To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1232
- compare with another revision
- download diff
- download tarball
- view history from revision 1232
- Committer: Teddy Hogeborn
- Date: 2021-02-01 19:30:45 UTC
- Revision ID: teddy@recompile.se-20210201193045-lpg6aprpc4srem6k
Fix issue with french translation
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
- files added:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2020 Teddy Hogeborn
13
* Copyright © 2008-2020 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
60
inet_pton(), connect(),
59
61
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
61
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
64
*/
63
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
66
strtoimax() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
74
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
81
getuid(), getgid(), seteuid(),
76
82
setgid(), pause(), _exit(),
77
unlinkat() */
83
unlinkat(), lstat(), symlink() */
78
84
#include <arpa/inet.h> /* inet_pton(), htons() */
79
85
#include <iso646.h> /* not, or, and */
80
86
#include <argp.h> /* struct argp_option, error_t, struct
117
123
gnutls_*
118
124
init_gnutls_session(),
119
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
120
127
#include <gnutls/openpgp.h>
121
128
/* gnutls_certificate_set_openpgp_key_file(),
122
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
123
135
124
136
/* GPGME */
125
137
#include <gpgme.h> /* All GPGME types, constants and
133
145
#define PATHDIR "/conf/conf.d/mandos"
134
146
#define SECKEY "seckey.txt"
135
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
136
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
151
138
152
bool debug = false;
266
280
return true;
267
281
}
268
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
269
335
/*
270
336
* Initialize GPGME.
271
337
*/
291
357
return false;
292
358
}
293
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
400
perror_plus("clock_settime");
401
}
402
ret = lower_privileges();
403
if(ret != 0){
404
errno = ret;
405
perror_plus("Failed to lower privileges");
406
}
407
} while(false);
408
294
409
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
410
if(rc != GPG_ERR_NO_ERROR){
296
411
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
304
419
gpgme_strsource(rc), gpgme_strerror(rc));
305
420
return false;
306
421
}
422
{
423
gpgme_import_result_t import_result
424
= gpgme_op_import_result(mc->ctx);
425
if((import_result->imported < 1
426
or import_result->not_imported > 0)
427
and import_result->unchanged == 0){
428
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
429
fprintf_plus(stderr,
430
"The total number of considered keys: %d\n",
431
import_result->considered);
432
fprintf_plus(stderr,
433
"The number of keys without user ID: %d\n",
434
import_result->no_user_id);
435
fprintf_plus(stderr,
436
"The total number of imported keys: %d\n",
437
import_result->imported);
438
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
439
import_result->imported_rsa);
440
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
441
import_result->unchanged);
442
fprintf_plus(stderr, "The number of new user IDs: %d\n",
443
import_result->new_user_ids);
444
fprintf_plus(stderr, "The number of new sub keys: %d\n",
445
import_result->new_sub_keys);
446
fprintf_plus(stderr, "The number of new signatures: %d\n",
447
import_result->new_signatures);
448
fprintf_plus(stderr, "The number of new revocations: %d\n",
449
import_result->new_revocations);
450
fprintf_plus(stderr,
451
"The total number of secret keys read: %d\n",
452
import_result->secret_read);
453
fprintf_plus(stderr,
454
"The number of imported secret keys: %d\n",
455
import_result->secret_imported);
456
fprintf_plus(stderr,
457
"The number of unchanged secret keys: %d\n",
458
import_result->secret_unchanged);
459
fprintf_plus(stderr, "The number of keys not imported: %d\n",
460
import_result->not_imported);
461
for(gpgme_import_status_t import_status
462
= import_result->imports;
463
import_status != NULL;
464
import_status = import_status->next){
465
fprintf_plus(stderr, "Import status for key: %s\n",
466
import_status->fpr);
467
if(import_status->result != GPG_ERR_NO_ERROR){
468
fprintf_plus(stderr, "Import result: %s: %s\n",
469
gpgme_strsource(import_status->result),
470
gpgme_strerror(import_status->result));
471
}
472
fprintf_plus(stderr, "Key status:\n");
473
fprintf_plus(stderr,
474
import_status->status & GPGME_IMPORT_NEW
475
? "The key was new.\n"
476
: "The key was not new.\n");
477
fprintf_plus(stderr,
478
import_status->status & GPGME_IMPORT_UID
479
? "The key contained new user IDs.\n"
480
: "The key did not contain new user IDs.\n");
481
fprintf_plus(stderr,
482
import_status->status & GPGME_IMPORT_SIG
483
? "The key contained new signatures.\n"
484
: "The key did not contain new signatures.\n");
485
fprintf_plus(stderr,
486
import_status->status & GPGME_IMPORT_SUBKEY
487
? "The key contained new sub keys.\n"
488
: "The key did not contain new sub keys.\n");
489
fprintf_plus(stderr,
490
import_status->status & GPGME_IMPORT_SECRET
491
? "The key contained a secret key.\n"
492
: "The key did not contain a secret key.\n");
493
}
494
return false;
495
}
496
}
307
497
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
498
ret = close(fd);
309
499
if(ret == -1){
310
500
perror_plus("close");
311
501
}
350
540
/* Create new GPGME "context" */
351
541
rc = gpgme_new(&(mc->ctx));
352
542
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
543
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
544
gpgme_strsource(rc), gpgme_strerror(rc));
356
545
return false;
357
546
}
358
547
394
583
/* Create new empty GPGME data buffer for the plaintext */
395
584
rc = gpgme_data_new(&dh_plain);
396
585
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
586
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
399
587
gpgme_strsource(rc), gpgme_strerror(rc));
400
588
gpgme_data_release(dh_crypto);
401
589
return -1;
414
602
if(result == NULL){
415
603
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
604
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
605
if(result->unsupported_algorithm != NULL) {
606
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
607
result->unsupported_algorithm);
608
}
609
fprintf_plus(stderr, "Wrong key usage: %s\n",
610
result->wrong_key_usage ? "Yes" : "No");
421
611
if(result->file_name != NULL){
422
612
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
613
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
614
615
for(gpgme_recipient_t r = result->recipients; r != NULL;
616
r = r->next){
427
617
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
618
gpgme_pubkey_algo_name(r->pubkey_algo));
619
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
431
620
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
621
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
435
622
}
436
623
}
437
624
}
493
680
return plaintext_length;
494
681
}
495
682
683
__attribute__((warn_unused_result, const))
684
static const char *safe_string(const char *str){
685
if(str == NULL)
686
return "(unknown)";
687
return str;
688
}
689
496
690
__attribute__((warn_unused_result))
497
691
static const char *safer_gnutls_strerror(int value){
498
692
const char *ret = gnutls_strerror(value);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
693
return safe_string(ret);
502
694
}
503
695
504
696
/* GnuTLS log function callback */
508
700
fprintf_plus(stderr, "GnuTLS: %s", string);
509
701
}
510
702
511
__attribute__((nonnull, warn_unused_result))
703
__attribute__((nonnull(1, 2, 4), warn_unused_result))
512
704
static int init_gnutls_global(const char *pubkeyfilename,
513
705
const char *seckeyfilename,
706
const char *dhparamsfilename,
514
707
mandos_context *mc){
515
708
int ret;
516
709
518
711
fprintf_plus(stderr, "Initializing GnuTLS\n");
519
712
}
520
713
521
ret = gnutls_global_init();
522
if(ret != GNUTLS_E_SUCCESS){
523
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
524
safer_gnutls_strerror(ret));
525
return -1;
526
}
527
528
714
if(debug){
529
715
/* "Use a log level over 10 to enable all debugging options."
