To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- debian/mandos-client.templates
- debian/tests
- dracut-module
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2016 Teddy Hogeborn
13
* Copyright © 2008-2016 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
50
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy() */
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
121
123
gnutls_*
122
124
init_gnutls_session(),
123
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
124
127
#include <gnutls/openpgp.h>
125
128
/* gnutls_certificate_set_openpgp_key_file(),
126
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
127
135
128
136
/* GPGME */
129
137
#include <gpgme.h> /* All GPGME types, constants and
137
145
#define PATHDIR "/conf/conf.d/mandos"
138
146
#define SECKEY "seckey.txt"
139
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
140
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
141
151
142
152
bool debug = false;
270
280
return true;
271
281
}
272
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
273
335
/*
274
336
* Initialize GPGME.
275
337
*/
295
357
return false;
296
358
}
297
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
298
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
299
411
if(rc != GPG_ERR_NO_ERROR){
300
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
308
420
gpgme_strsource(rc), gpgme_strerror(rc));
309
421
return false;
310
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
311
498
312
499
ret = close(fd);
313
500
if(ret == -1){
354
541
/* Create new GPGME "context" */
355
542
rc = gpgme_new(&(mc->ctx));
356
543
if(rc != GPG_ERR_NO_ERROR){
357
fprintf_plus(stderr, "Mandos plugin mandos-client: "
358
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
359
gpgme_strerror(rc));
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
360
546
return false;
361
547
}
362
548
398
584
/* Create new empty GPGME data buffer for the plaintext */
399
585
rc = gpgme_data_new(&dh_plain);
400
586
if(rc != GPG_ERR_NO_ERROR){
401
fprintf_plus(stderr, "Mandos plugin mandos-client: "
402
"bad gpgme_data_new: %s: %s\n",
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
403
588
gpgme_strsource(rc), gpgme_strerror(rc));
404
589
gpgme_data_release(dh_crypto);
405
590
return -1;
418
603
if(result == NULL){
419
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
420
605
} else {
421
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
422
result->unsupported_algorithm);
423
fprintf_plus(stderr, "Wrong key usage: %u\n",
424
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
425
612
if(result->file_name != NULL){
426
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
427
614
}
428
gpgme_recipient_t recipient;
429
recipient = result->recipients;
430
while(recipient != NULL){
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
431
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
432
gpgme_pubkey_algo_name
433
(recipient->pubkey_algo));
434
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
435
621
fprintf_plus(stderr, "Secret key available: %s\n",
436
recipient->status == GPG_ERR_NO_SECKEY
437
? "No" : "Yes");
438
recipient = recipient->next;
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
439
623
}
440
624
}
441
625
}
523
707
const char *dhparamsfilename,
524
708
mandos_context *mc){
525
709
int ret;
526
unsigned int uret;
527
710
528
711
if(debug){
529
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
546
729
}
547
730
548
731
if(debug){
549
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
550
" secret key %s as GnuTLS credentials\n",
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
551
734
pubkeyfilename,
552
735
seckeyfilename);
553
736
}
554
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
555
751
ret = gnutls_certificate_set_openpgp_key_file
556
752
(mc->cred, pubkeyfilename, seckeyfilename,
557
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
558
757
if(ret != GNUTLS_E_SUCCESS){
559
758
fprintf_plus(stderr,
560
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
"Error[%d] while reading the key pair ('%s',"
561
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
562
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
563
762
safer_gnutls_strerror(ret));
611
810
}
612
811
params.size += (unsigned int)bytes_read;
613
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
614
817
if(params.data == NULL){
615
818
dhparamsfilename = NULL;
616
819
}
625
828
safer_gnutls_strerror(ret));
626
829
dhparamsfilename = NULL;
627
830
}
831
free(params.data);
628
832
} while(false);
629
833
}
630
834
if(dhparamsfilename == NULL){
631
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
632
837
/* Find out the optimal number of DH bits */
633
838
/* Try to read the private key file */
634
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
714
919
}
715
920
}
716
921
}
717
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
718
923
if(uret != 0){
719
924
mc->dh_bits = uret;
720
925
if(debug){
732
937
safer_gnutls_strerror(ret));
733
938
goto globalfail;
734
939
}
735
} else if(debug){
736
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
