ret_errno);
3137
&config, NULL, NULL, &ret);
2467
3138
2468
3139
/* Free the Avahi configuration data */
2469
3140
avahi_server_config_free(&config);
2472
3143
/* Check if creating the Avahi server object succeeded */
2473
3144
if(mc.server == NULL){
2474
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2475
avahi_strerror(ret_errno));
3146
avahi_strerror(ret));
2476
3147
exitcode = EX_UNAVAILABLE;
2477
3148
goto end;
2478
3149
}
2513
3184
end:
2514
3185
2515
3186
if(debug){
2516
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2517
3194
}
2518
3195
2519
3196
/* Cleanup things */
2530
3207
2531
3208
if(gnutls_initialized){
2532
3209
gnutls_certificate_free_credentials(mc.cred);
2533
gnutls_global_deinit();
2534
3210
gnutls_dh_params_deinit(mc.dh_params);
2535
3211
}
2536
3212
2544
3220
mc.current_server->prev->next = NULL;
2545
3221
while(mc.current_server != NULL){
2546
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
2547
3231
free(mc.current_server);
2548
3232
mc.current_server = next;
2549
3233
}
2551
3235
2552
3236
/* Re-raise privileges */
2553
3237
{
2554
ret_errno = raise_privileges();
2555
if(ret_errno != 0){
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
2556
3241
perror_plus("Failed to raise privileges");
2557
3242
} else {
2558
3243
2563
3248
/* Take down the network interfaces which were brought up */
2564
3249
{
2565
3250
char *interface = NULL;
2566
while((interface=argz_next(interfaces_to_take_down,
2567
interfaces_to_take_down_size,
2568
interface))){
2569
ret_errno = take_down_interface(interface);
2570
if(ret_errno != 0){
2571
errno = ret_errno;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
2572
3257
perror_plus("Failed to take down interface");
2573
3258
}
2574
3259
}
2579
3264
}
2580
3265
}
2581
3266
2582
ret_errno = lower_privileges_permanently();
2583
if(ret_errno != 0){
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
2584
3270
perror_plus("Failed to lower privileges permanently");
2585
3271
}
2586
3272
}
2588
3274
free(interfaces_to_take_down);
2589
3275
free(interfaces_hooks);
2590
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
2591
3331
/* Removes the GPGME temp directory and all files inside */
2592
3332
if(tempdir != NULL){
2593
struct dirent **direntries = NULL;
2594
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2595
O_NOFOLLOW));
2596
if(tempdir_fd == -1){
2597
perror_plus("open");
2598
} else {
2599
#ifdef __GLIBC__
2600
#if __GLIBC_PREREQ(2, 15)
2601
int numentries = scandirat(tempdir_fd, ".", &direntries,
2602
notdotentries, alphasort);
2603
#else /* not __GLIBC_PREREQ(2, 15) */
2604
int numentries = scandir(tempdir, &direntries, notdotentries,
2605
alphasort);
2606
#endif /* not __GLIBC_PREREQ(2, 15) */
2607
#else /* not __GLIBC__ */
2608
int numentries = scandir(tempdir, &direntries, notdotentries,
2609
alphasort);
2610
#endif /* not __GLIBC__ */
2611
if(numentries > 0){
2612
for(int i = 0; i < numentries; i++){
2613
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2614
if(ret == -1){
2615
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2616
" \"%s\", 0): %s\n", tempdir,
2617
direntries[i]->d_name, strerror(errno));
2618
}
2619
}
2620
2621
/* need to clean even if 0 because man page doesn't specify */
2622
free(direntries);
2623
if(numentries == -1){
2624
perror_plus("scandir");
2625
}
2626
ret = rmdir(tempdir);
2627
if(ret == -1 and errno != ENOENT){
2628
perror_plus("rmdir");
2629
}
2630
}
2631
TEMP_FAILURE_RETRY(close(tempdir_fd));
2632
}
3333
clean_dir_at(-1, tempdir, 0);
2633
3334
}
2634
3335
2635
3336
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0