530
716
* - GnuTLS manual
538
724
if(ret != GNUTLS_E_SUCCESS){
539
725
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
540
726
safer_gnutls_strerror(ret));
541
gnutls_global_deinit();
542
727
return -1;
543
728
}
544
729
545
730
if(debug){
546
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
547
" secret key %s as GnuTLS credentials\n",
731
fprintf_plus(stderr, "Attempting to use public key %s and"
732
" private key %s as GnuTLS credentials\n",
548
733
pubkeyfilename,
549
734
seckeyfilename);
550
735
}
551
736
737
#if GNUTLS_VERSION_NUMBER >= 0x030606
738
ret = gnutls_certificate_set_rawpk_key_file
739
(mc->cred, pubkeyfilename, seckeyfilename,
740
GNUTLS_X509_FMT_PEM, /* format */
741
NULL, /* pass */
742
/* key_usage */
743
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
744
NULL, /* names */
745
0, /* names_length */
746
/* privkey_flags */
747
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
748
0); /* pkcs11_flags */
749
#elif GNUTLS_VERSION_NUMBER < 0x030600
552
750
ret = gnutls_certificate_set_openpgp_key_file
553
751
(mc->cred, pubkeyfilename, seckeyfilename,
554
752
GNUTLS_OPENPGP_FMT_BASE64);
753
#else
754
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
755
#endif
555
756
if(ret != GNUTLS_E_SUCCESS){
556
757
fprintf_plus(stderr,
557
"Error[%d] while reading the OpenPGP key pair ('%s',"
758
"Error[%d] while reading the key pair ('%s',"
558
759
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
559
760
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
560
761
safer_gnutls_strerror(ret));
569
770
safer_gnutls_strerror(ret));
570
771
goto globalfail;
571
772
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
773
/* If a Diffie-Hellman parameters file was given, try to use it */
774
if(dhparamsfilename != NULL){
775
gnutls_datum_t params = { .data = NULL, .size = 0 };
776
do {
777
int dhpfile = open(dhparamsfilename, O_RDONLY);
778
if(dhpfile == -1){
779
perror_plus("open");
780
dhparamsfilename = NULL;
781
break;
782
}
783
size_t params_capacity = 0;
784
while(true){
785
params_capacity = incbuffer((char **)¶ms.data,
786
(size_t)params.size,
787
(size_t)params_capacity);
788
if(params_capacity == 0){
789
perror_plus("incbuffer");
790
free(params.data);
791
params.data = NULL;
792
dhparamsfilename = NULL;
793
break;
794
}
795
ssize_t bytes_read = read(dhpfile,
796
params.data + params.size,
797
BUFFER_SIZE);
798
/* EOF */
799
if(bytes_read == 0){
800
break;
801
}
802
/* check bytes_read for failure */
803
if(bytes_read < 0){
804
perror_plus("read");
805
free(params.data);
806
params.data = NULL;
807
dhparamsfilename = NULL;
808
break;
809
}
810
params.size += (unsigned int)bytes_read;
811
}
812
ret = close(dhpfile);
813
if(ret == -1){
814
perror_plus("close");
815
}
816
if(params.data == NULL){
817
dhparamsfilename = NULL;
818
}
819
if(dhparamsfilename == NULL){
820
break;
821
}
822
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
823
GNUTLS_X509_FMT_PEM);
824
if(ret != GNUTLS_E_SUCCESS){
825
fprintf_plus(stderr, "Failed to parse DH parameters in file"
826
" \"%s\": %s\n", dhparamsfilename,
827
safer_gnutls_strerror(ret));
828
dhparamsfilename = NULL;
829
}
830
free(params.data);
831
} while(false);
832
}
833
if(dhparamsfilename == NULL){
834
if(mc->dh_bits == 0){
835
#if GNUTLS_VERSION_NUMBER < 0x030600
836
/* Find out the optimal number of DH bits */
837
/* Try to read the private key file */
838
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
839
do {
840
int secfile = open(seckeyfilename, O_RDONLY);
841
if(secfile == -1){
842
perror_plus("open");
843
break;
844
}
845
size_t buffer_capacity = 0;
846
while(true){
847
buffer_capacity = incbuffer((char **)&buffer.data,
848
(size_t)buffer.size,
849
(size_t)buffer_capacity);
850
if(buffer_capacity == 0){
851
perror_plus("incbuffer");
852
free(buffer.data);
853
buffer.data = NULL;
854
break;
855
}
856
ssize_t bytes_read = read(secfile,
857
buffer.data + buffer.size,
858
BUFFER_SIZE);
859
/* EOF */
860
if(bytes_read == 0){
861
break;
862
}
863
/* check bytes_read for failure */
864
if(bytes_read < 0){
865
perror_plus("read");
866
free(buffer.data);
867
buffer.data = NULL;
868
break;
869
}
870
buffer.size += (unsigned int)bytes_read;
871
}
872
close(secfile);
873
} while(false);
874
/* If successful, use buffer to parse private key */
875
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
876
if(buffer.data != NULL){
877
{
878
gnutls_openpgp_privkey_t privkey = NULL;
879
ret = gnutls_openpgp_privkey_init(&privkey);
880
if(ret != GNUTLS_E_SUCCESS){
881
fprintf_plus(stderr, "Error initializing OpenPGP key"
882
" structure: %s",
883
safer_gnutls_strerror(ret));
884
free(buffer.data);
885
buffer.data = NULL;
886
} else {
887
ret = gnutls_openpgp_privkey_import
888
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
889
if(ret != GNUTLS_E_SUCCESS){
890
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
891
safer_gnutls_strerror(ret));
892
privkey = NULL;
893
}
894
free(buffer.data);
895
buffer.data = NULL;
896
if(privkey != NULL){
897