737
mc->dh_bits);
738
}
739
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
740
if(ret != GNUTLS_E_SUCCESS){
741
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
742
" bits): %s\n", mc->dh_bits,
743
safer_gnutls_strerror(ret));
744
goto globalfail;
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
745
954
}
746
955
}
747
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
748
956
749
957
return 0;
750
958
761
969
int ret;
762
970
/* GnuTLS session creation */
763
971
do {
764
ret = gnutls_init(session, GNUTLS_SERVER);
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
765
980
if(quit_now){
766
981
return -1;
767
982
}
815
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
816
1031
__attribute__((unused)) const char *txt){}
817
1032
818
/* Set effective uid to 0, return errno */
819
__attribute__((warn_unused_result))
820
int raise_privileges(void){
821
int old_errno = errno;
822
int ret = 0;
823
if(seteuid(0) == -1){
824
ret = errno;
825
}
826
errno = old_errno;
827
return ret;
828
}
829
830
/* Set effective and real user ID to 0. Return errno. */
831
__attribute__((warn_unused_result))
832
int raise_privileges_permanently(void){
833
int old_errno = errno;
834
int ret = raise_privileges();
835
if(ret != 0){
836
errno = old_errno;
837
return ret;
838
}
839
if(setuid(0) == -1){
840
ret = errno;
841
}
842
errno = old_errno;
843
return ret;
844
}
845
846
/* Set effective user ID to unprivileged saved user ID */
847
__attribute__((warn_unused_result))
848
int lower_privileges(void){
849
int old_errno = errno;
850
int ret = 0;
851
if(seteuid(uid) == -1){
852
ret = errno;
853
}
854
errno = old_errno;
855
return ret;
856
}
857
858
/* Lower privileges permanently */
859
__attribute__((warn_unused_result))
860
int lower_privileges_permanently(void){
861
int old_errno = errno;
862
int ret = 0;
863
if(setuid(uid) == -1){
864
ret = errno;
865
}
866
errno = old_errno;
867
return ret;
868
}
869
870
1033
/* Helper function to add_local_route() and delete_local_route() */
871
1034
__attribute__((nonnull, warn_unused_result))
872
1035
static bool add_delete_local_route(const bool add,
911
1074
ret = setgid(0);
912
1075
if(ret == -1){
913
1076
perror_plus("setgid");
1077
close(devnull);
914
1078
_exit(EX_NOPERM);
915
1079
}
916
1080
/* Reset supplementary groups */
918
1082
ret = setgroups(0, NULL);
919
1083
if(ret == -1){
920
1084
perror_plus("setgroups");
1085
close(devnull);
921
1086
_exit(EX_NOPERM);
922
1087
}
923
1088
}
924
1089
ret = dup2(devnull, STDIN_FILENO);
925
1090
if(ret == -1){
926
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
927
1093
_exit(EX_OSERR);
928
1094
}
929
1095
ret = close(devnull);
930
1096
if(ret == -1){
931
1097
perror_plus("close");
932
_exit(EX_OSERR);
933
1098
}
934
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
935
1100
if(ret == -1){
970
1135
}
971
1136
if(pid == -1){
972
1137
perror_plus("fork");
1138
close(devnull);
973
1139
return false;
974
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
975
1145
int status;
976
1146
pid_t pret = -1;
977
1147
errno = 0;
1077
1247
bool match = false;
1078
1248
{
1079
1249
char *interface = NULL;
1080
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1081
interface))){
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
1082
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
1083
1254
match = true;
1084
1255
break;
1237
1408
with an explicit route added with the server's address.
1238
1409
1239
1410
Avahi bug reference:
1240
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1241
1412
https://bugs.debian.org/587961
1242
1413
*/
1243
1414
if(debug){
1423
1594
&decrypted_buffer, mc);
1424
1595
if(decrypted_buffer_size >= 0){
1425
1596
1597
clearerr(stdout);
1426
1598
written = 0;
1427
1599
while(written < (size_t) decrypted_buffer_size){
1428
1600
if(quit_now){
1444
1616
}
1445
1617
written += (size_t)ret;
1446
1618
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1447
1629
retval = 0;
1448
1630
}
1449
1631
}
1480
1662
return retval;
1481
1663
}
1482
1664
1483
__attribute__((nonnull))
1484
1665
static void resolve_callback(AvahiSServiceResolver *r,
1485
1666
AvahiIfIndex interface,
1486
1667
AvahiProtocol proto,
1641
1822
perror_plus("ioctl SIOCGIFFLAGS");
1642
1823
errno = old_errno;
1643
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1829
}
1644
1830
return false;
1645
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1646
1837
return true;
1647
1838
}
1648
1839
1909
2100
return;
1910
2101
}
1911
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
1912
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1913
2109
runnable_hook, alphasort);
1914
2110
if(numhooks == -1){
1915
2111
perror_plus("scandir");
2112
close(devnull);
1916
2113
return;
1917
2114
}
1918
2115
struct dirent *direntry;
1919
2116
int ret;
1920
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1921
if(devnull == -1){
1922
perror_plus("open(\"/dev/null\", O_RDONLY)");
1923
return;
1924
}
1925
2117
for(int i = 0; i < numhooks; i++){
1926
2118
direntry = direntries[i];
1927
2119
if(debug){
2183
2375
2184
2376
/* Sleep checking until interface is running.
