To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1237
- compare with another revision
- download diff
- download tarball
- view history from revision 1237
- Committer: Teddy Hogeborn
- Date: 2021-02-03 23:10:42 UTC
- Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
- files added:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2021 Teddy Hogeborn
13
* Copyright © 2008-2021 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
37
38
#define _FILE_OFFSET_BITS 64
38
39
#endif /* not _FILE_OFFSET_BITS */
39
40
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
41
#define _GNU_SOURCE /* program_invocation_short_name,
42
TEMP_FAILURE_RETRY(), O_CLOEXEC,
43
scandirat(), asprintf() */
48
44
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open(), S_ISREG */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect(),
59
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
*/
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
45
#include <argp.h> /* argp_program_version,
46
argp_program_bug_address,
47
struct argp_option,
48
struct argp_state, argp_error(),
49
argp_state_help,
50
ARGP_HELP_STD_HELP,
51
ARGP_HELP_EXIT_ERR,
52
ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,
53
argp_err_exit_status,
54
ARGP_ERR_UNKNOWN, struct argp,
55
argp_parse(), ARGP_IN_ORDER,
56
ARGP_NO_HELP */
57
#include <stddef.h> /* NULL, size_t */
58
#include <sys/types.h> /* uid_t, gid_t, sig_atomic_t,
59
seteuid(), setuid(), pid_t,
60
setgid(), getuid(), getgid() */
61
#include <unistd.h> /* uid_t, gid_t, TEMP_FAILURE_RETRY(),
62
seteuid(), setuid(), close(),
63
ssize_t, read(), fork(), setgid(),
64
_exit(), dup2(), STDIN_FILENO,
65
STDERR_FILENO, STDOUT_FILENO,
66
fexecve(), write(), getuid(),
67
getgid(), fchown(), symlink(),
68
sleep(), unlinkat(), pause() */
69
#include <netinet/in.h> /* in_port_t, struct sockaddr_in6,
70
sa_family_t, struct sockaddr_in,
71
htons(), IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN,
73
ntohl(), IPPROTO_IP */
74
#include <time.h> /* struct timespec, clock_gettime(),
75
CLOCK_MONOTONIC, time_t, struct tm,
76
gmtime_r(), clock_settime(),
77
CLOCK_REALTIME, nanosleep() */
78
#include <errno.h> /* errno,
79
program_invocation_short_name,
80
EINTR, EINVAL, ENETUNREACH,
81
EHOSTUNREACH, ECONNREFUSED, EPROTO,
82
EIO, ENOENT, ENXIO, error_t,
83
ENOMEM, EISDIR, ENOTEMPTY */
84
#include <stdio.h> /* fprintf(), stderr, perror(), FILE,
85
vfprintf(), off_t, SEEK_SET,
86
stdout, fwrite(), ferror(),
87
fflush(), asprintf() */
88
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
89
#include <stdlib.h> /* realloc(), free(), malloc(),
90
getenv(), EXIT_FAILURE, setenv(),
91
EXIT_SUCCESS, strtof(), strtod(),
92
srand(), mkdtemp(), abort() */
93
#include <string.h> /* strdup(), strcmp(), strlen(),
94
strerror(), strncpy(), strspn(),
95
memcpy(), strrchr(), strchr(),
96
strsignal() */
97
#include <fcntl.h> /* open(), O_RDONLY, O_DIRECTORY,
98
O_PATH, O_CLOEXEC, openat(),
99
O_NOFOLLOW, AT_REMOVEDIR */
100
#include <iso646.h> /* or, and, not */
101
#include <sys/stat.h> /* struct stat, fstat(), fstatat(),
102
S_ISREG(), S_IXUSR, S_IXGRP,
103
S_IXOTH, lstat() */
104
#include <net/if.h> /* IF_NAMESIZE, if_indextoname(),
105
if_nametoindex(), SIOCGIFFLAGS,
106
IFF_LOOPBACK, IFF_POINTOPOINT,
107
IFF_BROADCAST, IFF_NOARP, IFF_UP,
108
IFF_RUNNING, SIOCSIFFLAGS */
109
#include <sysexits.h> /* EX_NOPERM, EX_OSERR,
110
EX_UNAVAILABLE, EX_USAGE */
111
#include <grp.h> /* setgroups() */
112
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
113
WEXITSTATUS(), WIFSIGNALED(),
114
WTERMSIG() */
115
#include <signal.h> /* kill(), SIGTERM, struct sigaction,
116
SIG_DFL, sigemptyset(),
117
sigaddset(), SIGINT, SIGHUP,
118
SIG_IGN, raise() */
119
#include <sys/socket.h> /* struct sockaddr_storage, AF_INET6,
120
PF_INET6, AF_INET, PF_INET,
121
socket(), SOCK_STREAM,
122
SOCK_CLOEXEC, struct sockaddr,
123
connect(), SOCK_DGRAM */
124
#include <argz.h> /* argz_next(), argz_add_sep(),
125
argz_delete(), argz_stringify(),
126
argz_add(), argz_count() */
127