/* Use private key to suggest an appropriate
898
sec_param */
899
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
900
gnutls_openpgp_privkey_deinit(privkey);
901
if(debug){
902
fprintf_plus(stderr, "This OpenPGP key implies using"
903
" a GnuTLS security parameter \"%s\".\n",
904
safe_string(gnutls_sec_param_get_name
905
(sec_param)));
906
}
907
}
908
}
909
}
910
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
911
/* Err on the side of caution */
912
sec_param = GNUTLS_SEC_PARAM_ULTRA;
913
if(debug){
914
fprintf_plus(stderr, "Falling back to security parameter"
915
" \"%s\"\n",
916
safe_string(gnutls_sec_param_get_name
917
(sec_param)));
918
}
919
}
920
}
921
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
922
if(uret != 0){
923
mc->dh_bits = uret;
924
if(debug){
925
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
926
" implies %u DH bits; using that.\n",
927
safe_string(gnutls_sec_param_get_name
928
(sec_param)),
929
mc->dh_bits);
930
}
931
} else {
932
fprintf_plus(stderr, "Failed to get implied number of DH"
933
" bits for security parameter \"%s\"): %s\n",
934
safe_string(gnutls_sec_param_get_name
935
(sec_param)),
936
safer_gnutls_strerror(ret));
937
goto globalfail;
938
}
939
#endif
940
} else { /* dh_bits != 0 */
941
if(debug){
942
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
943
mc->dh_bits);
944
}
945
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
946
if(ret != GNUTLS_E_SUCCESS){
947
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
948
" bits): %s\n", mc->dh_bits,
949
safer_gnutls_strerror(ret));
950
goto globalfail;
951
}
952
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
953
}
954
}
580
955
581
956
return 0;
582
957
583
958
globalfail:
584
959
585
960
gnutls_certificate_free_credentials(mc->cred);
586
gnutls_global_deinit();
587
961
gnutls_dh_params_deinit(mc->dh_params);
588
962
return -1;
589
963
}
594
968
int ret;
595
969
/* GnuTLS session creation */
596
970
do {
597
ret = gnutls_init(session, GNUTLS_SERVER);
971
ret = gnutls_init(session, (GNUTLS_SERVER
972
#if GNUTLS_VERSION_NUMBER >= 0x030506
973
| GNUTLS_NO_TICKETS
974
#endif
975
#if GNUTLS_VERSION_NUMBER >= 0x030606
976
| GNUTLS_ENABLE_RAWPK
977
#endif
978
));
598
979
if(quit_now){
599
980
return -1;
600
981
}
641
1022
/* ignore client certificate if any. */
642
1023
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
643
1024
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
646
1025
return 0;
647
1026
}
648
1027
650
1029
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
651
1030
__attribute__((unused)) const char *txt){}
652
1031
1032
/* Helper function to add_local_route() and delete_local_route() */
1033
__attribute__((nonnull, warn_unused_result))
1034
static bool add_delete_local_route(const bool add,
1035
const char *address,
1036
AvahiIfIndex if_index){
1037
int ret;
1038
char helper[] = "mandos-client-iprouteadddel";
1039
char add_arg[] = "add";
1040
char delete_arg[] = "delete";
1041
char debug_flag[] = "--debug";
1042
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1043
if(pluginhelperdir == NULL){
1044
if(debug){
1045
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1046
" variable not set; cannot run helper\n");
1047
}
1048
return false;
1049
}
1050
1051
char interface[IF_NAMESIZE];
1052
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1053
perror_plus("if_indextoname");
1054
return false;
1055
}
1056
1057
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1058
if(devnull == -1){
1059
perror_plus("open(\"/dev/null\", O_RDONLY)");
1060
return false;
1061
}
1062
pid_t pid = fork();
1063
if(pid == 0){
1064
/* Child */
1065
/* Raise privileges */
1066
errno = raise_privileges_permanently();
1067
if(errno != 0){
1068
perror_plus("Failed to raise privileges");
1069
/* _exit(EX_NOPERM); */
1070
} else {
1071
/* Set group */
1072
errno = 0;
1073
ret = setgid(0);
1074
if(ret == -1){
1075
perror_plus("setgid");
1076
close(devnull);
1077
_exit(EX_NOPERM);
1078
}
1079
/* Reset supplementary groups */
1080
errno = 0;
1081
ret = setgroups(0, NULL);
1082
if(ret == -1){
1083
perror_plus("setgroups");
1084
close(devnull);
1085
_exit(EX_NOPERM);
1086
}
1087
}
1088
ret = dup2(devnull, STDIN_FILENO);
1089
if(ret == -1){
1090
perror_plus("dup2(devnull, STDIN_FILENO)");
1091
close(devnull);
1092
_exit(EX_OSERR);
1093
}
1094
ret = close(devnull);
1095
if(ret == -1){
1096
perror_plus("close");
1097
}
1098
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1099
if(ret == -1){
1100
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1101
_exit(EX_OSERR);
1102
}
1103
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1104
O_RDONLY
1105
| O_DIRECTORY
1106
| O_PATH
1107
| O_CLOEXEC));
1108
if(helperdir_fd == -1){
1109
perror_plus("open");
1110
_exit(EX_UNAVAILABLE);
1111
}
1112
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1113
helper, O_RDONLY));
1114
if(helper_fd == -1){
1115
perror_plus("openat");
1116
close(helperdir_fd);
1117
_exit(EX_UNAVAILABLE);
1118
}
1119
close(helperdir_fd);
1120
#ifdef __GNUC__
1121
#pragma GCC diagnostic push
