To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- DBUS-API
- debian/po
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- etc-plugins.d-README
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
3
* Mandos-client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
20
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
25
* General Public License for more details.
23
26
*
24
27
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
27
29
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
30
* Contact the authors at <mandos@recompile.se>.
29
31
*/
30
32
31
33
/* Needed by GPGME, specifically gpgme_data_seek() */
34
#ifndef _LARGEFILE_SOURCE
32
35
#define _LARGEFILE_SOURCE
36
#endif /* not _LARGEFILE_SOURCE */
37
#ifndef _FILE_OFFSET_BITS
33
38
#define _FILE_OFFSET_BITS 64
39
#endif /* not _FILE_OFFSET_BITS */
34
40
35
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
42
37
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
44
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
40
46
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
strtof(), abort() */
49
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
53
#include <sys/ioctl.h> /* ioctl */
47
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
55
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t, open(), opendir(), DIR */
51
#include <sys/stat.h> /* open() */
56
SOCK_STREAM, uid_t, gid_t, open(),
57
opendir(), DIR */
58
#include <sys/stat.h> /* open(), S_ISREG */
52
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <fcntl.h> /* open() */
56
#include <dirent.h> /* opendir(), struct dirent, readdir() */
57
#include <inttypes.h> /* PRIu16 */
58
#include <assert.h> /* assert() */
59
#include <errno.h> /* perror(), errno */
60
#include <time.h> /* time() */
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
*/
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
72
program_invocation_short_name */
73
#include <time.h> /* nanosleep(), time(), sleep() */
61
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
62
75
SIOCSIFFLAGS, if_indextoname(),
63
76
if_nametoindex(), IF_NAMESIZE */
64
#include <netinet/in.h>
77
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
78
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
79
*/
65
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
66
getuid(), getgid(), setuid(),
67
setgid() */
68
#include <arpa/inet.h> /* inet_pton(), htons */
69
#include <iso646.h> /* not, and */
81
getuid(), getgid(), seteuid(),
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
85
#include <iso646.h> /* not, or, and */
70
86
#include <argp.h> /* struct argp_option, error_t, struct
71
87
argp_state, struct argp,
72
88
argp_parse(), ARGP_KEY_ARG,
73
89
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
90
#include <signal.h> /* sigemptyset(), sigaddset(),
91
sigaction(), SIGTERM, sig_atomic_t,
92
raise() */
93
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
94
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
95
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
96
WEXITSTATUS(), WTERMSIG() */
97
#include <grp.h> /* setgroups() */
98
#include <argz.h> /* argz_add_sep(), argz_next(),
99
argz_delete(), argz_append(),
100
argz_stringify(), argz_add(),
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
104
105
#ifdef __linux__
106
#include <sys/klog.h> /* klogctl() */
107
#endif /* __linux__ */
74
108
75
109
/* Avahi */
76
110
/* All Avahi types, constants and functions
89
123
gnutls_*
90
124
init_gnutls_session(),
91
125
GNUTLS_* */
92
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
93
GNUTLS_OPENPGP_FMT_BASE64 */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
#include <gnutls/openpgp.h>
128
/* gnutls_certificate_set_openpgp_key_file(),
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
94
135
95
136
/* GPGME */
96
137
#include <gpgme.h> /* All GPGME types, constants and
101
142
102
143
#define BUFFER_SIZE 256
103
144
104
/*
105
#define PATHDIR "/conf/conf.d/mandos"
106
*/
107
108
145
#define PATHDIR "/conf/conf.d/mandos"
109
146
#define SECKEY "seckey.txt"
110
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
111
151
112
152
bool debug = false;
113
153
static const char mandos_protocol_version[] = "1";
114
const char *argp_program_version = "mandos-client 1.0";
115
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
154
const char *argp_program_version = "mandos-client " VERSION;
155
const char *argp_program_bug_address = "<mandos@recompile.se>";
156
static const char sys_class_net[] = "/sys/class/net";
157
char *connect_to = NULL;
158
const char *hookdir = HOOKDIR;
159
int hookdir_fd = -1;
160
uid_t uid = 65534;
161
gid_t gid = 65534;
162
163
/* Doubly linked list that need to be circularly linked when used */
164
typedef struct server{
165
const char *ip;
166
in_port_t port;
167
AvahiIfIndex if_index;
168
int af;
169
struct timespec last_seen;
170
struct server *next;
171
struct server *prev;
172
} server;
116
173
117
174
/* Used for passing in values through the Avahi callback functions */
118
175
typedef struct {
119
AvahiSimplePoll *simple_poll;
120
176
AvahiServer *server;
121
177
gnutls_certificate_credentials_t cred;
122
178
unsigned int dh_bits;
123
179
gnutls_dh_params_t dh_params;
124
180
const char *priority;
125
181
gpgme_ctx_t ctx;
182
server *current_server;
183
char *interfaces;
184
size_t interfaces_size;
126
185
} mandos_context;
127
186
187
/* global so signal handler can reach it*/
188
AvahiSimplePoll *simple_poll;
189
190
sig_atomic_t quit_now = 0;
191
int signal_received = 0;
192
193
/* Function to use when printing errors */
194
void perror_plus(const char *print_text){
195
int e = errno;
196
fprintf(stderr, "Mandos plugin %s: ",
197
program_invocation_short_name);
198
errno = e;
199
perror(print_text);
200
}
201
202
__attribute__((format (gnu_printf, 2, 3), nonnull))
203
int fprintf_plus(FILE *stream, const char *format, ...){
204
va_list ap;
205
va_start (ap, format);
206
207
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
208
program_invocation_short_name));
209
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
210
}
211
128
212
/*
129
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
130
* "buffer_capacity" is how much is currently allocated,
213
* Make additional room in "buffer" for at least BUFFER_SIZE more
214
* bytes. "buffer_capacity" is how much is currently allocated,
131
215
* "buffer_length" is how much is already used.
132
216
*/
133
size_t adjustbuffer(char **buffer, size_t buffer_length,
134
size_t buffer_capacity){
135
if (buffer_length + BUFFER_SIZE > buffer_capacity){
136
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
137
if (buffer == NULL){
217
__attribute__((nonnull, warn_unused_result))
218
size_t incbuffer(char **buffer, size_t buffer_length,
219
size_t buffer_capacity){
220
if(buffer_length + BUFFER_SIZE > buffer_capacity){
221
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
222
if(new_buf == NULL){
223
int old_errno = errno;
224
free(*buffer);
225
errno = old_errno;
226
*buffer = NULL;
138
227
return 0;
139
228
}
229
*buffer = new_buf;
140
230
buffer_capacity += BUFFER_SIZE;
141
231
}
142
232
return buffer_capacity;
143
233
}
144
234
235
/* Add server to set of servers to retry periodically */
236
__attribute__((nonnull, warn_unused_result))
237
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
238
int af, server **current_server){
239
int ret;
240
server *new_server = malloc(sizeof(server));
241
if(new_server == NULL){
242
perror_plus("malloc");
243
return false;
244
}
245
*new_server = (server){ .ip = strdup(ip),
246
.port = port,
247
.if_index = if_index,
248
.af = af };
249
if(new_server->ip == NULL){
250
perror_plus("strdup");
251
free(new_server);
252
return false;
253
}
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
255
if(ret == -1){
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
266
return false;
267
}
268
/* Special case of first server */
269
if(*current_server == NULL){
270
new_server->next = new_server;
271
new_server->prev = new_server;
272
*current_server = new_server;
273
} else {
274
/* Place the new server last in the list */
275
new_server->next = *current_server;
276
new_server->prev = (*current_server)->prev;
277
new_server->prev->next = new_server;
278
(*current_server)->prev = new_server;
279
}
280
return true;
281
}
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
145
335
/*
146
336
* Initialize GPGME.
147
337
*/
148
static bool init_gpgme(mandos_context *mc, const char *seckey,
149
const char *pubkey, const char *tempdir){
150
int ret;
338
__attribute__((nonnull, warn_unused_result))
339
static bool init_gpgme(const char * const seckey,
340
const char * const pubkey,
341
const char * const tempdir,
342
mandos_context *mc){
151
343
gpgme_error_t rc;
152
344
gpgme_engine_info_t engine_info;
153
345
154
155
346
/*
156
* Helper function to insert pub and seckey to the enigne keyring.
347
* Helper function to insert pub and seckey to the engine keyring.
157
348
*/
158
bool import_key(const char *filename){
349
bool import_key(const char * const filename){
350
int ret;
159
351
int fd;
160
352
gpgme_data_t pgp_data;
161
353
162
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
354
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
163
355
if(fd == -1){
164
perror("open");
356
perror_plus("open");
165
357
return false;
166
358
}
167
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
168
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
169
if (rc != GPG_ERR_NO_ERROR){
170
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
171
gpgme_strsource(rc), gpgme_strerror(rc));
411
if(rc != GPG_ERR_NO_ERROR){
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
413
gpgme_strsource(rc), gpgme_strerror(rc));
172
414
return false;
173
415
}
174
416
175
417
rc = gpgme_op_import(mc->ctx, pgp_data);
176
if (rc != GPG_ERR_NO_ERROR){
177
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
178
gpgme_strsource(rc), gpgme_strerror(rc));
418
if(rc != GPG_ERR_NO_ERROR){
419
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
420
gpgme_strsource(rc), gpgme_strerror(rc));
179
421
return false;
180
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
181
498
182
ret = TEMP_FAILURE_RETRY(close(fd));
499
ret = close(fd);
183
500
if(ret == -1){
184
perror("close");
501
perror_plus("close");
185
502
}
186
503
gpgme_data_release(pgp_data);
187
504
return true;
188
505
}
189
506
190
if (debug){
191
fprintf(stderr, "Initialize gpgme\n");
507
if(debug){
508
fprintf_plus(stderr, "Initializing GPGME\n");
192
509
}
193
510
194
511
/* Init GPGME */
195
512
gpgme_check_version(NULL);
196
513
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
197
if (rc != GPG_ERR_NO_ERROR){
198
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
199
gpgme_strsource(rc), gpgme_strerror(rc));
514
if(rc != GPG_ERR_NO_ERROR){
515
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
516
gpgme_strsource(rc), gpgme_strerror(rc));
200
517
return false;
201
518
}
202
519
203
/* Set GPGME home directory for the OpenPGP engine only */
204
rc = gpgme_get_engine_info (&engine_info);
205
if (rc != GPG_ERR_NO_ERROR){
206
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
207
gpgme_strsource(rc), gpgme_strerror(rc));
520
/* Set GPGME home directory for the OpenPGP engine only */
521
rc = gpgme_get_engine_info(&engine_info);
522
if(rc != GPG_ERR_NO_ERROR){
523
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
524
gpgme_strsource(rc), gpgme_strerror(rc));
208
525
return false;
209
526
}
210
527
while(engine_info != NULL){
216
533
engine_info = engine_info->next;
217
534
}
218
535
if(engine_info == NULL){
219
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
536
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
537
tempdir);
220
538
return false;
221
539
}
222
540
223
541
/* Create new GPGME "context" */
224
542
rc = gpgme_new(&(mc->ctx));
225
if (rc != GPG_ERR_NO_ERROR){
226
fprintf(stderr, "bad gpgme_new: %s: %s\n",
227
gpgme_strsource(rc), gpgme_strerror(rc));
228
return false;
229
}
230
231
if (not import_key(pubkey) or not import_key(seckey)){
232
return false;
233
}
234
235
return true;
543
if(rc != GPG_ERR_NO_ERROR){
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
546
return false;
547
}
548
549
if(not import_key(pubkey) or not import_key(seckey)){
550
return false;
551
}
552
553
return true;
236
554
}
237
555
238
556
/*
239
557
* Decrypt OpenPGP data.