#include <inttypes.h> /* PRIuMAX, uintmax_t, uint32_t,
128
PRIdMAX, PRIu16, intmax_t,
64
129
strtoimax() */
65
#include <errno.h> /* perror(), errno,
66
program_invocation_short_name */
67
#include <time.h> /* nanosleep(), time(), sleep() */
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
69
SIOCSIFFLAGS, if_indextoname(),
70
if_nametoindex(), IF_NAMESIZE */
71
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
*/
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit(),
77
unlinkat() */
78
#include <arpa/inet.h> /* inet_pton(), htons() */
79
#include <iso646.h> /* not, or, and */
80
#include <argp.h> /* struct argp_option, error_t, struct
81
argp_state, struct argp,
82
argp_parse(), ARGP_KEY_ARG,
83
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
84
#include <signal.h> /* sigemptyset(), sigaddset(),
85
sigaction(), SIGTERM, sig_atomic_t,
86
raise() */
87
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
88
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
89
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
90
WEXITSTATUS(), WTERMSIG() */
91
#include <grp.h> /* setgroups() */
92
#include <argz.h> /* argz_add_sep(), argz_next(),
93
argz_delete(), argz_append(),
94
argz_stringify(), argz_add(),
95
argz_count() */
130
#include <arpa/inet.h> /* inet_pton() */
131
#include <stdint.h> /* uint32_t, intptr_t, uint16_t */
96
132
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
97
133
EAI_SYSTEM, gai_strerror() */
134
#include <sys/ioctl.h> /* ioctl() */
135
#include <dirent.h> /* struct dirent, scandirat(),
136
alphasort(), scandir() */
137
#include <limits.h> /* INT_MAX */
98
138
99
139
#ifdef __linux__
100
140
#include <sys/klog.h> /* klogctl() */
113
153
114
154
/* GnuTLS */
115
155
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
116
functions:
117
gnutls_*
118
init_gnutls_session(),
119
GNUTLS_* */
156
functions: gnutls_*, GNUTLS_* */
157
#if GNUTLS_VERSION_NUMBER < 0x030600
120
158
#include <gnutls/openpgp.h>
121
159
/* gnutls_certificate_set_openpgp_key_file(),
122
160
GNUTLS_OPENPGP_FMT_BASE64 */
161
#elif GNUTLS_VERSION_NUMBER >= 0x030606
162
#include <gnutls/x509.h> /* GNUTLS_PKCS_PLAIN,
163
GNUTLS_PKCS_NULL_PASSWORD */
164
#endif
123
165
124
166
/* GPGME */
125
167
#include <gpgme.h> /* All GPGME types, constants and
126
168
functions:
127
gpgme_*
128
GPGME_PROTOCOL_OpenPGP,
129
GPG_ERR_NO_* */
169
gpgme_*, GPG_ERR_NO_*,
170
GPGME_IMPORT_*
171
GPGME_PROTOCOL_OpenPGP */
130
172
131
173
#define BUFFER_SIZE 256
132
174
133
175
#define PATHDIR "/conf/conf.d/mandos"
134
176
#define SECKEY "seckey.txt"
135
177
#define PUBKEY "pubkey.txt"
178
#define TLS_PRIVKEY "tls-privkey.pem"
179
#define TLS_PUBKEY "tls-pubkey.pem"
136
180
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
181
138
182
bool debug = false;
266
310
return true;
267
311
}
268
312
313
/* Set effective uid to 0, return errno */
314
__attribute__((warn_unused_result))
315
int raise_privileges(void){
316
int old_errno = errno;
317
int ret = 0;
318
if(seteuid(0) == -1){
319
ret = errno;
320
}
321
errno = old_errno;
322
return ret;
323
}
324
325
/* Set effective and real user ID to 0. Return errno. */
326
__attribute__((warn_unused_result))
327
int raise_privileges_permanently(void){
328
int old_errno = errno;
329
int ret = raise_privileges();
330
if(ret != 0){
331
errno = old_errno;
332
return ret;
333
}
334
if(setuid(0) == -1){
335
ret = errno;
336
}
337
errno = old_errno;
338
return ret;
339
}
340
341
/* Set effective user ID to unprivileged saved user ID */
342
__attribute__((warn_unused_result))
343
int lower_privileges(void){
344
int old_errno = errno;
345
int ret = 0;
346
if(seteuid(uid) == -1){
347
ret = errno;
348
}
349
errno = old_errno;
350
return ret;
351
}
352
353
/* Lower privileges permanently */
354
__attribute__((warn_unused_result))
355
int lower_privileges_permanently(void){
356
int old_errno = errno;
357
int ret = 0;
358
if(setuid(uid) == -1){
359
ret = errno;
360
}
361
errno = old_errno;
362
return ret;
363
}
364
269
365
/*
270
366
* Initialize GPGME.