1122
#pragma GCC diagnostic ignored "-Wcast-qual"
1123
#endif
1124
if(fexecve(helper_fd, (char *const [])
1125
{ helper, add ? add_arg : delete_arg, (char *)address,
1126
interface, debug ? debug_flag : NULL, NULL },
1127
environ) == -1){
1128
#ifdef __GNUC__
1129
#pragma GCC diagnostic pop
1130
#endif
1131
perror_plus("fexecve");
1132
_exit(EXIT_FAILURE);
1133
}
1134
}
1135
if(pid == -1){
1136
perror_plus("fork");
1137
close(devnull);
1138
return false;
1139
}
1140
ret = close(devnull);
1141
if(ret == -1){
1142
perror_plus("close");
1143
}
1144
int status;
1145
pid_t pret = -1;
1146
errno = 0;
1147
do {
1148
pret = waitpid(pid, &status, 0);
1149
if(pret == -1 and errno == EINTR and quit_now){
1150
int errno_raising = 0;
1151
if((errno = raise_privileges()) != 0){
1152
errno_raising = errno;
1153
perror_plus("Failed to raise privileges in order to"
1154
" kill helper program");
1155
}
1156
if(kill(pid, SIGTERM) == -1){
1157
perror_plus("kill");
1158
}
1159
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1160
perror_plus("Failed to lower privileges after killing"
1161
" helper program");
1162
}
1163
return false;
1164
}
1165
} while(pret == -1 and errno == EINTR);
1166
if(pret == -1){
1167
perror_plus("waitpid");
1168
return false;
1169
}
1170
if(WIFEXITED(status)){
1171
if(WEXITSTATUS(status) != 0){
1172
fprintf_plus(stderr, "Error: iprouteadddel exited"
1173
" with status %d\n", WEXITSTATUS(status));
1174
return false;
1175
}
1176
return true;
1177
}
1178
if(WIFSIGNALED(status)){
1179
fprintf_plus(stderr, "Error: iprouteadddel died by"
1180
" signal %d\n", WTERMSIG(status));
1181
return false;
1182
}
1183
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1184
return false;
1185
}
1186
1187
__attribute__((nonnull, warn_unused_result))
1188
static bool add_local_route(const char *address,
1189
AvahiIfIndex if_index){
1190
if(debug){
1191
fprintf_plus(stderr, "Adding route to %s\n", address);
1192
}
1193
return add_delete_local_route(true, address, if_index);
1194
}
1195
1196
__attribute__((nonnull, warn_unused_result))
1197
static bool delete_local_route(const char *address,
1198
AvahiIfIndex if_index){
1199
if(debug){
1200
fprintf_plus(stderr, "Removing route to %s\n", address);
1201
}
1202
return add_delete_local_route(false, address, if_index);
1203
}
1204
653
1205
/* Called when a Mandos server is found */
654
1206
__attribute__((nonnull, warn_unused_result))
655
1207
static int start_mandos_communication(const char *ip, in_port_t port,
666
1218
int retval = -1;
667
1219
gnutls_session_t session;
668
1220
int pf; /* Protocol family */
1221
bool route_added = false;
669
1222
670
1223
errno = 0;
671
1224
693
1246
bool match = false;
694
1247
{
695
1248
char *interface = NULL;
696
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
697
interface))){
1249
while((interface = argz_next(mc->interfaces,
1250
mc->interfaces_size,
1251
interface))){
698
1252
if(if_nametoindex(interface) == (unsigned int)if_index){
699
1253
match = true;
700
1254
break;
729
1283
PRIuMAX "\n", ip, (uintmax_t)port);
730
1284
}
731
1285
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1286
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
733
1287
if(tcp_sd < 0){
734
1288
int e = errno;
735
1289
perror_plus("socket");
742
1296
goto mandos_end;
743
1297
}
744
1298
745
memset(&to, 0, sizeof(to));
746
1299
if(af == AF_INET6){
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1300
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1301
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1302
ret = inet_pton(af, ip, &to6->sin6_addr);
749
1303
} else { /* IPv4 */
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1304
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1305
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1306
ret = inet_pton(af, ip, &to4->sin_addr);
752
1307
}
753
1308
if(ret < 0 ){
754
1309
int e = errno;
824
1379
goto mandos_end;
825
1380
}
826
1381
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1382
while(true){
1383
if(af == AF_INET6){
1384
ret = connect(tcp_sd, (struct sockaddr *)&to,
1385
sizeof(struct sockaddr_in6));
1386
} else {
1387
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1388
sizeof(struct sockaddr_in));
1389
}
1390
if(ret < 0){
1391
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1392
and if_index != AVAHI_IF_UNSPEC
1393
and connect_to == NULL
1394
and not route_added and
1395
((af == AF_INET6 and not
1396
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1397
&to)->sin6_addr)))
1398
or (af == AF_INET and
1399
/* Not a a IPv4LL address */
1400
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1401
& 0xFFFF0000L) != 0xA9FE0000L))){
1402
/* Work around Avahi bug - Avahi does not announce link-local
1403
addresses if it has a global address, so local hosts with
1404
*only* a link-local address (e.g. Mandos clients) cannot
1405
connect to a Mandos server announced by Avahi on a server
1406
host with a global address. Work around this by retrying
1407
with an explicit route added with the server's address.