240
558
* Returns -1 on error
241
559
*/
242
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
243
const char *cryptotext,
244
size_t crypto_size,
245
char **plaintext){
560
__attribute__((nonnull, warn_unused_result))
561
static ssize_t pgp_packet_decrypt(const char *cryptotext,
562
size_t crypto_size,
563
char **plaintext,
564
mandos_context *mc){
246
565
gpgme_data_t dh_crypto, dh_plain;
247
566
gpgme_error_t rc;
248
567
ssize_t ret;
249
568
size_t plaintext_capacity = 0;
250
569
ssize_t plaintext_length = 0;
251
570
252
if (debug){
253
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
571
if(debug){
572
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
254
573
}
255
574
256
575
/* Create new GPGME data buffer from memory cryptotext */
257
576
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
258
577
0);
259
if (rc != GPG_ERR_NO_ERROR){
260
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
261
gpgme_strsource(rc), gpgme_strerror(rc));
578
if(rc != GPG_ERR_NO_ERROR){
579
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
580
gpgme_strsource(rc), gpgme_strerror(rc));
262
581
return -1;
263
582
}
264
583
265
584
/* Create new empty GPGME data buffer for the plaintext */
266
585
rc = gpgme_data_new(&dh_plain);
267
if (rc != GPG_ERR_NO_ERROR){
268
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
269
gpgme_strsource(rc), gpgme_strerror(rc));
586
if(rc != GPG_ERR_NO_ERROR){
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
588
gpgme_strsource(rc), gpgme_strerror(rc));
270
589
gpgme_data_release(dh_crypto);
271
590
return -1;
272
591
}
274
593
/* Decrypt data from the cryptotext data buffer to the plaintext
275
594
data buffer */
276
595
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
277
if (rc != GPG_ERR_NO_ERROR){
278
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
279
gpgme_strsource(rc), gpgme_strerror(rc));
596
if(rc != GPG_ERR_NO_ERROR){
597
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
598
gpgme_strsource(rc), gpgme_strerror(rc));
280
599
plaintext_length = -1;
281
if (debug){
600
if(debug){
282
601
gpgme_decrypt_result_t result;
283
602
result = gpgme_op_decrypt_result(mc->ctx);
284
if (result == NULL){
285
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
603
if(result == NULL){
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
286
605
} else {
287
fprintf(stderr, "Unsupported algorithm: %s\n",
288
result->unsupported_algorithm);
289
fprintf(stderr, "Wrong key usage: %u\n",
290
result->wrong_key_usage);
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
291
612
if(result->file_name != NULL){
292
fprintf(stderr, "File name: %s\n", result->file_name);
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
293
614
}
294
gpgme_recipient_t recipient;
295
recipient = result->recipients;
296
if(recipient){
297
while(recipient != NULL){
298
fprintf(stderr, "Public key algorithm: %s\n",
299
gpgme_pubkey_algo_name(recipient->pubkey_algo));
300
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
301
fprintf(stderr, "Secret key available: %s\n",
302
recipient->status == GPG_ERR_NO_SECKEY
303
? "No" : "Yes");
304
recipient = recipient->next;
305
}
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
621
fprintf_plus(stderr, "Secret key available: %s\n",
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
306
623
}
307
624
}
308
625
}
310
627
}
311
628
312
629
if(debug){
313
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
630
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
314
631
}
315
632
316
633
/* Seek back to the beginning of the GPGME plaintext data buffer */
317
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
318
perror("gpgme_data_seek");
634
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
635
perror_plus("gpgme_data_seek");
319
636
plaintext_length = -1;
320
637
goto decrypt_end;
321
638
}
322
639
323
640
*plaintext = NULL;
324
641
while(true){
325
plaintext_capacity = adjustbuffer(plaintext,
326
(size_t)plaintext_length,
327
plaintext_capacity);
328
if (plaintext_capacity == 0){
329
perror("adjustbuffer");
330
plaintext_length = -1;
331
goto decrypt_end;
642
plaintext_capacity = incbuffer(plaintext,
643
(size_t)plaintext_length,
644
plaintext_capacity);
645
if(plaintext_capacity == 0){
646
perror_plus("incbuffer");
647
plaintext_length = -1;
648
goto decrypt_end;
332
649
}
333
650
334
651
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
335
652
BUFFER_SIZE);
336
653
/* Print the data, if any */
337
if (ret == 0){
654
if(ret == 0){
338
655
/* EOF */
339
656
break;
340
657
}
341
658
if(ret < 0){
342
perror("gpgme_data_read");
659
perror_plus("gpgme_data_read");
343
660
plaintext_length = -1;
344
661
goto decrypt_end;
345
662
}
347
664
}
348
665
349
666
if(debug){
350
fprintf(stderr, "Decrypted password is: ");
667
fprintf_plus(stderr, "Decrypted password is: ");
351
668
for(ssize_t i = 0; i < plaintext_length; i++){
352
669
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
353
670
}
364
681
return plaintext_length;
365
682
}
366
683
367
static const char * safer_gnutls_strerror (int value) {
368
const char *ret = gnutls_strerror (value); /* Spurious warning */
369
if (ret == NULL)
370
ret = "(unknown)";
371
return ret;
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
691
__attribute__((warn_unused_result))
692
static const char *safer_gnutls_strerror(int value){
693
const char *ret = gnutls_strerror(value);
694
return safe_string(ret);
372
695
}
373
696
374
697
/* GnuTLS log function callback */
698
__attribute__((nonnull))
375
699
static void debuggnutls(__attribute__((unused)) int level,
376
700
const char* string){
377
fprintf(stderr, "GnuTLS: %s", string);
701
fprintf_plus(stderr, "GnuTLS: %s", string);
378
702
}
379
703
380
static int init_gnutls_global(mandos_context *mc,
381
const char *pubkeyfilename,
382
const char *seckeyfilename){
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
705
static int init_gnutls_global(const char *pubkeyfilename,
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
708
mandos_context *mc){
383
709
int ret;
384
710
385
711
if(debug){
386
fprintf(stderr, "Initializing GnuTLS\n");
387
}
388
389
ret = gnutls_global_init();
390
if (ret != GNUTLS_E_SUCCESS) {
391
fprintf (stderr, "GnuTLS global_init: %s\n",
392
safer_gnutls_strerror(ret));
393
return -1;
394
}
395
396
if (debug){
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
713
}
714
715
if(debug){
397
716
/* "Use a log level over 10 to enable all debugging options."
398
717
* - GnuTLS manual
399
718
*/
402
721
}
403
722
404
723
/* OpenPGP credentials */
405
gnutls_certificate_allocate_credentials(&mc->cred);
406
if (ret != GNUTLS_E_SUCCESS){
407
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
408
warning */
409
safer_gnutls_strerror(ret));
410
gnutls_global_deinit ();
724
ret = gnutls_certificate_allocate_credentials(&mc->cred);
725
if(ret != GNUTLS_E_SUCCESS){
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
727
safer_gnutls_strerror(ret));
411
728
return -1;
412
729
}
413
730
414
731
if(debug){
415
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
416
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
417
seckeyfilename);
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
734
pubkeyfilename,
735
seckeyfilename);
418
736
}
419
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
420
751
ret = gnutls_certificate_set_openpgp_key_file
421
752
(mc->cred, pubkeyfilename, seckeyfilename,
422
753
GNUTLS_OPENPGP_FMT_BASE64);
423
if (ret != GNUTLS_E_SUCCESS) {
424
fprintf(stderr,
425
"Error[%d] while reading the OpenPGP key pair ('%s',"
426
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
427
fprintf(stderr, "The GnuTLS error is: %s\n",
428
safer_gnutls_strerror(ret));
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
757
if(ret != GNUTLS_E_SUCCESS){
758
fprintf_plus(stderr,
759
"Error[%d] while reading the key pair ('%s',"
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
762
safer_gnutls_strerror(ret));
429
763
goto globalfail;
430
764
}
431
765
432
766
/* GnuTLS server initialization */
433
767
ret = gnutls_dh_params_init(&mc->dh_params);
434
if (ret != GNUTLS_E_SUCCESS) {
435
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
436
" %s\n", safer_gnutls_strerror(ret));
437
goto globalfail;
438
}
439
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
440
if (ret != GNUTLS_E_SUCCESS) {
441
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
442
safer_gnutls_strerror(ret));
443
goto globalfail;
444
}
445
446
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
768
if(ret != GNUTLS_E_SUCCESS){
769
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
770
" initialization: %s\n",
771
safer_gnutls_strerror(ret));
772
goto globalfail;
773
}
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
447
956
448
957
return 0;
449
958
450
959
globalfail:
451
960
452
961
gnutls_certificate_free_credentials(mc->cred);
453
gnutls_global_deinit();
454
962
gnutls_dh_params_deinit(mc->dh_params);
455
963
return -1;
456
964
}
457
965
458
static int init_gnutls_session(mandos_context *mc,
459
gnutls_session_t *session){
966
__attribute__((nonnull, warn_unused_result))
967
static int init_gnutls_session(gnutls_session_t *session,
968
mandos_context *mc){
460
969
int ret;
461
970
/* GnuTLS session creation */
462
ret = gnutls_init(session, GNUTLS_SERVER);
463
if (ret != GNUTLS_E_SUCCESS){
464
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
465
safer_gnutls_strerror(ret));
971
do {
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
980
if(quit_now){
981
return -1;
982
}
983
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
984
if(ret != GNUTLS_E_SUCCESS){
985
fprintf_plus(stderr,
986
"Error in GnuTLS session initialization: %s\n",
987
safer_gnutls_strerror(ret));
466
988
}
467
989
468
990
{
469
991
const char *err;
470
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
471
if (ret != GNUTLS_E_SUCCESS) {
472
fprintf(stderr, "Syntax error at: %s\n", err);
473
fprintf(stderr, "GnuTLS error: %s\n",
474
safer_gnutls_strerror(ret));
475
gnutls_deinit (*session);
992
do {
993
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
994
if(quit_now){
995
gnutls_deinit(*session);
996
return -1;
997
}
998
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
999
if(ret != GNUTLS_E_SUCCESS){
1000
fprintf_plus(stderr, "Syntax error at: %s\n", err);
1001
fprintf_plus(stderr, "GnuTLS error: %s\n",
1002
safer_gnutls_strerror(ret));
1003
gnutls_deinit(*session);
476
1004
return -1;
477
1005
}
478
1006
}
479
1007
480
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
481
mc->cred);
482
if (ret != GNUTLS_E_SUCCESS) {
483
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
484
safer_gnutls_strerror(ret));
485
gnutls_deinit (*session);
1008
do {
1009
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