271
367
*/
291
387
return false;
292
388
}
293
389
390
/* Workaround for systems without a real-time clock; see also
391
Debian bug #894495: <https://bugs.debian.org/894495> */
392
do {
393
{
394
time_t currtime = time(NULL);
395
if(currtime != (time_t)-1){
396
struct tm tm;
397
if(gmtime_r(&currtime, &tm) == NULL) {
398
perror_plus("gmtime_r");
399
break;
400
}
401
if(tm.tm_year != 70 or tm.tm_mon != 0){
402
break;
403
}
404
if(debug){
405
fprintf_plus(stderr, "System clock is January 1970");
406
}
407
} else {
408
if(debug){
409
fprintf_plus(stderr, "System clock is invalid");
410
}
411
}
412
}
413
struct stat keystat;
414
ret = fstat(fd, &keystat);
415
if(ret != 0){
416
perror_plus("fstat");
417
break;
418
}
419
ret = raise_privileges();
420
if(ret != 0){
421
errno = ret;
422
perror_plus("Failed to raise privileges");
423
break;
424
}
425
if(debug){
426
fprintf_plus(stderr,
427
"Setting system clock to key file mtime");
428
}
429
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
430
perror_plus("clock_settime");
431
}
432
ret = lower_privileges();
433
if(ret != 0){
434
errno = ret;
435
perror_plus("Failed to lower privileges");
436
}
437
} while(false);
438
294
439
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
440
if(rc != GPG_ERR_NO_ERROR){
296
441
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
304
449
gpgme_strsource(rc), gpgme_strerror(rc));
305
450
return false;
306
451
}
452
{
453
gpgme_import_result_t import_result
454
= gpgme_op_import_result(mc->ctx);
455
if((import_result->imported < 1
456
or import_result->not_imported > 0)
457
and import_result->unchanged == 0){
458
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
459
fprintf_plus(stderr,
460
"The total number of considered keys: %d\n",
461
import_result->considered);
462
fprintf_plus(stderr,
463
"The number of keys without user ID: %d\n",
464
import_result->no_user_id);
465
fprintf_plus(stderr,
466
"The total number of imported keys: %d\n",
467
import_result->imported);
468
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
469
import_result->imported_rsa);
470
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
471
import_result->unchanged);
472
fprintf_plus(stderr, "The number of new user IDs: %d\n",
473
import_result->new_user_ids);
474
fprintf_plus(stderr, "The number of new sub keys: %d\n",
475
import_result->new_sub_keys);
476
fprintf_plus(stderr, "The number of new signatures: %d\n",
477
import_result->new_signatures);
478
fprintf_plus(stderr, "The number of new revocations: %d\n",
479
import_result->new_revocations);
480
fprintf_plus(stderr,
481
"The total number of secret keys read: %d\n",
482
import_result->secret_read);
483
fprintf_plus(stderr,
484
"The number of imported secret keys: %d\n",
485
import_result->secret_imported);
486
fprintf_plus(stderr,
487
"The number of unchanged secret keys: %d\n",
488
import_result->secret_unchanged);
489
fprintf_plus(stderr, "The number of keys not imported: %d\n",
490
import_result->not_imported);
491
for(gpgme_import_status_t import_status
492
= import_result->imports;
493
import_status != NULL;
494
import_status = import_status->next){
495
fprintf_plus(stderr, "Import status for key: %s\n",
496
import_status->fpr);
497
if(import_status->result != GPG_ERR_NO_ERROR){
498
fprintf_plus(stderr, "Import result: %s: %s\n",
499
gpgme_strsource(import_status->result),
500
gpgme_strerror(import_status->result));
501
}
502
fprintf_plus(stderr, "Key status:\n");
503
fprintf_plus(stderr,
504
import_status->status & GPGME_IMPORT_NEW
505
? "The key was new.\n"
506
: "The key was not new.\n");
507
fprintf_plus(stderr,
508
import_status->status & GPGME_IMPORT_UID
509
? "The key contained new user IDs.\n"
510
: "The key did not contain new user IDs.\n");
511
fprintf_plus(stderr,
512
import_status->status & GPGME_IMPORT_SIG
513
? "The key contained new signatures.\n"
514
: "The key did not contain new signatures.\n");
515
fprintf_plus(stderr,
516
import_status->status & GPGME_IMPORT_SUBKEY
517
? "The key contained new sub keys.\n"
518
: "The key did not contain new sub keys.\n");
519
fprintf_plus(stderr,
520
import_status->status & GPGME_IMPORT_SECRET
521
? "The key contained a secret key.\n"
522
: "The key did not contain a secret key.\n");
523
}
524
return false;
525
}
526
}
307
527
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
528
ret = close(fd);
309
529
if(ret == -1){
310
530
perror_plus("close");
311
531
}
350
570
/* Create new GPGME "context" */
351
571
rc = gpgme_new(&(mc->ctx));
352
572
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
573
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
574
gpgme_strsource(rc), gpgme_strerror(rc));
356
575
return false;
357
576
}
358
577
394
613
/* Create new empty GPGME data buffer for the plaintext */
395
614
rc = gpgme_data_new(&dh_plain);
396
615
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
616
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
399
617
gpgme_strsource(rc), gpgme_strerror(rc));
400
618
gpgme_data_release(dh_crypto);
401
619
return -1;
414
632
if(result == NULL){
415
633
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
634
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
635
if(result->unsupported_algorithm != NULL) {
636
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
637
result->unsupported_algorithm);
638
}
639
fprintf_plus(stderr, "Wrong key usage: %s\n",
640
result->wrong_key_usage ? "Yes" : "No");
421
641
if(result->file_name != NULL){
422
642
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
643
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
644
645
for(gpgme_recipient_t r = result->recipients; r != NULL;
646
r = r->next){
427
647
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
648
gpgme_pubkey_algo_name(r->pubkey_algo));
649
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
431
650
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
651
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
435
652
}
436
653
}
437
654
}
513
730
fprintf_plus(stderr, "GnuTLS: %s", string);
514
731
}
515
732
516
__attribute__((nonnull, warn_unused_result))
733
__attribute__((nonnull(1, 2, 4), warn_unused_result))
517
734
static int init_gnutls_global(const char *pubkeyfilename,
518
735
const char *seckeyfilename,
736
const char *dhparamsfilename,
519
737
mandos_context *mc){
520
738
int ret;
521
unsigned int uret;
522
739
523
740
if(debug){
524
741
fprintf_plus(stderr, "Initializing GnuTLS\n");
525
742
}
526
743
527
ret = gnutls_global_init();
528
if(ret != GNUTLS_E_SUCCESS){
529
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
530
safer_gnutls_strerror(ret));
531
return -1;
532
}
533
534
744
if(debug){
535
745
/* "Use a log level over 10 to enable all debugging options."