1408
1409
Avahi bug reference:
1410
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1411
https://bugs.debian.org/587961
1412
*/
1413
if(debug){
1414
fprintf_plus(stderr, "Mandos server unreachable, trying"
1415
" direct route\n");
1416
}
1417
int e = errno;
1418
route_added = add_local_route(ip, if_index);
1419
if(route_added){
1420
continue;
1421
}
1422
errno = e;
1423
}
1424
if(errno != ECONNREFUSED or debug){
1425
int e = errno;
1426
perror_plus("connect");
1427
errno = e;
1428
}
1429
goto mandos_end;
1430
}
1431
1432
if(quit_now){
1433
errno = EINTR;
1434
goto mandos_end;
1435
}
1436
break;
846
1437
}
847
1438
848
1439
const char *out = mandos_protocol_version;
1002
1593
&decrypted_buffer, mc);
1003
1594
if(decrypted_buffer_size >= 0){
1004
1595
1596
clearerr(stdout);
1005
1597
written = 0;
1006
1598
while(written < (size_t) decrypted_buffer_size){
1007
1599
if(quit_now){
1023
1615
}
1024
1616
written += (size_t)ret;
1025
1617
}
1618
ret = fflush(stdout);
1619
if(ret != 0){
1620
int e = errno;
1621
if(debug){
1622
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1623
strerror(errno));
1624
}
1625
errno = e;
1626
goto mandos_end;
1627
}
1026
1628
retval = 0;
1027
1629
}
1028
1630
}
1031
1633
1032
1634
mandos_end:
1033
1635
{
1636
if(route_added){
1637
if(not delete_local_route(ip, if_index)){
1638
fprintf_plus(stderr, "Failed to delete local route to %s on"
1639
" interface %d", ip, if_index);
1640
}
1641
}
1034
1642
int e = errno;
1035
1643
free(decrypted_buffer);
1036
1644
free(buffer);
1037
1645
if(tcp_sd >= 0){
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1646
ret = close(tcp_sd);
1039
1647
}
1040
1648
if(ret == -1){
1041
1649
if(e == 0){
1053
1661
return retval;
1054
1662
}
1055
1663
1056
__attribute__((nonnull))
1057
1664
static void resolve_callback(AvahiSServiceResolver *r,
1058
1665
AvahiIfIndex interface,
1059
1666
AvahiProtocol proto,
1196
1803
__attribute__((nonnull, warn_unused_result))
1197
1804
bool get_flags(const char *ifname, struct ifreq *ifr){
1198
1805
int ret;
1199
error_t ret_errno;
1806
int old_errno;
1200
1807
1201
1808
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1202
1809
if(s < 0){
1203
ret_errno = errno;
1810
old_errno = errno;
1204
1811
perror_plus("socket");
1205
errno = ret_errno;
1812
errno = old_errno;
1206
1813
return false;
1207
1814
}
1208
strcpy(ifr->ifr_name, ifname);
1815
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1816
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1209
1817
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1210
1818
if(ret == -1){
1211
1819
if(debug){
1212
ret_errno = errno;
1820
old_errno = errno;
1213
1821
perror_plus("ioctl SIOCGIFFLAGS");
1214
errno = ret_errno;
1822
errno = old_errno;
1823
}
1824
if((close(s) == -1) and debug){
1825
old_errno = errno;
1826
perror_plus("close");
1827
errno = old_errno;
1215
1828
}
1216
1829
return false;
1217
1830
}
1831
if((close(s) == -1) and debug){
1832
old_errno = errno;
1833
perror_plus("close");
1834
errno = old_errno;
1835
}
1218
1836
return true;
1219
1837
}
1220
1838
1462
2080
}
1463
2081
}
1464
2082
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1517
2083
__attribute__((nonnull))
1518
2084
void run_network_hooks(const char *mode, const char *interface,
1519
2085
const float delay){
1520
2086
struct dirent **direntries = NULL;
1521
2087
if(hookdir_fd == -1){
1522
hookdir_fd = open(hookdir, O_RDONLY);
2088
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2089
| O_CLOEXEC);
1523
2090
if(hookdir_fd == -1){
1524
2091
if(errno == ENOENT){
1525
2092
if(debug){
1532
2099
return;
1533
2100
}
1534
2101
}
1535
#ifdef __GLIBC__
1536
#if __GLIBC_PREREQ(2, 15)
2102
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2103
if(devnull == -1){
2104
perror_plus("open(\"/dev/null\", O_RDONLY)");
2105
return;
2106
}
1537
2107
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1538
2108
runnable_hook, alphasort);
1539
#else /* not __GLIBC_PREREQ(2, 15) */
1540
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1541
alphasort);
1542
#endif /* not __GLIBC_PREREQ(2, 15) */
1543
#else /* not __GLIBC__ */
1544
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1545
alphasort);
1546
#endif /* not __GLIBC__ */
1547
2109
if(numhooks == -1){
1548
2110
perror_plus("scandir");
2111
close(devnull);
1549
2112
return;
1550
2113
}
1551
2114
struct dirent *direntry;
1552
2115
int ret;
1553
int devnull = open("/dev/null", O_RDONLY);
1554
2116
for(int i = 0; i < numhooks; i++){
1555
2117
direntry = direntries[i];
1556
2118
if(debug){
1580
2142
perror_plus("setgroups");
1581
2143
_exit(EX_NOPERM);
1582
2144
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
1598
2145
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1599
2146
if(ret == -1){
1600
2147
perror_plus("setenv");
1635
2182
_exit(EX_OSERR);
1636
2183
}
1637
2184
}
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2185
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2186
direntry->d_name,
2187
O_RDONLY));
1639
2188
if(hook_fd == -1){
1640
2189
perror_plus("openat");
1641
2190
_exit(EXIT_FAILURE);
1642
2191
}
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2192
if(close(hookdir_fd) == -1){
1644
2193
perror_plus("close");
1645
2194
_exit(EXIT_FAILURE);
1646
2195
}
2196
ret = dup2(devnull, STDIN_FILENO);
2197