2185
2377
Check every 0.25s, up to total time of delay */
2186
for(int i=0; i < delay * 4; i++){
2378
for(int i = 0; i < delay * 4; i++){
2187
2379
if(interface_is_running(interface)){
2188
2380
break;
2189
2381
}
2276
2468
2277
2469
int main(int argc, char *argv[]){
2278
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2279
2476
.priority = "SECURE256:!CTYPE-X.509"
2280
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2281
2481
.current_server = NULL, .interfaces = NULL,
2282
2482
.interfaces_size = 0 };
2283
2483
AvahiSServiceBrowser *sb = NULL;
2294
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2295
2495
const char *seckey = PATHDIR "/" SECKEY;
2296
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2297
2501
const char *dh_params_file = NULL;
2298
2502
char *interfaces_hooks = NULL;
2299
2503
2347
2551
{ .name = "pubkey", .key = 'p',
2348
2552
.arg = "FILE",
2349
2553
.doc = "OpenPGP public key file base name",
2350
.group = 2 },
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
2351
2571
{ .name = "dh-bits", .key = 129,
2352
2572
.arg = "BITS",
2353
2573
.doc = "Bit length of the prime number used in the"
2409
2629
case 'p': /* --pubkey */
2410
2630
pubkey = arg;
2411
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2412
2642
case 129: /* --dh-bits */
2413
2643
errno = 0;
2414
2644
tmpmax = strtoimax(arg, &tmp, 10);
2449
2679
argp_state_help(state, state->out_stream,
2450
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2451
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2452
2683
case -3: /* --usage */
2453
2684
argp_state_help(state, state->out_stream,
2454
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2455
2687
case 'V': /* --version */
2456
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2457
2689
exit(argp_err_exit_status);
2485
2717
2486
2718
{
2487
2719
/* Work around Debian bug #633582:
2488
<http://bugs.debian.org/633582> */
2720
<https://bugs.debian.org/633582> */
2489
2721
2490
2722
/* Re-raise privileges */
2491
2723
ret = raise_privileges();
2768
3000
goto end;
2769
3001
}
2770
3002
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
2771
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2772
3010
if(ret == -1){
2773
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
2774
3012
exitcode = EX_UNAVAILABLE;
2946
3184
end:
2947
3185
2948
3186
if(debug){
2949
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2950
3194
}
2951
3195
2952
3196
/* Cleanup things */
3004
3248
/* Take down the network interfaces which were brought up */
3005
3249
{
3006
3250
char *interface = NULL;
3007
while((interface=argz_next(interfaces_to_take_down,
3008
interfaces_to_take_down_size,
3009
interface))){
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3010
3254
ret = take_down_interface(interface);
3011
3255
if(ret != 0){
3012
3256
errno = ret;
3041
3285
| O_PATH));
3042
3286
if(dir_fd == -1){
3043
3287
perror_plus("open");
3288
return;
3044
3289
}
3045
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3046
3291
notdotentries, alphasort);
3063
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3064
3309
dret = 0;
3065
3310
}
3066
if(dret == -1){
3311
if((dret == -1) and (errno != ENOENT)){
3067
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3068
3313
direntries[i]->d_name, strerror(errno));
3069
3314
}
3073
3318
3074
3319
/* need to clean even if 0 because man page doesn't specify */
3075
3320
free(direntries);
3076
if(numentries == -1){
3077
perror_plus("scandirat");
3078
}
3079
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3080
3322
if(dret == -1 and errno != ENOENT){
3081
3323
perror_plus("rmdir");
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0