1010
mc->cred);
1011
if(quit_now){
1012
gnutls_deinit(*session);
1013
return -1;
1014
}
1015
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1016
if(ret != GNUTLS_E_SUCCESS){
1017
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
1018
safer_gnutls_strerror(ret));
1019
gnutls_deinit(*session);
486
1020
return -1;
487
1021
}
488
1022
489
1023
/* ignore client certificate if any. */
490
gnutls_certificate_server_set_request (*session,
491
GNUTLS_CERT_IGNORE);
492
493
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
494
1025
495
1026
return 0;
496
1027
}
499
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
500
1031
__attribute__((unused)) const char *txt){}
501
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
502
1206
/* Called when a Mandos server is found */
503
static int start_mandos_communication(const char *ip, uint16_t port,
1207
__attribute__((nonnull, warn_unused_result))
1208
static int start_mandos_communication(const char *ip, in_port_t port,
504
1209
AvahiIfIndex if_index,
505
mandos_context *mc){
506
int ret, tcp_sd;
507
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
1210
int af, mandos_context *mc){
1211
int ret, tcp_sd = -1;
1212
ssize_t sret;
1213
struct sockaddr_storage to;
508
1214
char *buffer = NULL;
509
char *decrypted_buffer;
1215
char *decrypted_buffer = NULL;
510
1216
size_t buffer_length = 0;
511
1217
size_t buffer_capacity = 0;
512
ssize_t decrypted_buffer_size;
513
1218
size_t written;
514
int retval = 0;
515
char interface[IF_NAMESIZE];
1219
int retval = -1;
516
1220
gnutls_session_t session;
517
518
ret = init_gnutls_session (mc, &session);
519
if (ret != 0){
520
return -1;
521
}
522
523
if(debug){
524
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
525
"\n", ip, port);
526
}
527
528
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
529
if(tcp_sd < 0) {
530
perror("socket");
531
return -1;
532
}
533
534
if(debug){
535
if(if_indextoname((unsigned int)if_index, interface) == NULL){
536
perror("if_indextoname");
1221
int pf; /* Protocol family */
1222
bool route_added = false;
1223
1224
errno = 0;
1225
1226
if(quit_now){
1227
errno = EINTR;
1228
return -1;
1229
}
1230
1231
switch(af){
1232
case AF_INET6:
1233
pf = PF_INET6;
1234
break;
1235
case AF_INET:
1236
pf = PF_INET;
1237
break;
1238
default:
1239
fprintf_plus(stderr, "Bad address family: %d\n", af);
1240
errno = EINVAL;
1241
return -1;
1242
}
1243
1244
/* If the interface is specified and we have a list of interfaces */
1245
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1246
/* Check if the interface is one of the interfaces we are using */
1247
bool match = false;
1248
{
1249
char *interface = NULL;
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
1254
match = true;
1255
break;
1256
}
1257
}
1258
}
1259
if(not match){
1260
/* This interface does not match any in the list, so we don't
1261
connect to the server */
1262
if(debug){
1263
char interface[IF_NAMESIZE];
1264
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1265
perror_plus("if_indextoname");
1266
} else {
1267
fprintf_plus(stderr, "Skipping server on non-used interface"
1268
" \"%s\"\n",
1269
if_indextoname((unsigned int)if_index,
1270
interface));
1271
}
1272
}
537
1273
return -1;
538
1274
}
539
fprintf(stderr, "Binding to interface %s\n", interface);
540
1275
}
541
1276
542
memset(&to, 0, sizeof(to));
543
to.in6.sin6_family = AF_INET6;
544
/* It would be nice to have a way to detect if we were passed an
545
IPv4 address here. Now we assume an IPv6 address. */
546
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
547
if (ret < 0 ){
548
perror("inet_pton");
1277
ret = init_gnutls_session(&session, mc);
1278
if(ret != 0){
549
1279
return -1;
550
1280
}
1281
1282
if(debug){
1283
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1284
PRIuMAX "\n", ip, (uintmax_t)port);
1285
}
1286
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1288
if(tcp_sd < 0){
1289
int e = errno;
1290
perror_plus("socket");
1291
errno = e;
1292
goto mandos_end;
1293
}
1294
1295
if(quit_now){
1296
errno = EINTR;
1297
goto mandos_end;
1298
}
1299
1300
if(af == AF_INET6){
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
1304
} else { /* IPv4 */
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
1308
}
1309
if(ret < 0 ){
1310
int e = errno;
1311
perror_plus("inet_pton");
1312
errno = e;
1313
goto mandos_end;
1314
}
551
1315
if(ret == 0){
552
fprintf(stderr, "Bad address: %s\n", ip);
553
return -1;
554
}
555
to.in6.sin6_port = htons(port); /* Spurious warning */
1316
int e = errno;
1317
fprintf_plus(stderr, "Bad address: %s\n", ip);
1318
errno = e;
1319
goto mandos_end;
1320
}
1321
if(af == AF_INET6){
1322
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1323
if(IN6_IS_ADDR_LINKLOCAL
1324
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1325
if(if_index == AVAHI_IF_UNSPEC){
1326
fprintf_plus(stderr, "An IPv6 link-local address is"
1327
" incomplete without a network interface\n");
1328
errno = EINVAL;
1329
goto mandos_end;
1330
}
1331
/* Set the network interface number as scope */
1332
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1333
}
1334
} else {
1335
((struct sockaddr_in *)&to)->sin_port = htons(port);
1336
}
556
1337
557
to.in6.sin6_scope_id = (uint32_t)if_index;
1338
if(quit_now){
1339
errno = EINTR;
1340
goto mandos_end;
1341
}
558
1342
559
1343
if(debug){
560
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
561
port);
562
char addrstr[INET6_ADDRSTRLEN] = "";
563
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
564
sizeof(addrstr)) == NULL){
565
perror("inet_ntop");
566
} else {
567
if(strcmp(addrstr, ip) != 0){
568
fprintf(stderr, "Canonical address form: %s\n", addrstr);
569
}
570
}
571
}
572
573
ret = connect(tcp_sd, &to.in, sizeof(to));
574
if (ret < 0){
575
perror("connect");
576
return -1;
1344
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1345
char interface[IF_NAMESIZE];
1346
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1347
perror_plus("if_indextoname");
1348
} else {
1349
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1350
"\n", ip, interface, (uintmax_t)port);
1351
}
1352
} else {
1353
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1354
ip, (uintmax_t)port);
1355
}
1356
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1357
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1358
if(af == AF_INET6){
1359
ret = getnameinfo((struct sockaddr *)&to,
1360
sizeof(struct sockaddr_in6),
1361
addrstr, sizeof(addrstr), NULL, 0,
1362
NI_NUMERICHOST);
1363
} else {
1364
ret = getnameinfo((struct sockaddr *)&to,
1365
sizeof(struct sockaddr_in),
1366
addrstr, sizeof(addrstr), NULL, 0,
1367
NI_NUMERICHOST);
1368
}
1369
if(ret == EAI_SYSTEM){
1370
perror_plus("getnameinfo");
1371
} else if(ret != 0) {
1372
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1373
} else if(strcmp(addrstr, ip) != 0){
1374
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1375
}
1376
}
1377
1378
if(quit_now){
1379
errno = EINTR;
1380
goto mandos_end;
1381
}
1382
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
577
1438
}
578
1439
579
1440
const char *out = mandos_protocol_version;
580
1441
written = 0;
581
while (true){
1442
while(true){
582
1443
size_t out_size = strlen(out);
583
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
584
out_size - written));
585
if (ret == -1){
586
perror("write");
587
retval = -1;
1444
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1445
out_size - written));
1446
if(ret == -1){
1447
int e = errno;
1448
perror_plus("write");
1449
errno = e;
588
1450
goto mandos_end;
589
1451
}
590
1452
written += (size_t)ret;
591
1453
if(written < out_size){
592
1454
continue;
593
1455
} else {
594
if (out == mandos_protocol_version){
1456
if(out == mandos_protocol_version){
595
1457
written = 0;
596
1458
out = "\r\n";
597
1459
} else {
598
1460
break;
599
1461
}
600
1462
}
1463
1464
if(quit_now){
1465
errno = EINTR;
1466
goto mandos_end;
1467
}
601
1468
}
602
1469
603
1470
if(debug){
604
fprintf(stderr, "Establishing TLS session with %s\n", ip);
605
}
606
607
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
608
609
do{
610
ret = gnutls_handshake (session);
1471
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1472
}
1473
1474
if(quit_now){
1475
errno = EINTR;
1476
goto mandos_end;
1477
}
1478
1479
/* This casting via intptr_t is to eliminate warning about casting
1480
an int to a pointer type. This is exactly how the GnuTLS Guile
1481
function "set-session-transport-fd!" does it. */
1482
gnutls_transport_set_ptr(session,
1483
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1484
1485
if(quit_now){
1486
errno = EINTR;
1487
goto mandos_end;
1488
}
1489
1490
do {
1491
ret = gnutls_handshake(session);
1492
if(quit_now){
1493
errno = EINTR;
1494
goto mandos_end;
1495
}
611
1496
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
612
1497
613
if (ret != GNUTLS_E_SUCCESS){
1498
if(ret != GNUTLS_E_SUCCESS){
614
1499
if(debug){
615
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
616
gnutls_perror (ret);
1500
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1501
gnutls_perror(ret);
617
1502
}
618
retval = -1;
1503
errno = EPROTO;
619
1504
goto mandos_end;
620
1505
}
621
1506
622
1507
/* Read OpenPGP packet that contains the wanted password */
623
1508
624
1509
if(debug){
625
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
626
ip);
1510
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1511
" %s\n", ip);
627
1512
}
628
1513
629
1514
while(true){
630
buffer_capacity = adjustbuffer(&buffer, buffer_length,
631
buffer_capacity);
632
if (buffer_capacity == 0){
633
perror("adjustbuffer");
634
retval = -1;
635
goto mandos_end;
636
}
637
638
ret = gnutls_record_recv(session, buffer+buffer_length,
639
BUFFER_SIZE);
640
if (ret == 0){
1515
1516
if(quit_now){
1517
errno = EINTR;
1518
goto mandos_end;
1519
}
1520
1521
buffer_capacity = incbuffer(&buffer, buffer_length,
1522
buffer_capacity);
1523
if(buffer_capacity == 0){
1524
int e = errno;
1525
perror_plus("incbuffer");
1526
errno = e;
1527
goto mandos_end;
1528
}
1529
1530
if(quit_now){
1531
errno = EINTR;
1532
goto mandos_end;
1533
}
1534
1535
sret = gnutls_record_recv(session, buffer+buffer_length,
1536
BUFFER_SIZE);
1537
if(sret == 0){
641
1538
break;
642
1539
}
643
if (ret < 0){
644
switch(ret){
1540
if(sret < 0){
1541
switch(sret){
645
1542
case GNUTLS_E_INTERRUPTED:
646
1543
case GNUTLS_E_AGAIN:
647
1544
break;
648
1545
case GNUTLS_E_REHANDSHAKE:
649
do{
650
ret = gnutls_handshake (session);
1546
do {
1547
ret = gnutls_handshake(session);
1548
1549
if(quit_now){
1550
errno = EINTR;
1551
goto mandos_end;
1552
}
651
1553
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
652
if (ret < 0){
653
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
654
gnutls_perror (ret);
655