if(ret == -1){
2198
perror_plus("dup2(devnull, STDIN_FILENO)");
2199
_exit(EX_OSERR);
2200
}
2201
ret = close(devnull);
2202
if(ret == -1){
2203
perror_plus("close");
2204
_exit(EX_OSERR);
2205
}
2206
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2207
if(ret == -1){
2208
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2209
_exit(EX_OSERR);
2210
}
1647
2211
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1648
2212
environ) == -1){
1649
2213
perror_plus("fexecve");
1689
2253
free(direntry);
1690
2254
}
1691
2255
free(direntries);
1692
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2256
if(close(hookdir_fd) == -1){
1693
2257
perror_plus("close");
1694
2258
} else {
1695
2259
hookdir_fd = -1;
1698
2262
}
1699
2263
1700
2264
__attribute__((nonnull, warn_unused_result))
1701
error_t bring_up_interface(const char *const interface,
1702
const float delay){
1703
error_t old_errno = errno;
2265
int bring_up_interface(const char *const interface,
2266
const float delay){
2267
int old_errno = errno;
1704
2268
int ret;
1705
2269
struct ifreq network;
1706
2270
unsigned int if_index = if_nametoindex(interface);
1716
2280
}
1717
2281
1718
2282
if(not interface_is_up(interface)){
1719
error_t ret_errno = 0, ioctl_errno = 0;
2283
int ret_errno = 0;
2284
int ioctl_errno = 0;
1720
2285
if(not get_flags(interface, &network)){
1721
2286
ret_errno = errno;
1722
2287
fprintf_plus(stderr, "Failed to get flags for interface "
1735
2300
}
1736
2301
1737
2302
if(quit_now){
1738
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2303
ret = close(sd);
1739
2304
if(ret == -1){
1740
2305
perror_plus("close");
1741
2306
}
1791
2356
}
1792
2357
1793
2358
/* Close the socket */
1794
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2359
ret = close(sd);
1795
2360
if(ret == -1){
1796
2361
perror_plus("close");
1797
2362
}
1809
2374
1810
2375
/* Sleep checking until interface is running.
1811
2376
Check every 0.25s, up to total time of delay */
1812
for(int i=0; i < delay * 4; i++){
2377
for(int i = 0; i < delay * 4; i++){
1813
2378
if(interface_is_running(interface)){
1814
2379
break;
1815
2380
}
1825
2390
}
1826
2391
1827
2392
__attribute__((nonnull, warn_unused_result))
1828
error_t take_down_interface(const char *const interface){
1829
error_t old_errno = errno;
2393
int take_down_interface(const char *const interface){
2394
int old_errno = errno;
1830
2395
struct ifreq network;
1831
2396
unsigned int if_index = if_nametoindex(interface);
1832
2397
if(if_index == 0){
1835
2400
return ENXIO;
1836
2401
}
1837
2402
if(interface_is_up(interface)){
1838
error_t ret_errno = 0, ioctl_errno = 0;
2403
int ret_errno = 0;
2404
int ioctl_errno = 0;
1839
2405
if(not get_flags(interface, &network) and debug){
1840
2406
ret_errno = errno;
1841
2407
fprintf_plus(stderr, "Failed to get flags for interface "
1879
2445
}
1880
2446
1881
2447
/* Close the socket */
1882
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2448
int ret = close(sd);
1883
2449
if(ret == -1){
1884
2450
perror_plus("close");
1885
2451
}
1900
2466
}
1901
2467
1902
2468
int main(int argc, char *argv[]){
1903
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1904
.priority = "SECURE256:!CTYPE-X.509:"
1905
"+CTYPE-OPENPGP", .current_server = NULL,
1906
.interfaces = NULL, .interfaces_size = 0 };
2469
mandos_context mc = { .server = NULL, .dh_bits = 0,
2470
#if GNUTLS_VERSION_NUMBER >= 0x030606
2471
.priority = "SECURE128:!CTYPE-X.509"
2472
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2473
":%PROFILE_ULTRA",
2474
#elif GNUTLS_VERSION_NUMBER < 0x030600
2475
.priority = "SECURE256:!CTYPE-X.509"
2476
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2477
#else
2478
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2479
#endif
2480
.current_server = NULL, .interfaces = NULL,
2481
.interfaces_size = 0 };
1907
2482
AvahiSServiceBrowser *sb = NULL;
1908
2483
error_t ret_errno;
1909
2484
int ret;
1918
2493
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1919
2494
const char *seckey = PATHDIR "/" SECKEY;
1920
2495
const char *pubkey = PATHDIR "/" PUBKEY;
2496
#if GNUTLS_VERSION_NUMBER >= 0x030606
2497
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2498
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2499
#endif
2500
const char *dh_params_file = NULL;
1921
2501
char *interfaces_hooks = NULL;
1922
2502
1923
2503
bool gnutls_initialized = false;
1970
2550
{ .name = "pubkey", .key = 'p',
1971
2551
.arg = "FILE",
1972
2552
.doc = "OpenPGP public key file base name",
1973
.group = 2 },
2553
.group = 1 },
2554
{ .name = "tls-privkey", .key = 't',
2555
.arg = "FILE",
2556
#if GNUTLS_VERSION_NUMBER >= 0x030606
2557
.doc = "TLS private key file base name",
2558
#else
2559
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2560
#endif
2561
.group = 1 },
2562
{ .name = "tls-pubkey", .key = 'T',
2563
.arg = "FILE",
2564
#if GNUTLS_VERSION_NUMBER >= 0x030606
2565
.doc = "TLS public key file base name",
2566
#else
2567
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2568
#endif
2569
.group = 1 },
1974
2570
{ .name = "dh-bits", .key = 129,
1975
2571
.arg = "BITS",
1976
2572
.doc = "Bit length of the prime number used in the"
1977
2573
" Diffie-Hellman key exchange",
1978
2574
.group = 2 },
2575
{ .name = "dh-params", .key = 134,
2576
.arg = "FILE",
2577