536
746
* - GnuTLS manual
544
754
if(ret != GNUTLS_E_SUCCESS){
545
755
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
546
756
safer_gnutls_strerror(ret));
547
gnutls_global_deinit();
548
757
return -1;
549
758
}
550
759
551
760
if(debug){
552
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
553
" secret key %s as GnuTLS credentials\n",
761
fprintf_plus(stderr, "Attempting to use public key %s and"
762
" private key %s as GnuTLS credentials\n",
554
763
pubkeyfilename,
555
764
seckeyfilename);
556
765
}
557
766
767
#if GNUTLS_VERSION_NUMBER >= 0x030606
768
ret = gnutls_certificate_set_rawpk_key_file
769
(mc->cred, pubkeyfilename, seckeyfilename,
770
GNUTLS_X509_FMT_PEM, /* format */
771
NULL, /* pass */
772
/* key_usage */
773
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
774
NULL, /* names */
775
0, /* names_length */
776
/* privkey_flags */
777
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
778
0); /* pkcs11_flags */
779
#elif GNUTLS_VERSION_NUMBER < 0x030600
558
780
ret = gnutls_certificate_set_openpgp_key_file
559
781
(mc->cred, pubkeyfilename, seckeyfilename,
560
782
GNUTLS_OPENPGP_FMT_BASE64);
783
#else
784
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
785
#endif
561
786
if(ret != GNUTLS_E_SUCCESS){
562
787
fprintf_plus(stderr,
563
"Error[%d] while reading the OpenPGP key pair ('%s',"
788
"Error[%d] while reading the key pair ('%s',"
564
789
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
565
790
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
566
791
safer_gnutls_strerror(ret));
575
800
safer_gnutls_strerror(ret));
576
801
goto globalfail;
577
802
}
578
if(mc->dh_bits == 0){
579
/* Find out the optimal number of DH bits */
580
/* Try to read the private key file */
581
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
582
{
583
int secfile = open(seckeyfilename, O_RDONLY);
584
size_t buffer_capacity = 0;
803
/* If a Diffie-Hellman parameters file was given, try to use it */
804
if(dhparamsfilename != NULL){
805
gnutls_datum_t params = { .data = NULL, .size = 0 };
806
do {
807
int dhpfile = open(dhparamsfilename, O_RDONLY);
808
if(dhpfile == -1){
809
perror_plus("open");
810
dhparamsfilename = NULL;
811
break;
812
}
813
size_t params_capacity = 0;
585
814
while(true){
586
buffer_capacity = incbuffer((char **)&buffer.data,
587
(size_t)buffer.size,
588
(size_t)buffer_capacity);
589
if(buffer_capacity == 0){
815
params_capacity = incbuffer((char **)¶ms.data,
816
(size_t)params.size,
817
(size_t)params_capacity);
818
if(params_capacity == 0){
590
819
perror_plus("incbuffer");
591
free(buffer.data);
592
buffer.data = NULL;
820
free(params.data);
821
params.data = NULL;
822
dhparamsfilename = NULL;
593
823
break;
594
824
}
595
ssize_t bytes_read = read(secfile, buffer.data + buffer.size,
825
ssize_t bytes_read = read(dhpfile,
826
params.data + params.size,
596
827
BUFFER_SIZE);
597
828
/* EOF */
598
829
if(bytes_read == 0){
601
832
/* check bytes_read for failure */
602
833
if(bytes_read < 0){
603
834
perror_plus("read");
604
free(buffer.data);
605
buffer.data = NULL;
606
break;
607
}
608
buffer.size += (unsigned int)bytes_read;
609
}
610
close(secfile);
611
}
612
/* If successful, use buffer to parse private key */
613
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
614
if(buffer.data != NULL){
615
{
616
gnutls_openpgp_privkey_t privkey = NULL;
617
ret = gnutls_openpgp_privkey_init(&privkey);
618
if(ret != GNUTLS_E_SUCCESS){
619
fprintf_plus(stderr, "Error initializing OpenPGP key"
620
" structure: %s", safer_gnutls_strerror(ret));
621
free(buffer.data);
622
buffer.data = NULL;
623
} else {
624
ret = gnutls_openpgp_privkey_import(privkey, &buffer,
625
GNUTLS_OPENPGP_FMT_BASE64,
626
"", 0);
835
free(params.data);
836
params.data = NULL;
837
dhparamsfilename = NULL;
838
break;
839
}
840
params.size += (unsigned int)bytes_read;
841
}
842
ret = close(dhpfile);
843
if(ret == -1){
844
perror_plus("close");
845
}
846
if(params.data == NULL){
847
dhparamsfilename = NULL;
848
}
849
if(dhparamsfilename == NULL){
850
break;
851
}
852
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
853
GNUTLS_X509_FMT_PEM);
854
if(ret != GNUTLS_E_SUCCESS){
855
fprintf_plus(stderr, "Failed to parse DH parameters in file"
856
" \"%s\": %s\n", dhparamsfilename,
857
safer_gnutls_strerror(ret));
858
dhparamsfilename = NULL;
859
}
860
free(params.data);
861
} while(false);
862
}
863
if(dhparamsfilename == NULL){
864
if(mc->dh_bits == 0){
865
#if GNUTLS_VERSION_NUMBER < 0x030600
866
/* Find out the optimal number of DH bits */
867
/* Try to read the private key file */
868