retval = -1;
1554
if(ret < 0){
1555
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1556
"***\n");
1557
gnutls_perror(ret);
1558
errno = EPROTO;
656
1559
goto mandos_end;
657
1560
}
658
1561
break;
659
1562
default:
660
fprintf(stderr, "Unknown error while reading data from"
661
" encrypted session with Mandos server\n");
662
retval = -1;
663
gnutls_bye (session, GNUTLS_SHUT_RDWR);
1563
fprintf_plus(stderr, "Unknown error while reading data from"
1564
" encrypted session with Mandos server\n");
1565
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1566
errno = EIO;
664
1567
goto mandos_end;
665
1568
}
666
1569
} else {
667
buffer_length += (size_t) ret;
1570
buffer_length += (size_t) sret;
668
1571
}
669
1572
}
670
1573
671
1574
if(debug){
672
fprintf(stderr, "Closing TLS session\n");
673
}
674
675
gnutls_bye (session, GNUTLS_SHUT_RDWR);
676
677
if (buffer_length > 0){
678
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
679
buffer_length,
680
&decrypted_buffer);
681
if (decrypted_buffer_size >= 0){
1575
fprintf_plus(stderr, "Closing TLS session\n");
1576
}
1577
1578
if(quit_now){
1579
errno = EINTR;
1580
goto mandos_end;
1581
}
1582
1583
do {
1584
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1585
if(quit_now){
1586
errno = EINTR;
1587
goto mandos_end;
1588
}
1589
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1590
1591
if(buffer_length > 0){
1592
ssize_t decrypted_buffer_size;
1593
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1594
&decrypted_buffer, mc);
1595
if(decrypted_buffer_size >= 0){
1596
1597
clearerr(stdout);
682
1598
written = 0;
683
1599
while(written < (size_t) decrypted_buffer_size){
684
ret = (int)fwrite (decrypted_buffer + written, 1,
685
(size_t)decrypted_buffer_size - written,
686
stdout);
1600
if(quit_now){
1601
errno = EINTR;
1602
goto mandos_end;
1603
}
1604
1605
ret = (int)fwrite(decrypted_buffer + written, 1,
1606
(size_t)decrypted_buffer_size - written,
1607
stdout);
687
1608
if(ret == 0 and ferror(stdout)){
1609
int e = errno;
688
1610
if(debug){
689
fprintf(stderr, "Error writing encrypted data: %s\n",
690
strerror(errno));
1611
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1612
strerror(errno));
691
1613
}
692
retval = -1;
693
break;
1614
errno = e;
1615
goto mandos_end;
694
1616
}
695
1617
written += (size_t)ret;
696
1618
}
697
free(decrypted_buffer);
698
} else {
699
retval = -1;
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1629
retval = 0;
700
1630
}
701
} else {
702
retval = -1;
703
1631
}
704
1632
705
1633
/* Shutdown procedure */
706
1634
707
1635
mandos_end:
708
free(buffer);
709
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
710
if(ret == -1){
711
perror("close");
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1643
int e = errno;
1644
free(decrypted_buffer);
1645
free(buffer);
1646
if(tcp_sd >= 0){
1647
ret = close(tcp_sd);
1648
}
1649
if(ret == -1){
1650
if(e == 0){
1651
e = errno;
1652
}
1653
perror_plus("close");
1654
}
1655
gnutls_deinit(session);
1656
errno = e;
1657
if(quit_now){
1658
errno = EINTR;
1659
retval = -1;
1660
}
712
1661
}
713
gnutls_deinit (session);
714
1662
return retval;
715
1663
}
716
1664
717
1665
static void resolve_callback(AvahiSServiceResolver *r,
718
1666
AvahiIfIndex interface,
719
AVAHI_GCC_UNUSED AvahiProtocol protocol,
1667
AvahiProtocol proto,
720
1668
AvahiResolverEvent event,
721
1669
const char *name,
722
1670
const char *type,
727
1675
AVAHI_GCC_UNUSED AvahiStringList *txt,
728
1676
AVAHI_GCC_UNUSED AvahiLookupResultFlags
729
1677
flags,
730
void* userdata) {
731
mandos_context *mc = userdata;
732
assert(r);
1678
void *mc){
1679
if(r == NULL){
1680
return;
1681
}
733
1682
734
1683
/* Called whenever a service has been resolved successfully or
735
1684
timed out */
736
1685
737
switch (event) {
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1688
return;
1689
}
1690
1691
switch(event){
738
1692
default:
739
1693
case AVAHI_RESOLVER_FAILURE:
740
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
741
" of type '%s' in domain '%s': %s\n", name, type, domain,
742
avahi_strerror(avahi_server_errno(mc->server)));
1694
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1695
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1696
domain,
1697
avahi_strerror(avahi_server_errno
1698
(((mandos_context*)mc)->server)));
743
1699
break;
744
1700
745
1701
case AVAHI_RESOLVER_FOUND:
747
1703
char ip[AVAHI_ADDRESS_STR_MAX];
748
1704
avahi_address_snprint(ip, sizeof(ip), address);
749
1705
if(debug){
750
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
751
PRIu16 ") on port %d\n", name, host_name, ip,
752
interface, port);
1706
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1707
PRIdMAX ") on port %" PRIu16 "\n", name,
1708
host_name, ip, (intmax_t)interface, port);
753
1709
}
754
int ret = start_mandos_communication(ip, port, interface, mc);
755
if (ret == 0){
756
avahi_simple_poll_quit(mc->simple_poll);
1710
int ret = start_mandos_communication(ip, (in_port_t)port,
1711
interface,
1712
avahi_proto_to_af(proto),
1713
mc);
1714
if(ret == 0){
1715
avahi_simple_poll_quit(simple_poll);
1716
} else {
1717
if(not add_server(ip, (in_port_t)port, interface,
1718
avahi_proto_to_af(proto),
1719
&((mandos_context*)mc)->current_server)){
1720
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1721
" list\n", name);
1722
}
757
1723
}
758
1724
}
759
1725
}
760
1726
avahi_s_service_resolver_free(r);
761
1727
}
762
1728
763
static void browse_callback( AvahiSServiceBrowser *b,
764
AvahiIfIndex interface,
765
AvahiProtocol protocol,
766
AvahiBrowserEvent event,
767
const char *name,
768
const char *type,
769
const char *domain,
770
AVAHI_GCC_UNUSED AvahiLookupResultFlags
771
flags,
772
void* userdata) {
773
mandos_context *mc = userdata;
774
assert(b);
1729
static void browse_callback(AvahiSServiceBrowser *b,
1730
AvahiIfIndex interface,
1731
AvahiProtocol protocol,
1732
AvahiBrowserEvent event,
1733
const char *name,
1734
const char *type,
1735
const char *domain,
1736
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1737
flags,
1738
void *mc){
1739
if(b == NULL){
1740
return;
1741
}
775
1742
776
1743
/* Called whenever a new services becomes available on the LAN or
777
1744
is removed from the LAN */
778
1745
779
switch (event) {
1746
if(quit_now){
1747
return;
1748
}
1749
1750
switch(event){
780
1751
default:
781
1752
case AVAHI_BROWSER_FAILURE:
782
1753
783
fprintf(stderr, "(Avahi browser) %s\n",
784
avahi_strerror(avahi_server_errno(mc->server)));
785
avahi_simple_poll_quit(mc->simple_poll);
1754
fprintf_plus(stderr, "(Avahi browser) %s\n",
1755
avahi_strerror(avahi_server_errno
1756
(((mandos_context*)mc)->server)));
1757
avahi_simple_poll_quit(simple_poll);
786
1758
return;
787
1759
788
1760
case AVAHI_BROWSER_NEW:
791
1763
the callback function is called the Avahi server will free the
792
1764
resolver for us. */
793
1765
794
if (!(avahi_s_service_resolver_new(mc->server, interface,
795
protocol, name, type, domain,
796
AVAHI_PROTO_INET6, 0,
797
resolve_callback, mc)))
798
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
799
name, avahi_strerror(avahi_server_errno(mc->server)));
1766
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1767
interface, protocol, name, type,
1768
domain, protocol, 0,
1769
resolve_callback, mc) == NULL)
1770
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1771
" %s\n", name,
1772
avahi_strerror(avahi_server_errno
1773
(((mandos_context*)mc)->server)));
800
1774
break;
801
1775
802
1776
case AVAHI_BROWSER_REMOVE:
805
1779
case AVAHI_BROWSER_ALL_FOR_NOW:
806
1780
case AVAHI_BROWSER_CACHE_EXHAUSTED:
807
1781
if(debug){
808
fprintf(stderr, "No Mandos server found, still searching...\n");
1782
fprintf_plus(stderr, "No Mandos server found, still"
1783
" searching...\n");
809
1784
}
810
1785
break;
811
1786
}
812
1787
}
813
1788
1789
/* Signal handler that stops main loop after SIGTERM */
1790
static void handle_sigterm(int sig){
1791
if(quit_now){
1792
return;
1793
}
1794
quit_now = 1;
1795
signal_received = sig;
1796
int old_errno = errno;
1797
/* set main loop to exit */
1798
if(simple_poll != NULL){
1799
avahi_simple_poll_quit(simple_poll);
1800
}
1801
errno = old_errno;
1802
}
1803
1804
__attribute__((nonnull, warn_unused_result))
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1806
int ret;
1807
int old_errno;
1808
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1810
if(s < 0){
1811
old_errno = errno;
1812
perror_plus("socket");
1813
errno = old_errno;
1814
return false;
1815
}
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1819
if(ret == -1){
1820
if(debug){
1821
old_errno = errno;
1822
perror_plus("ioctl SIOCGIFFLAGS");
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1829
}
1830
return false;
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1837
return true;
1838
}
1839
1840
__attribute__((nonnull, warn_unused_result))
1841
bool good_flags(const char *ifname, const struct ifreq *ifr){
1842
1843
/* Reject the loopback device */
1844
if(ifr->ifr_flags & IFF_LOOPBACK){
1845
if(debug){
1846
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1847
ifname);
1848
}
1849
return false;
1850
}
1851
/* Accept point-to-point devices only if connect_to is specified */
1852
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1853
if(debug){
1854
fprintf_plus(stderr, "Accepting point-to-point interface"
1855
" \"%s\"\n", ifname);
1856
}
1857
return true;
1858
}
1859
/* Otherwise, reject non-broadcast-capable devices */
1860
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1861
if(debug){
1862
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1863
" \"%s\"\n", ifname);
1864
}
1865
return false;
1866
}
1867
/* Reject non-ARP interfaces (including dummy interfaces) */
1868
if(ifr->ifr_flags & IFF_NOARP){
1869
if(debug){
1870
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1871
ifname);
1872
}
1873
return false;
1874
}
1875
1876
/* Accept this device */
1877
if(debug){
1878
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1879
}
1880
return true;
1881
}
1882
1883
/*
1884
* This function determines if a directory entry in /sys/class/net
1885
* corresponds to an acceptable network device.
1886
* (This function is passed to scandir(3) as a filter function.)
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1889
int good_interface(const struct dirent *if_entry){
1890
if(if_entry->d_name[0] == '.'){
1891
return 0;
1892
}
1893
1894
struct ifreq ifr;
1895
if(not get_flags(if_entry->d_name, &ifr)){
1896
if(debug){
1897
fprintf_plus(stderr, "Failed to get flags for interface "
1898
"\"%s\"\n", if_entry->d_name);
1899
}
1900
return 0;
1901
}
1902
1903
if(not good_flags(if_entry->d_name, &ifr)){
1904
return 0;
1905
}
1906
return 1;
1907
}
1908
1909
/*
1910
* This function determines if a network interface is up.