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2578
" for the Diffie-Hellman key exchange",
2579
.group = 2 },
1979
2580
{ .name = "priority", .key = 130,
1980
2581
.arg = "STRING",
1981
2582
.doc = "GnuTLS priority string for the TLS handshake",
2027
2628
case 'p': /* --pubkey */
2028
2629
pubkey = arg;
2029
2630
break;
2631
case 't': /* --tls-privkey */
2632
#if GNUTLS_VERSION_NUMBER >= 0x030606
2633
tls_privkey = arg;
2634
#endif
2635
break;
2636
case 'T': /* --tls-pubkey */
2637
#if GNUTLS_VERSION_NUMBER >= 0x030606
2638
tls_pubkey = arg;
2639
#endif
2640
break;
2030
2641
case 129: /* --dh-bits */
2031
2642
errno = 0;
2032
2643
tmpmax = strtoimax(arg, &tmp, 10);
2036
2647
}
2037
2648
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2038
2649
break;
2650
case 134: /* --dh-params */
2651
dh_params_file = arg;
2652
break;
2039
2653
case 130: /* --priority */
2040
2654
mc.priority = arg;
2041
2655
break;
2064
2678
argp_state_help(state, state->out_stream,
2065
2679
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2066
2680
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2681
__builtin_unreachable();
2067
2682
case -3: /* --usage */
2068
2683
argp_state_help(state, state->out_stream,
2069
2684
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2685
__builtin_unreachable();
2070
2686
case 'V': /* --version */
2071
2687
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2072
2688
exit(argp_err_exit_status);
2081
2697
.args_doc = "",
2082
2698
.doc = "Mandos client -- Get and decrypt"
2083
2699
" passwords from a Mandos server" };
2084
ret = argp_parse(&argp, argc, argv,
2085
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2086
switch(ret){
2700
ret_errno = argp_parse(&argp, argc, argv,
2701
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2702
switch(ret_errno){
2087
2703
case 0:
2088
2704
break;
2089
2705
case ENOMEM:
2090
2706
default:
2091
errno = ret;
2707
errno = ret_errno;
2092
2708
perror_plus("argp_parse");
2093
2709
exitcode = EX_OSERR;
2094
2710
goto end;
2097
2713
goto end;
2098
2714
}
2099
2715
}
2100
2716
2101
2717
{
2102
/* Work around Debian bug #633582:
2103
<http://bugs.debian.org/633582> */
2104
2105
2718
/* Re-raise privileges */
2106
ret_errno = raise_privileges();
2107
if(ret_errno != 0){
2108
errno = ret_errno;
2719
ret = raise_privileges();
2720
if(ret != 0){
2721
errno = ret;
2109
2722
perror_plus("Failed to raise privileges");
2110
2723
} else {
2111
2724
struct stat st;
2112
2725
2726
/* Work around Debian bug #633582:
2727
<https://bugs.debian.org/633582> */
2728
2113
2729
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2114
2730
int seckey_fd = open(seckey, O_RDONLY);
2115
2731
if(seckey_fd == -1){
2127
2743
}
2128
2744
}
2129
2745
}
2130
TEMP_FAILURE_RETRY(close(seckey_fd));
2746
close(seckey_fd);
2131
2747
}
2132
2748
}
2133
2749
2134
2750
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2135
2751
int pubkey_fd = open(pubkey, O_RDONLY);
2136
2752
if(pubkey_fd == -1){
2148
2764
}
2149
2765
}
2150
2766
}
2151
TEMP_FAILURE_RETRY(close(pubkey_fd));
2152
}
2153
}
2154
2767
close(pubkey_fd);
2768
}
2769
}
2770
2771
if(dh_params_file != NULL
2772
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2773
int dhparams_fd = open(dh_params_file, O_RDONLY);
2774
if(dhparams_fd == -1){
2775
perror_plus("open");
2776
} else {
2777
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2778
if(ret == -1){
2779
perror_plus("fstat");
2780
} else {
2781
if(S_ISREG(st.st_mode)
2782
and st.st_uid == 0 and st.st_gid == 0){
2783
ret = fchown(dhparams_fd, uid, gid);
2784
if(ret == -1){
2785
perror_plus("fchown");
2786
}
2787
}
2788
}
2789
close(dhparams_fd);
2790
}
2791
}
2792
2793
/* Work around Debian bug #981302
2794
<https://bugs.debian.org/981302> */
2795
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2796
ret = symlink("/proc/self/fd", "/dev/fd");
2797
if(ret == -1){
2798
perror_plus("Failed to create /dev/fd symlink");
2799
}
2800
}
2801
2155
2802
/* Lower privileges */
2156
ret_errno = lower_privileges();
2157
if(ret_errno != 0){
2158
errno = ret_errno;
2803
ret = lower_privileges();
2804
if(ret != 0){
2805
errno = ret;
2159
2806
perror_plus("Failed to lower privileges");
2160
2807
}
2161
2808
}
2331
2978
errno = bring_up_interface(interface, delay);
2332
2979
if(not interface_was_up){
2333
2980
if(errno != 0){
2334
perror_plus("Failed to bring up interface");
2981
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2982
" %s\n", interface, strerror(errno));
2335
2983
} else {
2336
2984
errno = argz_add(&interfaces_to_take_down,
2337
2985
&interfaces_to_take_down_size,
2360
3008
goto end;
2361
3009
}
2362
3010
2363
ret = init_gnutls_global(pubkey, seckey, &mc);
3011
#if GNUTLS_VERSION_NUMBER >= 0x030606
3012
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3013
#elif GNUTLS_VERSION_NUMBER < 0x030600
3014
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3015
#else
3016
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3017
#endif
2364
3018
if(ret == -1){
2365
3019
fprintf_plus(stderr, "init_gnutls_global failed\n");
2366
3020
exitcode = EX_UNAVAILABLE;
2488
3142
2489
3143
/* Allocate a new server */
2490
3144
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2491
&config, NULL, NULL, &ret_errno);
3145
&config, NULL, NULL, &ret);
2492
3146
2493
3147