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
869
do {
870
int secfile = open(seckeyfilename, O_RDONLY);
871
if(secfile == -1){
872
perror_plus("open");
873
break;
874
}
875
size_t buffer_capacity = 0;
876
while(true){
877
buffer_capacity = incbuffer((char **)&buffer.data,
878
(size_t)buffer.size,
879
(size_t)buffer_capacity);
880
if(buffer_capacity == 0){
881
perror_plus("incbuffer");
882
free(buffer.data);
883
buffer.data = NULL;
884
break;
885
}
886
ssize_t bytes_read = read(secfile,
887
buffer.data + buffer.size,
888
BUFFER_SIZE);
889
/* EOF */
890
if(bytes_read == 0){
891
break;
892
}
893
/* check bytes_read for failure */
894
if(bytes_read < 0){
895
perror_plus("read");
896
free(buffer.data);
897
buffer.data = NULL;
898
break;
899
}
900
buffer.size += (unsigned int)bytes_read;
901
}
902
close(secfile);
903
} while(false);
904
/* If successful, use buffer to parse private key */
905
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
906
if(buffer.data != NULL){
907
{
908
gnutls_openpgp_privkey_t privkey = NULL;
909
ret = gnutls_openpgp_privkey_init(&privkey);
627
910
if(ret != GNUTLS_E_SUCCESS){
628
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
911
fprintf_plus(stderr, "Error initializing OpenPGP key"
912
" structure: %s",
629
913
safer_gnutls_strerror(ret));
630
privkey = NULL;
914
free(buffer.data);
915
buffer.data = NULL;
916
} else {
917
ret = gnutls_openpgp_privkey_import
918
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
919
if(ret != GNUTLS_E_SUCCESS){
920
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
921
safer_gnutls_strerror(ret));
922
privkey = NULL;
923
}
924
free(buffer.data);
925
buffer.data = NULL;
926
if(privkey != NULL){
927
/* Use private key to suggest an appropriate
928
sec_param */
929
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
930
gnutls_openpgp_privkey_deinit(privkey);
931
if(debug){
932
fprintf_plus(stderr, "This OpenPGP key implies using"
933
" a GnuTLS security parameter \"%s\".\n",
934
safe_string(gnutls_sec_param_get_name
935
(sec_param)));
936
}
937
}
631
938
}
632
free(buffer.data);
633
buffer.data = NULL;
634
if(privkey != NULL){
635
/* Use private key to suggest an appropriate sec_param */
636
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
637
gnutls_openpgp_privkey_deinit(privkey);
638
if(debug){
639
fprintf_plus(stderr, "This OpenPGP key implies using a"
640
" GnuTLS security parameter \"%s\".\n",
641
safe_string(gnutls_sec_param_get_name
642
(sec_param)));
643
}
939
}
940
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
941
/* Err on the side of caution */
942
sec_param = GNUTLS_SEC_PARAM_ULTRA;
943
if(debug){
944
fprintf_plus(stderr, "Falling back to security parameter"
945
" \"%s\"\n",
946
safe_string(gnutls_sec_param_get_name
947
(sec_param)));
644
948
}
645
949
}
646
950
}
647
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
648
/* Err on the side of caution */
649
sec_param = GNUTLS_SEC_PARAM_ULTRA;
951
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
952
if(uret != 0){
953
mc->dh_bits = uret;
650
954
if(debug){
651
fprintf_plus(stderr, "Falling back to security parameter"
652
" \"%s\"\n",
955
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
956
" implies %u DH bits; using that.\n",
653
957
safe_string(gnutls_sec_param_get_name
654
(sec_param)));
958
(sec_param)),
959
mc->dh_bits);
655
960
}
656
}
657
}
658
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
659
if(uret != 0){
660
mc->dh_bits = uret;
661
if(debug){
662
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
663
" implies %u DH bits; using that.\n",
961
} else {
962
fprintf_plus(stderr, "Failed to get implied number of DH"
963
" bits for security parameter \"%s\"): %s\n",
664
964
safe_string(gnutls_sec_param_get_name
665
965
(sec_param)),
966
safer_gnutls_strerror(ret));
967
goto globalfail;
968
}
969
#endif
970
} else { /* dh_bits != 0 */
971
if(debug){
972
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
666
973
mc->dh_bits);
667
974
}
668
} else {
669
fprintf_plus(stderr, "Failed to get implied number of DH"
670
" bits for security parameter \"%s\"): %s\n",
671
safe_string(gnutls_sec_param_get_name(sec_param)),
672
safer_gnutls_strerror(ret));
673
goto globalfail;
975
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
976
if(ret != GNUTLS_E_SUCCESS){
977
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
978
" bits): %s\n", mc->dh_bits,
979
safer_gnutls_strerror(ret));
980
goto globalfail;
981
}
982
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
674
983
}
675
} else if(debug){
676
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
677