1911
*/
1912
__attribute__((nonnull, warn_unused_result))
1913
bool interface_is_up(const char *interface){
1914
struct ifreq ifr;
1915
if(not get_flags(interface, &ifr)){
1916
if(debug){
1917
fprintf_plus(stderr, "Failed to get flags for interface "
1918
"\"%s\"\n", interface);
1919
}
1920
return false;
1921
}
1922
1923
return (bool)(ifr.ifr_flags & IFF_UP);
1924
}
1925
1926
/*
1927
* This function determines if a network interface is running
1928
*/
1929
__attribute__((nonnull, warn_unused_result))
1930
bool interface_is_running(const char *interface){
1931
struct ifreq ifr;
1932
if(not get_flags(interface, &ifr)){
1933
if(debug){
1934
fprintf_plus(stderr, "Failed to get flags for interface "
1935
"\"%s\"\n", interface);
1936
}
1937
return false;
1938
}
1939
1940
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1941
}
1942
1943
__attribute__((nonnull, pure, warn_unused_result))
1944
int notdotentries(const struct dirent *direntry){
1945
/* Skip "." and ".." */
1946
if(direntry->d_name[0] == '.'
1947
and (direntry->d_name[1] == '\0'
1948
or (direntry->d_name[1] == '.'
1949
and direntry->d_name[2] == '\0'))){
1950
return 0;
1951
}
1952
return 1;
1953
}
1954
1955
/* Is this directory entry a runnable program? */
1956
__attribute__((nonnull, warn_unused_result))
1957
int runnable_hook(const struct dirent *direntry){
1958
int ret;
1959
size_t sret;
1960
struct stat st;
1961
1962
if((direntry->d_name)[0] == '\0'){
1963
/* Empty name? */
1964
return 0;
1965
}
1966
1967
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1968
"abcdefghijklmnopqrstuvwxyz"
1969
"0123456789"
1970
"_.-");
1971
if((direntry->d_name)[sret] != '\0'){
1972
/* Contains non-allowed characters */
1973
if(debug){
1974
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1975
direntry->d_name);
1976
}
1977
return 0;
1978
}
1979
1980
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1981
if(ret == -1){
1982
if(debug){
1983
perror_plus("Could not stat hook");
1984
}
1985
return 0;
1986
}
1987
if(not (S_ISREG(st.st_mode))){
1988
/* Not a regular file */
1989
if(debug){
1990
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1991
direntry->d_name);
1992
}
1993
return 0;
1994
}
1995
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1996
/* Not executable */
1997
if(debug){
1998
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1999
direntry->d_name);
2000
}
2001
return 0;
2002
}
2003
if(debug){
2004
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
2005
direntry->d_name);
2006
}
2007
return 1;
2008
}
2009
2010
__attribute__((nonnull, warn_unused_result))
2011
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
2012
mandos_context *mc){
2013
int ret;
2014
struct timespec now;
2015
struct timespec waited_time;
2016
intmax_t block_time;
2017
2018
while(true){
2019
if(mc->current_server == NULL){
2020
if(debug){
2021
fprintf_plus(stderr, "Wait until first server is found."
2022
" No timeout!\n");
2023
}
2024
ret = avahi_simple_poll_iterate(s, -1);
2025
} else {
2026
if(debug){
2027
fprintf_plus(stderr, "Check current_server if we should run"
2028
" it, or wait\n");
2029
}
2030
/* the current time */
2031
ret = clock_gettime(CLOCK_MONOTONIC, &now);
2032
if(ret == -1){
2033
perror_plus("clock_gettime");
2034
return -1;
2035
}
2036
/* Calculating in ms how long time between now and server
2037
who we visted longest time ago. Now - last seen. */
2038
waited_time.tv_sec = (now.tv_sec
2039
- mc->current_server->last_seen.tv_sec);
2040
waited_time.tv_nsec = (now.tv_nsec
2041
- mc->current_server->last_seen.tv_nsec);
2042
/* total time is 10s/10,000ms.
2043
Converting to s from ms by dividing by 1,000,
2044
and ns to ms by dividing by 1,000,000. */
2045
block_time = ((retry_interval
2046
- ((intmax_t)waited_time.tv_sec * 1000))
2047
- ((intmax_t)waited_time.tv_nsec / 1000000));
2048
2049
if(debug){
2050
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
2051
block_time);
2052
}
2053
2054
if(block_time <= 0){
2055
ret = start_mandos_communication(mc->current_server->ip,
2056
mc->current_server->port,
2057
mc->current_server->if_index,
2058
mc->current_server->af, mc);
2059
if(ret == 0){
2060
avahi_simple_poll_quit(s);
2061
return 0;
2062
}
2063
ret = clock_gettime(CLOCK_MONOTONIC,
2064
&mc->current_server->last_seen);
2065
if(ret == -1){
2066
perror_plus("clock_gettime");
2067
return -1;
2068
}
2069
mc->current_server = mc->current_server->next;
2070
block_time = 0; /* Call avahi to find new Mandos
2071
servers, but don't block */
2072
}
2073
2074
ret = avahi_simple_poll_iterate(s, (int)block_time);
2075
}
2076
if(ret != 0){
2077
if(ret > 0 or errno != EINTR){
2078
return (ret != 1) ? ret : 0;
2079
}
2080
}
2081
}
2082
}
2083
2084
__attribute__((nonnull))
2085
void run_network_hooks(const char *mode, const char *interface,
2086
const float delay){
2087
struct dirent **direntries = NULL;
2088
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
2091
if(hookdir_fd == -1){
2092
if(errno == ENOENT){
2093
if(debug){
2094
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2095
" found\n", hookdir);
2096
}
2097
} else {
2098
perror_plus("open");
2099
}
2100
return;
2101
}
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
runnable_hook, alphasort);
2110
if(numhooks == -1){
2111
perror_plus("scandir");
2112
close(devnull);
2113
return;
2114
}
2115
struct dirent *direntry;
2116
int ret;
2117
for(int i = 0; i < numhooks; i++){
2118
direntry = direntries[i];
2119
if(debug){
2120
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2121
direntry->d_name);
2122
}
2123
pid_t hook_pid = fork();
2124
if(hook_pid == 0){
2125
/* Child */
2126
/* Raise privileges */
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
2129
perror_plus("Failed to raise privileges");
2130
_exit(EX_NOPERM);
2131
}
2132
/* Set group */
2133
errno = 0;
2134
ret = setgid(0);
2135
if(ret == -1){
2136
perror_plus("setgid");
2137
_exit(EX_NOPERM);
2138
}
2139
/* Reset supplementary groups */
2140
errno = 0;
2141
ret = setgroups(0, NULL);
2142
if(ret == -1){
2143
perror_plus("setgroups");
2144
_exit(EX_NOPERM);
2145
}
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
if(ret == -1){
2148
perror_plus("setenv");
2149
_exit(EX_OSERR);
2150
}
2151
ret = setenv("DEVICE", interface, 1);
2152
if(ret == -1){
2153
perror_plus("setenv");
2154
_exit(EX_OSERR);
2155
}
2156
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2157
if(ret == -1){
2158
perror_plus("setenv");
2159
_exit(EX_OSERR);
2160
}
2161
ret = setenv("MODE", mode, 1);
2162
if(ret == -1){
2163
perror_plus("setenv");
2164
_exit(EX_OSERR);
2165
}
2166
char *delaystring;
2167
ret = asprintf(&delaystring, "%f", (double)delay);
2168
if(ret == -1){
2169
perror_plus("asprintf");
2170
_exit(EX_OSERR);
2171
}
2172
ret = setenv("DELAY", delaystring, 1);
2173
if(ret == -1){
2174
free(delaystring);
2175
perror_plus("setenv");
2176
_exit(EX_OSERR);
2177
}
2178
free(delaystring);
2179
if(connect_to != NULL){
2180
ret = setenv("CONNECT", connect_to, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
2189
if(hook_fd == -1){
2190
perror_plus("openat");
2191
_exit(EXIT_FAILURE);
2192
}
2193
if(close(hookdir_fd) == -1){
2194
perror_plus("close");
2195
_exit(EXIT_FAILURE);
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
environ) == -1){
2214
perror_plus("fexecve");
2215
_exit(EXIT_FAILURE);
2216
}
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
int status;
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
perror_plus("waitpid");
2226
free(direntry);
2227
continue;
2228
}
2229
if(WIFEXITED(status)){
2230
if(WEXITSTATUS(status) != 0){
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2232
" with status %d\n", direntry->d_name,
2233
WEXITSTATUS(status));
2234
free(direntry);
2235
continue;
2236
}
2237
} else if(WIFSIGNALED(status)){
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2239
" signal %d\n", direntry->d_name,
2240
WTERMSIG(status));
2241
free(direntry);
2242
continue;
2243
} else {
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
2247
continue;
2248
}
2249
}
2250
if(debug){
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2252
direntry->d_name);
2253
}
2254
free(direntry);
2255
}
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
2258
perror_plus("close");
2259
} else {
2260
hookdir_fd = -1;
2261
}
2262
close(devnull);
2263
}
2264
2265
__attribute__((nonnull, warn_unused_result))
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
2269
int ret;
2270
struct ifreq network;
2271
unsigned int if_index = if_nametoindex(interface);
2272
if(if_index == 0){
2273
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2274
errno = old_errno;
2275
return ENXIO;
2276
}
2277
2278
if(quit_now){
2279
errno = old_errno;
2280
return EINTR;
2281
}
2282
2283
if(not interface_is_up(interface)){
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
2286
if(not get_flags(interface, &network)){
2287
ret_errno = errno;
2288
fprintf_plus(stderr, "Failed to get flags for interface "
2289
"\"%s\"\n", interface);
2290
errno = old_errno;
2291
return ret_errno;
2292
}
2293
network.ifr_flags |= IFF_UP; /* set flag */
2294
2295
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2296
if(sd == -1){
2297
ret_errno = errno;
2298
perror_plus("socket");
2299
errno = old_errno;
2300
return ret_errno;
2301
}
2302
2303
if(quit_now){
2304
ret = close(sd);
2305
if(ret == -1){
2306
perror_plus("close");
2307
}
2308
errno = old_errno;
2309
return EINTR;
2310
}
2311
2312
if(debug){
2313
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2314
interface);
2315
}
2316
2317
/* Raise privileges */
2318
ret_errno = raise_privileges();
2319
if(ret_errno != 0){
2320
errno = ret_errno;
2321
perror_plus("Failed to raise privileges");
2322
}
2323
2324
#ifdef __linux__
2325
int ret_linux;
2326
bool restore_loglevel = false;
2327
if(ret_errno == 0){
2328
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2329
messages about the network interface to mess up the prompt */
2330
ret_linux = klogctl(8, NULL, 5);
2331
if(ret_linux == -1){
2332
perror_plus("klogctl");
2333
} else {
2334
restore_loglevel = true;
2335
}
2336
}
2337
#endif /* __linux__ */
2338
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2339
ioctl_errno = errno;
2340
#ifdef __linux__
2341
if(restore_loglevel){
2342
ret_linux = klogctl(7, NULL, 0);
2343
if(ret_linux == -1){
2344
perror_plus("klogctl");
2345
}
2346
}
2347
#endif /* __linux__ */
2348
2349
/* If raise_privileges() succeeded above */
2350
if(ret_errno == 0){
2351
/* Lower privileges */
2352
ret_errno = lower_privileges();
2353
if(ret_errno != 0){
2354
errno = ret_errno;
2355
perror_plus("Failed to lower privileges");
2356
}
2357
}
2358
2359
/* Close the socket */
2360
ret = close(sd);
2361
if(ret == -1){
2362
perror_plus("close");
2363
}
2364
2365
if(ret_setflags == -1){
2366
errno = ioctl_errno;
2367
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2368
errno = old_errno;
2369
return ioctl_errno;
2370
}
2371
} else if(debug){
2372
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2373
interface);
2374
}
2375
2376
/* Sleep checking until interface is running.