/* Free the Avahi configuration data */
2494
3148
avahi_server_config_free(&config);
2497
3151
/* Check if creating the Avahi server object succeeded */
2498
3152
if(mc.server == NULL){
2499
3153
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2500
avahi_strerror(ret_errno));
3154
avahi_strerror(ret));
2501
3155
exitcode = EX_UNAVAILABLE;
2502
3156
goto end;
2503
3157
}
2538
3192
end:
2539
3193
2540
3194
if(debug){
2541
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3195
if(signal_received){
3196
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3197
argv[0], signal_received,
3198
strsignal(signal_received));
3199
} else {
3200
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3201
}
2542
3202
}
2543
3203
2544
3204
/* Cleanup things */
2555
3215
2556
3216
if(gnutls_initialized){
2557
3217
gnutls_certificate_free_credentials(mc.cred);
2558
gnutls_global_deinit();
2559
3218
gnutls_dh_params_deinit(mc.dh_params);
2560
3219
}
2561
3220
2584
3243
2585
3244
/* Re-raise privileges */
2586
3245
{
2587
ret_errno = raise_privileges();
2588
if(ret_errno != 0){
2589
errno = ret_errno;
3246
ret = raise_privileges();
3247
if(ret != 0){
3248
errno = ret;
2590
3249
perror_plus("Failed to raise privileges");
2591
3250
} else {
2592
3251
2597
3256
/* Take down the network interfaces which were brought up */
2598
3257
{
2599
3258
char *interface = NULL;
2600
while((interface=argz_next(interfaces_to_take_down,
2601
interfaces_to_take_down_size,
2602
interface))){
2603
ret_errno = take_down_interface(interface);
2604
if(ret_errno != 0){
2605
errno = ret_errno;
3259
while((interface = argz_next(interfaces_to_take_down,
3260
interfaces_to_take_down_size,
3261
interface))){
3262
ret = take_down_interface(interface);
3263
if(ret != 0){
3264
errno = ret;
2606
3265
perror_plus("Failed to take down interface");
2607
3266
}
2608
3267
}
2613
3272
}
2614
3273
}
2615
3274
2616
ret_errno = lower_privileges_permanently();
2617
if(ret_errno != 0){
2618
errno = ret_errno;
3275
ret = lower_privileges_permanently();
3276
if(ret != 0){
3277
errno = ret;
2619
3278
perror_plus("Failed to lower privileges permanently");
2620
3279
}
2621
3280
}
2623
3282
free(interfaces_to_take_down);
2624
3283
free(interfaces_hooks);
2625
3284
3285
void clean_dir_at(int base, const char * const dirname,
3286
uintmax_t level){
3287
struct dirent **direntries = NULL;
3288
int dret;
3289
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3290
O_RDONLY
3291
| O_NOFOLLOW
3292
| O_DIRECTORY
3293
| O_PATH));
3294
if(dir_fd == -1){
3295
perror_plus("open");
3296
return;
3297
}
3298
int numentries = scandirat(dir_fd, ".", &direntries,
3299
notdotentries, alphasort);
3300
if(numentries >= 0){
3301
for(int i = 0; i < numentries; i++){
3302
if(debug){
3303
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3304
dirname, direntries[i]->d_name);
3305
}
3306
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3307
if(dret == -1){
3308
if(errno == EISDIR){
3309
dret = unlinkat(dir_fd, direntries[i]->d_name,
3310
AT_REMOVEDIR);
3311
}
3312
if((dret == -1) and (errno == ENOTEMPTY)
3313
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3314
== 0) and (level == 0)){
3315
/* Recurse only in this special case */
3316
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3317
dret = 0;
3318
}
3319
if((dret == -1) and (errno != ENOENT)){
3320
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3321
direntries[i]->d_name, strerror(errno));
3322
}
3323
}
3324
free(direntries[i]);
3325
}
3326
3327
/* need to clean even if 0 because man page doesn't specify */
3328
free(direntries);
3329
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3330
if(dret == -1 and errno != ENOENT){
3331
perror_plus("rmdir");
3332
}
3333
} else {
3334
perror_plus("scandirat");
3335
}
3336
close(dir_fd);
3337
}
3338
2626
3339
/* Removes the GPGME temp directory and all files inside */
2627
3340
if(tempdir != NULL){
2628
struct dirent **direntries = NULL;
2629
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2630
O_NOFOLLOW));
2631
if(tempdir_fd == -1){
2632
perror_plus("open");
2633
} else {
2634
#ifdef __GLIBC__
2635
#if __GLIBC_PREREQ(2, 15)
2636
int numentries = scandirat(tempdir_fd, ".", &direntries,
2637
notdotentries, alphasort);
2638
#else /* not __GLIBC_PREREQ(2, 15) */
2639
int numentries = scandir(tempdir, &direntries, notdotentries,
2640
alphasort);
2641
#endif /* not __GLIBC_PREREQ(2, 15) */
2642
#else /* not __GLIBC__ */
2643
int numentries = scandir(tempdir, &direntries, notdotentries,
2644
alphasort);
2645
#endif /* not __GLIBC__ */
2646
if(numentries >= 0){
2647
for(int i = 0; i < numentries; i++){
2648
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2649
if(ret == -1){
2650
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2651
" \"%s\", 0): %s\n", tempdir,
2652
direntries[i]->d_name, strerror(errno));
2653
}
2654
free(direntries[i]);
2655
}
2656
2657
/* need to clean even if 0 because man page doesn't specify */
2658
free(direntries);
2659
if(numentries == -1){
2660
perror_plus("scandir");
2661
}
2662
ret = rmdir(tempdir);
2663
if(ret == -1 and errno != ENOENT){
2664
perror_plus("rmdir");
2665
}
2666
}
2667
TEMP_FAILURE_RETRY(close(tempdir_fd));
2668
}
3341
clean_dir_at(-1, tempdir, 0);
2669
3342
}
2670
3343
2671
3344
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0