mc->dh_bits);
678
}
679
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"
682
" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));
683
goto globalfail;
684
}
685
686
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
984
}
687
985
688
986
return 0;
689
987
690
988
globalfail:
691
989
692
990
gnutls_certificate_free_credentials(mc->cred);
693
gnutls_global_deinit();
694
991
gnutls_dh_params_deinit(mc->dh_params);
695
992
return -1;
696
993
}
701
998
int ret;
702
999
/* GnuTLS session creation */
703
1000
do {
704
ret = gnutls_init(session, GNUTLS_SERVER);
1001
ret = gnutls_init(session, (GNUTLS_SERVER
1002
#if GNUTLS_VERSION_NUMBER >= 0x030506
1003
| GNUTLS_NO_TICKETS
1004
#endif
1005
#if GNUTLS_VERSION_NUMBER >= 0x030606
1006
| GNUTLS_ENABLE_RAWPK
1007
#endif
1008
));
705
1009
if(quit_now){
706
1010
return -1;
707
1011
}
748
1052
/* ignore client certificate if any. */
749
1053
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
750
1054
751
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
752
753
1055
return 0;
754
1056
}
755
1057
757
1059
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
758
1060
__attribute__((unused)) const char *txt){}
759
1061
1062
/* Helper function to add_local_route() and delete_local_route() */
1063
__attribute__((nonnull, warn_unused_result))
1064
static bool add_delete_local_route(const bool add,
1065
const char *address,
1066
AvahiIfIndex if_index){
1067
int ret;
1068
char helper[] = "mandos-client-iprouteadddel";
1069
char add_arg[] = "add";
1070
char delete_arg[] = "delete";
1071
char debug_flag[] = "--debug";
1072
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1073
if(pluginhelperdir == NULL){
1074
if(debug){
1075
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1076
" variable not set; cannot run helper\n");
1077
}
1078
return false;
1079
}
1080
1081
char interface[IF_NAMESIZE];
1082
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1083
perror_plus("if_indextoname");
1084
return false;
1085
}
1086
1087
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1088
if(devnull == -1){
1089
perror_plus("open(\"/dev/null\", O_RDONLY)");
1090
return false;
1091
}
1092
pid_t pid = fork();
1093
if(pid == 0){
1094
/* Child */
1095
/* Raise privileges */
1096
errno = raise_privileges_permanently();
1097
if(errno != 0){
1098
perror_plus("Failed to raise privileges");
1099
/* _exit(EX_NOPERM); */
1100
} else {
1101
/* Set group */
1102
errno = 0;
1103
ret = setgid(0);
1104
if(ret == -1){
1105
perror_plus("setgid");
1106
close(devnull);
1107
_exit(EX_NOPERM);
1108
}
1109
/* Reset supplementary groups */
1110
errno = 0;
1111
ret = setgroups(0, NULL);
1112
if(ret == -1){
1113
perror_plus("setgroups");
1114
close(devnull);
1115
_exit(EX_NOPERM);
1116
}
1117
}
1118
ret = dup2(devnull, STDIN_FILENO);
1119
if(ret == -1){
1120
perror_plus("dup2(devnull, STDIN_FILENO)");
1121
close(devnull);
1122
_exit(EX_OSERR);
1123
}
1124
ret = close(devnull);
1125
if(ret == -1){
1126
perror_plus("close");
1127
}
1128
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1129
if(ret == -1){
1130
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1131
_exit(EX_OSERR);
1132
}
1133
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1134
O_RDONLY
1135
| O_DIRECTORY
1136
| O_PATH
1137
| O_CLOEXEC));
1138
if(helperdir_fd == -1){
1139
perror_plus("open");
1140
_exit(EX_UNAVAILABLE);
1141
}
1142
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1143
helper, O_RDONLY));
1144
if(helper_fd == -1){
1145
perror_plus("openat");
1146
close(helperdir_fd);
1147
_exit(EX_UNAVAILABLE);
1148
}
1149
close(helperdir_fd);
1150
#ifdef __GNUC__
1151
#pragma GCC diagnostic push
1152
#pragma GCC diagnostic ignored "-Wcast-qual"
1153
#endif
1154
if(fexecve(helper_fd, (char *const [])
1155
{ helper, add ? add_arg : delete_arg, (char *)address,
1156
interface, debug ? debug_flag : NULL, NULL },
1157
environ) == -1){
1158
#ifdef __GNUC__
1159
#pragma GCC diagnostic pop
1160
#endif
1161
perror_plus("fexecve");
1162
_exit(EXIT_FAILURE);
1163
}
1164
}
1165
if(pid == -1){
1166
perror_plus("fork");
1167
close(devnull);
1168
return false;
1169
}
1170
ret = close(devnull);
1171
if(ret == -1){
1172
perror_plus("close");
1173
}
1174
int status;
1175
pid_t pret = -1;
1176
errno = 0;
1177
do {
1178
pret = waitpid(pid, &status, 0);
1179
if(pret == -1 and errno == EINTR and quit_now){
1180
int errno_raising = 0;
1181
if((errno = raise_privileges()) != 0){
1182
errno_raising = errno;
1183
perror_plus("Failed to raise privileges in order to"
1184
" kill helper program");
1185
}
1186
if(kill(pid, SIGTERM) == -1){
1187
perror_plus("kill");