2377
Check every 0.25s, up to total time of delay */
2378
for(int i = 0; i < delay * 4; i++){
2379
if(interface_is_running(interface)){
2380
break;
2381
}
2382
struct timespec sleeptime = { .tv_nsec = 250000000 };
2383
ret = nanosleep(&sleeptime, NULL);
2384
if(ret == -1 and errno != EINTR){
2385
perror_plus("nanosleep");
2386
}
2387
}
2388
2389
errno = old_errno;
2390
return 0;
2391
}
2392
2393
__attribute__((nonnull, warn_unused_result))
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
2396
struct ifreq network;
2397
unsigned int if_index = if_nametoindex(interface);
2398
if(if_index == 0){
2399
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2400
errno = old_errno;
2401
return ENXIO;
2402
}
2403
if(interface_is_up(interface)){
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
2406
if(not get_flags(interface, &network) and debug){
2407
ret_errno = errno;
2408
fprintf_plus(stderr, "Failed to get flags for interface "
2409
"\"%s\"\n", interface);
2410
errno = old_errno;
2411
return ret_errno;
2412
}
2413
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2414
2415
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2416
if(sd == -1){
2417
ret_errno = errno;
2418
perror_plus("socket");
2419
errno = old_errno;
2420
return ret_errno;
2421
}
2422
2423
if(debug){
2424
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2425
interface);
2426
}
2427
2428
/* Raise privileges */
2429
ret_errno = raise_privileges();
2430
if(ret_errno != 0){
2431
errno = ret_errno;
2432
perror_plus("Failed to raise privileges");
2433
}
2434
2435
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2436
ioctl_errno = errno;
2437
2438
/* If raise_privileges() succeeded above */
2439
if(ret_errno == 0){
2440
/* Lower privileges */
2441
ret_errno = lower_privileges();
2442
if(ret_errno != 0){
2443
errno = ret_errno;
2444
perror_plus("Failed to lower privileges");
2445
}
2446
}
2447
2448
/* Close the socket */
2449
int ret = close(sd);
2450
if(ret == -1){
2451
perror_plus("close");
2452
}
2453
2454
if(ret_setflags == -1){
2455
errno = ioctl_errno;
2456
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2457
errno = old_errno;
2458
return ioctl_errno;
2459
}
2460
} else if(debug){
2461
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2462
interface);
2463
}
2464
2465
errno = old_errno;
2466
return 0;
2467
}
2468
814
2469
int main(int argc, char *argv[]){
815
AvahiSServiceBrowser *sb = NULL;
816
int error;
817
int ret;
818
int exitcode = EXIT_SUCCESS;
819
const char *interface = "eth0";
820
struct ifreq network;
821
int sd;
822
uid_t uid;
823
gid_t gid;
824
char *connect_to = NULL;
825
char tempdir[] = "/tmp/mandosXXXXXX";
826
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
827
const char *seckey = PATHDIR "/" SECKEY;
828
const char *pubkey = PATHDIR "/" PUBKEY;
829
830
mandos_context mc = { .simple_poll = NULL, .server = NULL,
831
.dh_bits = 1024, .priority = "SECURE256"
832
":!CTYPE-X.509:+CTYPE-OPENPGP" };
833
bool gnutls_initalized = false;
834
bool gpgme_initalized = false;
835
836
{
837
struct argp_option options[] = {
838
{ .name = "debug", .key = 128,
839
.doc = "Debug mode", .group = 3 },
840
{ .name = "connect", .key = 'c',
841
.arg = "ADDRESS:PORT",
842
.doc = "Connect directly to a specific Mandos server",
843
.group = 1 },
844
{ .name = "interface", .key = 'i',
845
.arg = "NAME",
846
.doc = "Interface that will be used to search for Mandos"
847
" servers",
848
.group = 1 },
849
{ .name = "seckey", .key = 's',
850
.arg = "FILE",
851
.doc = "OpenPGP secret key file base name",
852
.group = 1 },
853
{ .name = "pubkey", .key = 'p',
854
.arg = "FILE",
855
.doc = "OpenPGP public key file base name",
856
.group = 2 },
857
{ .name = "dh-bits", .key = 129,
858
.arg = "BITS",
859
.doc = "Bit length of the prime number used in the"
860
" Diffie-Hellman key exchange",
861
.group = 2 },
862
{ .name = "priority", .key = 130,
863
.arg = "STRING",
864
.doc = "GnuTLS priority string for the TLS handshake",
865
.group = 1 },
866
{ .name = NULL }
867
};
868
869
error_t parse_opt (int key, char *arg,
870
struct argp_state *state) {
871
/* Get the INPUT argument from `argp_parse', which we know is
872
a pointer to our plugin list pointer. */
873
switch (key) {
874
case 128: /* --debug */
875
debug = true;
876
break;
877
case 'c': /* --connect */
878
connect_to = arg;
879
break;
880
case 'i': /* --interface */
881
interface = arg;
882
break;
883
case 's': /* --seckey */
884
seckey = arg;
885
break;
886
case 'p': /* --pubkey */
887
pubkey = arg;
888
break;
889
case 129: /* --dh-bits */
890
errno = 0;
891
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
892
if (errno){
893
perror("strtol");
894
exit(EXIT_FAILURE);
895
}
896
break;
897
case 130: /* --priority */
898
mc.priority = arg;
899
break;
900
case ARGP_KEY_ARG:
901
argp_usage (state);
902
case ARGP_KEY_END:
903
break;
904
default:
905
return ARGP_ERR_UNKNOWN;
906
}
907
return 0;
908
}
909
910
struct argp argp = { .options = options, .parser = parse_opt,
911
.args_doc = "",
912
.doc = "Mandos client -- Get and decrypt"
913
" passwords from a Mandos server" };
914
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
915
if (ret == ARGP_ERR_UNKNOWN){
916
fprintf(stderr, "Unknown error while parsing arguments\n");
917
exitcode = EXIT_FAILURE;
918
goto end;
919
}
920
}
921
922
/* If the interface is down, bring it up */
923
{
924
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
925
if(sd < 0) {
926
perror("socket");
927
exitcode = EXIT_FAILURE;
928
goto end;
929
}
930
strcpy(network.ifr_name, interface);
931
ret = ioctl(sd, SIOCGIFFLAGS, &network);
932
if(ret == -1){
933
perror("ioctl SIOCGIFFLAGS");
934
exitcode = EXIT_FAILURE;
935
goto end;
936
}
937
if((network.ifr_flags & IFF_UP) == 0){
938
network.ifr_flags |= IFF_UP;
939
ret = ioctl(sd, SIOCSIFFLAGS, &network);
940
if(ret == -1){
941
perror("ioctl SIOCSIFFLAGS");
942
exitcode = EXIT_FAILURE;
943
goto end;
944
}
945
}
946
ret = TEMP_FAILURE_RETRY(close(sd));
947
if(ret == -1){
948
perror("close");
949
}
950
}
951
952
uid = getuid();
953
gid = getgid();
954
955
ret = setuid(uid);
956
if (ret == -1){
957
perror("setuid");
958
}
959
960
setgid(gid);
961
if (ret == -1){
962
perror("setgid");
963
}
964
965
ret = init_gnutls_global(&mc, pubkey, seckey);
966
if (ret == -1){
967
fprintf(stderr, "init_gnutls_global failed\n");
968
exitcode = EXIT_FAILURE;
969
goto end;
970
} else {
971
gnutls_initalized = true;
972
}
973
974
if(mkdtemp(tempdir) == NULL){
975
perror("mkdtemp");
976
tempdir[0] = '\0';
977
goto end;
978
}
979
980
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
981
fprintf(stderr, "gpgme_initalized failed\n");
982
exitcode = EXIT_FAILURE;
983
goto end;
984
} else {
985
gpgme_initalized = true;
986
}
987
988
if_index = (AvahiIfIndex) if_nametoindex(interface);
989
if(if_index == 0){
990
fprintf(stderr, "No such interface: \"%s\"\n", interface);
991
exit(EXIT_FAILURE);
992
}
993
994
if(connect_to != NULL){
995
/* Connect directly, do not use Zeroconf */
996
/* (Mainly meant for debugging) */
997
char *address = strrchr(connect_to, ':');
998
if(address == NULL){
999
fprintf(stderr, "No colon in address\n");
1000
exitcode = EXIT_FAILURE;
1001
goto end;
1002
}
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
2483
AvahiSServiceBrowser *sb = NULL;
2484
error_t ret_errno;
2485
int ret;
2486
intmax_t tmpmax;
2487
char *tmp;
2488
int exitcode = EXIT_SUCCESS;
2489
char *interfaces_to_take_down = NULL;
2490
size_t interfaces_to_take_down_size = 0;
2491
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2492
char old_tempdir[] = "/tmp/mandosXXXXXX";
2493
char *tempdir = NULL;
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2495
const char *seckey = PATHDIR "/" SECKEY;
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
2502
char *interfaces_hooks = NULL;
2503
2504
bool gnutls_initialized = false;
2505
bool gpgme_initialized = false;
2506
float delay = 2.5f;
2507
double retry_interval = 10; /* 10s between trying a server and
2508
retrying the same server again */
2509
2510
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2511
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2512
2513
uid = getuid();
2514
gid = getgid();
2515
2516
/* Lower any group privileges we might have, just to be safe */
2517
errno = 0;
2518
ret = setgid(gid);
2519
if(ret == -1){
2520
perror_plus("setgid");
2521
}
2522
2523
/* Lower user privileges (temporarily) */
2524
errno = 0;
2525
ret = seteuid(uid);
2526
if(ret == -1){
2527
perror_plus("seteuid");
2528
}
2529
2530
if(quit_now){
2531
goto end;
2532
}
2533
2534
{
2535
struct argp_option options[] = {
2536
{ .name = "debug", .key = 128,
2537
.doc = "Debug mode", .group = 3 },
2538
{ .name = "connect", .key = 'c',
2539
.arg = "ADDRESS:PORT",
2540
.doc = "Connect directly to a specific Mandos server",
2541
.group = 1 },
2542
{ .name = "interface", .key = 'i',
2543
.arg = "NAME",
2544
.doc = "Network interface that will be used to search for"
2545
" Mandos servers",
2546
.group = 1 },
2547
{ .name = "seckey", .key = 's',
2548
.arg = "FILE",
2549
.doc = "OpenPGP secret key file base name",
2550
.group = 1 },
2551
{ .name = "pubkey", .key = 'p',
2552
.arg = "FILE",
2553
.doc = "OpenPGP public key file base name",
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
2571
{ .name = "dh-bits", .key = 129,
2572
.arg = "BITS",
2573
.doc = "Bit length of the prime number used in the"
2574
" Diffie-Hellman key exchange",
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
2581
{ .name = "priority", .key = 130,
2582
.arg = "STRING",
2583
.doc = "GnuTLS priority string for the TLS handshake",
2584
.group = 1 },
2585
{ .name = "delay", .key = 131,
2586
.arg = "SECONDS",
2587
.doc = "Maximum delay to wait for interface startup",
2588
.group = 2 },
2589
{ .name = "retry", .key = 132,
2590
.arg = "SECONDS",
2591
.doc = "Retry interval used when denied by the Mandos server",
2592
.group = 2 },
2593
{ .name = "network-hook-dir", .key = 133,
2594
.arg = "DIR",
2595
.doc = "Directory where network hooks are located",
2596
.group = 2 },
2597
/*
2598
* These reproduce what we would get without ARGP_NO_HELP
2599
*/
2600
{ .name = "help", .key = '?',
2601
.doc = "Give this help list", .group = -1 },
2602
{ .name = "usage", .key = -3,
2603
.doc = "Give a short usage message", .group = -1 },
2604
{ .name = "version", .key = 'V',
2605
.doc = "Print program version", .group = -1 },
2606
{ .name = NULL }
2607
};
2608
2609
error_t parse_opt(int key, char *arg,
2610
struct argp_state *state){
1003
2611
errno = 0;
1004
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
1005
if(errno){
1006
perror("Bad port number");
1007
exitcode = EXIT_FAILURE;
2612
switch(key){
2613
case 128: /* --debug */
2614
debug = true;
2615
break;
2616
case 'c': /* --connect */
2617
connect_to = arg;
2618
break;
2619
case 'i': /* --interface */
2620
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2621
arg, (int)',');
2622
if(ret_errno != 0){
2623
argp_error(state, "%s", strerror(ret_errno));
2624
}
2625
break;
2626
case 's': /* --seckey */
2627
seckey = arg;
2628
break;
2629
case 'p': /* --pubkey */
2630
pubkey = arg;
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2642
case 129: /* --dh-bits */
2643
errno = 0;
2644
tmpmax = strtoimax(arg, &tmp, 10);
2645
if(errno != 0 or tmp == arg or *tmp != '\0'
2646
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2647
argp_error(state, "Bad number of DH bits");
2648
}
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2654
case 130: /* --priority */
2655
mc.priority = arg;
2656
break;
2657
case 131: /* --delay */
2658
errno = 0;
2659
delay = strtof(arg, &tmp);
2660
if(errno != 0 or tmp == arg or *tmp != '\0'){
2661
argp_error(state, "Bad delay");
2662
}
2663
case 132: /* --retry */
2664
errno = 0;
2665
retry_interval = strtod(arg, &tmp);
2666
if(errno != 0 or tmp == arg or *tmp != '\0'
2667
or (retry_interval * 1000) > INT_MAX
2668
or retry_interval < 0){
2669
argp_error(state, "Bad retry interval");
2670
}
2671
break;
2672
case 133: /* --network-hook-dir */
2673
hookdir = arg;
2674
break;
2675
/*
2676
* These reproduce what we would get without ARGP_NO_HELP
2677
*/
2678
case '?': /* --help */
2679
argp_state_help(state, state->out_stream,
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2683
case -3: /* --usage */
2684
argp_state_help(state, state->out_stream,
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2687
case 'V': /* --version */
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2689
exit(argp_err_exit_status);
2690
break;
2691
default:
2692
return ARGP_ERR_UNKNOWN;
2693
}
2694
return errno;
2695
}
2696
2697
struct argp argp = { .options = options, .parser = parse_opt,
2698
.args_doc = "",
2699
.doc = "Mandos client -- Get and decrypt"
2700
" passwords from a Mandos server" };
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2704
case 0:
2705
break;
2706
case ENOMEM:
2707
default:
2708
errno = ret_errno;
2709
perror_plus("argp_parse");
2710
exitcode = EX_OSERR;
2711
goto end;
2712
case EINVAL:
2713
exitcode = EX_USAGE;
2714
goto end;
2715
}
2716
}
2717
2718
{
2719
/* Work around Debian bug #633582:
2720
<https://bugs.debian.org/633582> */
2721
2722
/* Re-raise privileges */
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2726
perror_plus("Failed to raise privileges");
2727
} else {
2728
struct stat st;
2729
2730
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2731
int seckey_fd = open(seckey, O_RDONLY);
2732
if(seckey_fd == -1){
2733
perror_plus("open");
2734
} else {
2735
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2736
if(ret == -1){
2737
perror_plus("fstat");
2738
} else {
2739
if(S_ISREG(st.st_mode)
2740
and st.st_uid == 0 and st.st_gid == 0){
2741
ret = fchown(seckey_fd, uid, gid);
2742
if(ret == -1){
2743
perror_plus("fchown");
2744
}
2745
}
2746
}
2747
close(seckey_fd);
2748
}
2749
}
2750
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2753
if(pubkey_fd == -1){
2754
perror_plus("open");
2755
} else {
2756
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2757
if(ret == -1){
2758
perror_plus("fstat");
2759
} else {
2760
if(S_ISREG(st.st_mode)
2761
and st.st_uid == 0 and st.st_gid == 0){
2762
ret = fchown(pubkey_fd, uid, gid);
2763
if(ret == -1){
2764
perror_plus("fchown");
2765
}
2766
}
2767
}
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2794
/* Lower privileges */
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2798
perror_plus("Failed to lower privileges");
2799
}
2800
}
2801
}
2802
2803
/* Remove invalid interface names (except "none") */
2804
{
2805
char *interface = NULL;
2806
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2807
interface))){
2808
if(strcmp(interface, "none") != 0
2809
and if_nametoindex(interface) == 0){
2810
if(interface[0] != '\0'){
2811
fprintf_plus(stderr, "Not using nonexisting interface"
2812
" \"%s\"\n", interface);
2813
}
2814
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2815
interface = NULL;
2816
}
2817
}
2818
}
2819
2820
/* Run network hooks */
2821
{
2822
if(mc.interfaces != NULL){
2823
interfaces_hooks = malloc(mc.interfaces_size);
2824
if(interfaces_hooks == NULL){
2825
perror_plus("malloc");
1008
2826
goto end;
1009
2827
}
1010
*address = '\0';
1011
address = connect_to;
1012
ret = start_mandos_communication(address, port, if_index, &mc);
1013
if(ret < 0){
1014
exitcode = EXIT_FAILURE;
1015
} else {
1016
exitcode = EXIT_SUCCESS;
1017
}
1018
goto end;
1019
}
1020
1021
if (not debug){
1022
avahi_set_log_function(empty_log);
1023
}
1024
1025
/* Initialize the pseudo-RNG for Avahi */
1026
srand((unsigned int) time(NULL));
1027
1028
/* Allocate main Avahi loop object */
1029
mc.simple_poll = avahi_simple_poll_new();
1030
if (mc.simple_poll == NULL) {
1031
fprintf(stderr, "Avahi: Failed to create simple poll"
1032
" object.\n");
1033
exitcode = EXIT_FAILURE;
1034
goto end;
1035
}
1036
1037
{
1038
AvahiServerConfig config;
1039
/* Do not publish any local Zeroconf records */
1040
avahi_server_config_init(&config);
1041
config.publish_hinfo = 0;
1042
config.publish_addresses = 0;
1043
config.publish_workstation = 0;
1044
config.publish_domain = 0;
1045
1046
/* Allocate a new server */
1047
mc.server = avahi_server_new(avahi_simple_poll_get
1048
(mc.simple_poll), &config, NULL,
1049
NULL, &error);
1050
1051
/* Free the Avahi configuration data */
1052
avahi_server_config_free(&config);
1053
}
1054
1055
/* Check if creating the Avahi server object succeeded */
1056
if (mc.server == NULL) {
1057
fprintf(stderr, "Failed to create Avahi server: %s\n",
1058
avahi_strerror(error));
1059
exitcode = EXIT_FAILURE;
1060
goto end;
1061
}
1062
1063
/* Create the Avahi service browser */
1064
sb = avahi_s_service_browser_new(mc.server, if_index,
1065
AVAHI_PROTO_INET6,
1066
"_mandos._tcp", NULL, 0,
1067
browse_callback, &mc);
1068
if (sb == NULL) {
1069
fprintf(stderr, "Failed to create service browser: %s\n",
1070
avahi_strerror(avahi_server_errno(mc.server)));
1071
exitcode = EXIT_FAILURE;
1072
goto end;
1073
}
1074
1075
/* Run the main loop */
1076
1077
if (debug){
1078
fprintf(stderr, "Starting Avahi loop search\n");
1079
}
1080
1081
avahi_simple_poll_loop(mc.simple_poll);
1082
2828
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2829
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2830
}
2831
run_network_hooks("start", interfaces_hooks != NULL ?
2832
interfaces_hooks : "", delay);
2833
}
2834
2835
if(not debug){
2836
avahi_set_log_function(empty_log);
2837
}
2838
2839
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2840
from the signal handler */
2841
/* Initialize the pseudo-RNG for Avahi */
2842
srand((unsigned int) time(NULL));
2843
simple_poll = avahi_simple_poll_new();
2844
if(simple_poll == NULL){
2845
fprintf_plus(stderr,
2846
"Avahi: Failed to create simple poll object.\n");
2847
exitcode = EX_UNAVAILABLE;
2848
goto end;
2849
}
2850
2851
sigemptyset(&sigterm_action.sa_mask);
2852
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2853
if(ret == -1){
2854
perror_plus("sigaddset");
2855
exitcode = EX_OSERR;
2856
goto end;
2857
}
2858
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2859
if(ret == -1){
2860
perror_plus("sigaddset");
2861
exitcode = EX_OSERR;
2862
goto end;
2863
}
2864
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2865
if(ret == -1){
2866
perror_plus("sigaddset");
2867
exitcode = EX_OSERR;
2868
goto end;
2869
}
2870
/* Need to check if the handler is SIG_IGN before handling:
2871
| [[info:libc:Initial Signal Actions]] |
2872
| [[info:libc:Basic Signal Handling]] |
2873
*/
2874
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2875
if(ret == -1){
2876
perror_plus("sigaction");
2877
return EX_OSERR;
2878
}
2879
if(old_sigterm_action.sa_handler != SIG_IGN){
2880
ret = sigaction(SIGINT, &sigterm_action, NULL);
2881
if(ret == -1){
2882
perror_plus("sigaction");
2883
exitcode = EX_OSERR;
2884
goto end;
2885
}
2886
}
2887
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2888
if(ret == -1){
2889
perror_plus("sigaction");
2890
return EX_OSERR;
2891
}
2892
if(old_sigterm_action.sa_handler != SIG_IGN){
2893
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2894
if(ret == -1){
2895
perror_plus("sigaction");
2896
exitcode = EX_OSERR;
2897
goto end;
2898
}
2899
}
2900
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2901
if(ret == -1){
2902
perror_plus("sigaction");
2903
return EX_OSERR;
2904
}
2905
if(old_sigterm_action.sa_handler != SIG_IGN){
2906
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2907
if(ret == -1){
2908
perror_plus("sigaction");
2909
exitcode = EX_OSERR;
2910
goto end;
2911
}
2912
}
2913
2914
/* If no interfaces were specified, make a list */
2915
if(mc.interfaces == NULL){
2916
struct dirent **direntries = NULL;
2917
/* Look for any good interfaces */
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2919
alphasort);
2920
if(ret >= 1){
2921
/* Add all found interfaces to interfaces list */
2922
for(int i = 0; i < ret; ++i){
2923
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2924
direntries[i]->d_name);
2925
if(ret_errno != 0){
2926
errno = ret_errno;
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2929
continue;
2930
}
2931
if(debug){
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2933
direntries[i]->d_name);
2934
}
2935
free(direntries[i]);
2936
}
2937
free(direntries);
2938
} else {
2939
if(ret == 0){
2940
free(direntries);
2941
}
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2943
exitcode = EXIT_FAILURE;
2944
goto end;
2945
}
2946
}
2947
2948
/* Bring up interfaces which are down, and remove any "none"s */
2949
{
2950
char *interface = NULL;
2951
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2952
interface))){
2953
/* If interface name is "none", stop bringing up interfaces.