1188
}
1189
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1190
perror_plus("Failed to lower privileges after killing"
1191
" helper program");
1192
}
1193
return false;
1194
}
1195
} while(pret == -1 and errno == EINTR);
1196
if(pret == -1){
1197
perror_plus("waitpid");
1198
return false;
1199
}
1200
if(WIFEXITED(status)){
1201
if(WEXITSTATUS(status) != 0){
1202
fprintf_plus(stderr, "Error: iprouteadddel exited"
1203
" with status %d\n", WEXITSTATUS(status));
1204
return false;
1205
}
1206
return true;
1207
}
1208
if(WIFSIGNALED(status)){
1209
fprintf_plus(stderr, "Error: iprouteadddel died by"
1210
" signal %d\n", WTERMSIG(status));
1211
return false;
1212
}
1213
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1214
return false;
1215
}
1216
1217
__attribute__((nonnull, warn_unused_result))
1218
static bool add_local_route(const char *address,
1219
AvahiIfIndex if_index){
1220
if(debug){
1221
fprintf_plus(stderr, "Adding route to %s\n", address);
1222
}
1223
return add_delete_local_route(true, address, if_index);
1224
}
1225
1226
__attribute__((nonnull, warn_unused_result))
1227
static bool delete_local_route(const char *address,
1228
AvahiIfIndex if_index){
1229
if(debug){
1230
fprintf_plus(stderr, "Removing route to %s\n", address);
1231
}
1232
return add_delete_local_route(false, address, if_index);
1233
}
1234
760
1235
/* Called when a Mandos server is found */
761
1236
__attribute__((nonnull, warn_unused_result))
762
1237
static int start_mandos_communication(const char *ip, in_port_t port,
773
1248
int retval = -1;
774
1249
gnutls_session_t session;
775
1250
int pf; /* Protocol family */
1251
bool route_added = false;
776
1252
777
1253
errno = 0;
778
1254
800
1276
bool match = false;
801
1277
{
802
1278
char *interface = NULL;
803
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
804
interface))){
1279
while((interface = argz_next(mc->interfaces,
1280
mc->interfaces_size,
1281
interface))){
805
1282
if(if_nametoindex(interface) == (unsigned int)if_index){
806
1283
match = true;
807
1284
break;
836
1313
PRIuMAX "\n", ip, (uintmax_t)port);
837
1314
}
838
1315
839
tcp_sd = socket(pf, SOCK_STREAM, 0);
1316
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
840
1317
if(tcp_sd < 0){
841
1318
int e = errno;
842
1319
perror_plus("socket");
849
1326
goto mandos_end;
850
1327
}
851
1328
852
memset(&to, 0, sizeof(to));
853
1329
if(af == AF_INET6){
854
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
855
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1330
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1331
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1332
ret = inet_pton(af, ip, &to6->sin6_addr);
856
1333
} else { /* IPv4 */
857
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
858
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1334
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1335
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1336
ret = inet_pton(af, ip, &to4->sin_addr);
859
1337
}
860
1338
if(ret < 0 ){
861
1339
int e = errno;
931
1409
goto mandos_end;
932
1410
}
933
1411
934
if(af == AF_INET6){
935
ret = connect(tcp_sd, (struct sockaddr *)&to,
936
sizeof(struct sockaddr_in6));
937
} else {
938
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
939
sizeof(struct sockaddr_in));
940
}
941
if(ret < 0){
942
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
943
int e = errno;
944
perror_plus("connect");
945
errno = e;
946
}
947
goto mandos_end;
948
}
949
950
if(quit_now){
951
errno = EINTR;
952
goto mandos_end;
1412
while(true){
1413
if(af == AF_INET6){
1414
ret = connect(tcp_sd, (struct sockaddr *)&to,
1415
sizeof(struct sockaddr_in6));
1416
} else {
1417
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1418
sizeof(struct sockaddr_in));
1419
}
1420
if(ret < 0){
1421
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1422
and if_index != AVAHI_IF_UNSPEC
1423
and connect_to == NULL
1424
and not route_added and
1425
((af == AF_INET6 and not
1426
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1427
&to)->sin6_addr)))
1428
or (af == AF_INET and
1429
/* Not a a IPv4LL address */
1430
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1431
& 0xFFFF0000L) != 0xA9FE0000L))){
1432
/* Work around Avahi bug - Avahi does not announce link-local
1433
addresses if it has a global address, so local hosts with
1434
*only* a link-local address (e.g. Mandos clients) cannot
1435
connect to a Mandos server announced by Avahi on a server
1436
host with a global address. Work around this by retrying
1437
with an explicit route added with the server's address.