2954
Also remove all instances of "none" from the list */
2955
if(strcmp(interface, "none") == 0){
2956
argz_delete(&mc.interfaces, &mc.interfaces_size,
2957
interface);
2958
interface = NULL;
2959
while((interface = argz_next(mc.interfaces,
2960
mc.interfaces_size, interface))){
2961
if(strcmp(interface, "none") == 0){
2962
argz_delete(&mc.interfaces, &mc.interfaces_size,
2963
interface);
2964
interface = NULL;
2965
}
2966
}
2967
break;
2968
}
2969
bool interface_was_up = interface_is_up(interface);
2970
errno = bring_up_interface(interface, delay);
2971
if(not interface_was_up){
2972
if(errno != 0){
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2975
} else {
2976
errno = argz_add(&interfaces_to_take_down,
2977
&interfaces_to_take_down_size,
2978
interface);
2979
if(errno != 0){
2980
perror_plus("argz_add");
2981
}
2982
}
2983
}
2984
}
2985
if(debug and (interfaces_to_take_down == NULL)){
2986
fprintf_plus(stderr, "No interfaces were brought up\n");
2987
}
2988
}
2989
2990
/* If we only got one interface, explicitly use only that one */
2991
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2992
if(debug){
2993
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2994
mc.interfaces);
2995
}
2996
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2997
}
2998
2999
if(quit_now){
3000
goto end;
3001
}
3002
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
3010
if(ret == -1){
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
3012
exitcode = EX_UNAVAILABLE;
3013
goto end;
3014
} else {
3015
gnutls_initialized = true;
3016
}
3017
3018
if(quit_now){
3019
goto end;
3020
}
3021
3022
/* Try /run/tmp before /tmp */
3023
tempdir = mkdtemp(run_tempdir);
3024
if(tempdir == NULL and errno == ENOENT){
3025
if(debug){
3026
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3027
run_tempdir, old_tempdir);
3028
}
3029
tempdir = mkdtemp(old_tempdir);
3030
}
3031
if(tempdir == NULL){
3032
perror_plus("mkdtemp");
3033
goto end;
3034
}
3035
3036
if(quit_now){
3037
goto end;
3038
}
3039
3040
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
3041
fprintf_plus(stderr, "init_gpgme failed\n");
3042
exitcode = EX_UNAVAILABLE;
3043
goto end;
3044
} else {
3045
gpgme_initialized = true;
3046
}
3047
3048
if(quit_now){
3049
goto end;
3050
}
3051
3052
if(connect_to != NULL){
3053
/* Connect directly, do not use Zeroconf */
3054
/* (Mainly meant for debugging) */
3055
char *address = strrchr(connect_to, ':');
3056
3057
if(address == NULL){
3058
fprintf_plus(stderr, "No colon in address\n");
3059
exitcode = EX_USAGE;
3060
goto end;
3061
}
3062
3063
if(quit_now){
3064
goto end;
3065
}
3066
3067
in_port_t port;
3068
errno = 0;
3069
tmpmax = strtoimax(address+1, &tmp, 10);
3070
if(errno != 0 or tmp == address+1 or *tmp != '\0'
3071
or tmpmax != (in_port_t)tmpmax){
3072
fprintf_plus(stderr, "Bad port number\n");
3073
exitcode = EX_USAGE;
3074
goto end;
3075
}
3076
3077
if(quit_now){
3078
goto end;
3079
}
3080
3081
port = (in_port_t)tmpmax;
3082
*address = '\0';
3083
/* Colon in address indicates IPv6 */
3084
int af;
3085
if(strchr(connect_to, ':') != NULL){
3086
af = AF_INET6;
3087
/* Accept [] around IPv6 address - see RFC 5952 */
3088
if(connect_to[0] == '[' and address[-1] == ']')
3089
{
3090
connect_to++;
3091
address[-1] = '\0';
3092
}
3093
} else {
3094
af = AF_INET;
3095
}
3096
address = connect_to;
3097
3098
if(quit_now){
3099
goto end;
3100
}
3101
3102
while(not quit_now){
3103
ret = start_mandos_communication(address, port, if_index, af,
3104
&mc);
3105
if(quit_now or ret == 0){
3106
break;
3107
}
3108
if(debug){
3109
fprintf_plus(stderr, "Retrying in %d seconds\n",
3110
(int)retry_interval);
3111
}
3112
sleep((unsigned int)retry_interval);
3113
}
3114
3115
if(not quit_now){
3116
exitcode = EXIT_SUCCESS;
3117
}
3118
3119
goto end;
3120
}
3121
3122
if(quit_now){
3123
goto end;
3124
}
3125
3126
{
3127
AvahiServerConfig config;
3128
/* Do not publish any local Zeroconf records */
3129
avahi_server_config_init(&config);
3130
config.publish_hinfo = 0;
3131
config.publish_addresses = 0;
3132
config.publish_workstation = 0;
3133
config.publish_domain = 0;
3134
3135
/* Allocate a new server */
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3137
&config, NULL, NULL, &ret);
3138
3139
/* Free the Avahi configuration data */
3140
avahi_server_config_free(&config);
3141
}
3142
3143
/* Check if creating the Avahi server object succeeded */
3144
if(mc.server == NULL){
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3146
avahi_strerror(ret));
3147
exitcode = EX_UNAVAILABLE;
3148
goto end;
3149
}
3150
3151
if(quit_now){
3152
goto end;
3153
}
3154
3155
/* Create the Avahi service browser */
3156
sb = avahi_s_service_browser_new(mc.server, if_index,
3157
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
3158
NULL, 0, browse_callback,
3159
(void *)&mc);
3160
if(sb == NULL){
3161
fprintf_plus(stderr, "Failed to create service browser: %s\n",
3162
avahi_strerror(avahi_server_errno(mc.server)));
3163
exitcode = EX_UNAVAILABLE;
3164
goto end;
3165
}
3166
3167
if(quit_now){
3168
goto end;
3169
}
3170
3171
/* Run the main loop */
3172
3173
if(debug){
3174
fprintf_plus(stderr, "Starting Avahi loop search\n");
3175
}
3176
3177
ret = avahi_loop_with_timeout(simple_poll,
3178
(int)(retry_interval * 1000), &mc);
3179
if(debug){
3180
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
3181
(ret == 0) ? "successfully" : "with error");
3182
}
3183
1083
3184
end:
1084
1085
if (debug){
1086
fprintf(stderr, "%s exiting\n", argv[0]);
1087
}
1088
1089
/* Cleanup things */
1090
if (sb != NULL)
1091
avahi_s_service_browser_free(sb);
1092
1093
if (mc.server != NULL)
1094
avahi_server_free(mc.server);
1095
1096
if (mc.simple_poll != NULL)
1097
avahi_simple_poll_free(mc.simple_poll);
1098
1099
if (gnutls_initalized){
1100
gnutls_certificate_free_credentials(mc.cred);
1101
gnutls_global_deinit ();
1102
gnutls_dh_params_deinit(mc.dh_params);
1103
}
1104
1105
if(gpgme_initalized){
1106
gpgme_release(mc.ctx);
1107
}
1108
1109
/* Removes the temp directory used by GPGME */
1110
if(tempdir[0] != '\0'){
1111
DIR *d;
1112
struct dirent *direntry;
1113
d = opendir(tempdir);
1114
if(d == NULL){
1115
perror("opendir");
1116
} else {
1117
while(true){
1118
direntry = readdir(d);
1119
if(direntry == NULL){
1120
break;
1121
}
1122
if (direntry->d_type == DT_REG){
1123
char *fullname = NULL;
1124
ret = asprintf(&fullname, "%s/%s", tempdir,
1125
direntry->d_name);
1126
if(ret < 0){
1127
perror("asprintf");
1128
continue;
1129
}
1130
ret = unlink(fullname);
1131
if(ret == -1){
1132
fprintf(stderr, "unlink(\"%s\"): %s",
1133
fullname, strerror(errno));
1134
}
1135
free(fullname);
1136
}
1137
}
1138
closedir(d);
1139
}
1140
ret = rmdir(tempdir);
1141
if(ret == -1){
1142
perror("rmdir");
1143
}
1144
}
1145
1146
return exitcode;
3185
3186
if(debug){
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
3194
}
3195
3196
/* Cleanup things */
3197
free(mc.interfaces);
3198
3199
if(sb != NULL)
3200
avahi_s_service_browser_free(sb);
3201
3202
if(mc.server != NULL)
3203
avahi_server_free(mc.server);
3204
3205
if(simple_poll != NULL)
3206
avahi_simple_poll_free(simple_poll);
3207
3208
if(gnutls_initialized){
3209
gnutls_certificate_free_credentials(mc.cred);
3210
gnutls_dh_params_deinit(mc.dh_params);
3211
}
3212
3213
if(gpgme_initialized){
3214
gpgme_release(mc.ctx);
3215
}
3216
3217
/* Cleans up the circular linked list of Mandos servers the client
3218
has seen */
3219
if(mc.current_server != NULL){
3220
mc.current_server->prev->next = NULL;
3221
while(mc.current_server != NULL){
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
3231
free(mc.current_server);
3232
mc.current_server = next;
3233
}
3234
}
3235
3236
/* Re-raise privileges */
3237
{
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
3241
perror_plus("Failed to raise privileges");
3242
} else {
3243
3244
/* Run network hooks */
3245
run_network_hooks("stop", interfaces_hooks != NULL ?
3246
interfaces_hooks : "", delay);
3247
3248
/* Take down the network interfaces which were brought up */
3249
{
3250
char *interface = NULL;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
3257
perror_plus("Failed to take down interface");
3258
}
3259
}
3260
if(debug and (interfaces_to_take_down == NULL)){
3261
fprintf_plus(stderr, "No interfaces needed to be taken"
3262
" down\n");
3263
}
3264
}
3265
}
3266
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
3270
perror_plus("Failed to lower privileges permanently");
3271
}
3272
}
3273
3274
free(interfaces_to_take_down);
3275
free(interfaces_hooks);
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
3331
/* Removes the GPGME temp directory and all files inside */
3332
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
3334
}
3335
3336
if(quit_now){
3337
sigemptyset(&old_sigterm_action.sa_mask);
3338
old_sigterm_action.sa_handler = SIG_DFL;
3339
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3340
&old_sigterm_action,
3341
NULL));
3342
if(ret == -1){
3343
perror_plus("sigaction");
3344
}
3345
do {
3346
ret = raise(signal_received);
3347
} while(ret != 0 and errno == EINTR);
3348
if(ret != 0){
3349
perror_plus("raise");
3350
abort();
3351
}
3352
TEMP_FAILURE_RETRY(pause());
3353
}
3354
3355
return exitcode;
1147
3356
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0