1438
1439
Avahi bug reference:
1440
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1441
https://bugs.debian.org/587961
1442
*/
1443
if(debug){
1444
fprintf_plus(stderr, "Mandos server unreachable, trying"
1445
" direct route\n");
1446
}
1447
int e = errno;
1448
route_added = add_local_route(ip, if_index);
1449
if(route_added){
1450
continue;
1451
}
1452
errno = e;
1453
}
1454
if(errno != ECONNREFUSED or debug){
1455
int e = errno;
1456
perror_plus("connect");
1457
errno = e;
1458
}
1459
goto mandos_end;
1460
}
1461
1462
if(quit_now){
1463
errno = EINTR;
1464
goto mandos_end;
1465
}
1466
break;
953
1467
}
954
1468
955
1469
const char *out = mandos_protocol_version;
1109
1623
&decrypted_buffer, mc);
1110
1624
if(decrypted_buffer_size >= 0){
1111
1625
1626
clearerr(stdout);
1112
1627
written = 0;
1113
1628
while(written < (size_t) decrypted_buffer_size){
1114
1629
if(quit_now){
1130
1645
}
1131
1646
written += (size_t)ret;
1132
1647
}
1648
ret = fflush(stdout);
1649
if(ret != 0){
1650
int e = errno;
1651
if(debug){
1652
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1653
strerror(errno));
1654
}
1655
errno = e;
1656
goto mandos_end;
1657
}
1133
1658
retval = 0;
1134
1659
}
1135
1660
}
1138
1663
1139
1664
mandos_end:
1140
1665
{
1666
if(route_added){
1667
if(not delete_local_route(ip, if_index)){
1668
fprintf_plus(stderr, "Failed to delete local route to %s on"
1669
" interface %d", ip, if_index);
1670
}
1671
}
1141
1672
int e = errno;
1142
1673
free(decrypted_buffer);
1143
1674
free(buffer);
1144
1675
if(tcp_sd >= 0){
1145
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1676
ret = close(tcp_sd);
1146
1677
}
1147
1678
if(ret == -1){
1148
1679
if(e == 0){
1160
1691
return retval;
1161
1692
}
1162
1693
1163
__attribute__((nonnull))
1164
1694
static void resolve_callback(AvahiSServiceResolver *r,
1165
1695
AvahiIfIndex interface,
1166
1696
AvahiProtocol proto,
1303
1833
__attribute__((nonnull, warn_unused_result))
1304
1834
bool get_flags(const char *ifname, struct ifreq *ifr){
1305
1835
int ret;
1306
error_t ret_errno;
1836
int old_errno;
1307
1837
1308
1838
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1309
1839
if(s < 0){
1310
ret_errno = errno;
1840
old_errno = errno;
1311
1841
perror_plus("socket");
1312
errno = ret_errno;
1842
errno = old_errno;
1313
1843
return false;
1314
1844
}
1315
strcpy(ifr->ifr_name, ifname);
1845
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1846
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1316
1847
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1317
1848
if(ret == -1){
1318
1849
if(debug){
1319
ret_errno = errno;
1850
old_errno = errno;
1320
1851
perror_plus("ioctl SIOCGIFFLAGS");
1321
errno = ret_errno;
1852
errno = old_errno;
1853
}
1854
if((close(s) == -1) and debug){
1855
old_errno = errno;
1856
perror_plus("close");
1857
errno = old_errno;
1322
1858
}
1323
1859
return false;
1324
1860
}
1861
if((close(s) == -1) and debug){
1862
old_errno = errno;
1863
perror_plus("close");
1864
errno = old_errno;
1865
}
1325
1866
return true;
1326
1867
}
1327
1868
1569
2110
}
1570
2111
}
1571
2112
1572
/* Set effective uid to 0, return errno */
1573
__attribute__((warn_unused_result))
1574
error_t raise_privileges(void){
1575
error_t old_errno = errno;
1576
error_t ret_errno = 0;
1577
if(seteuid(0) == -1){
1578
ret_errno = errno;
1579
}
1580
errno = old_errno;
1581
return ret_errno;
1582
}
1583
1584
/* Set effective and real user ID to 0. Return errno. */
1585
__attribute__((warn_unused_result))
1586
error_t raise_privileges_permanently(void){
1587
error_t old_errno = errno;
1588
error_t ret_errno = raise_privileges();
1589
if(ret_errno != 0){
1590
errno = old_errno;
1591
return ret_errno;
1592
}
1593
if(setuid(0) == -1){
1594
ret_errno = errno;
1595
}
1596
errno = old_errno;
1597
return ret_errno;
1598
}
1599
1600
/* Set effective user ID to unprivileged saved user ID */
1601
__attribute__((warn_unused_result))
1602
error_t lower_privileges(void){
1603
error_t old_errno = errno;
1604
error_t ret_errno = 0;
1605
if(seteuid(uid) == -1){
1606
ret_errno = errno;
1607
}
1608
errno = old_errno;
1609
return ret_errno;
1610
}
1611
1612
/* Lower privileges permanently */
1613
__attribute__((warn_unused_result))
1614
error_t lower_privileges_permanently(void){
1615
error_t old_errno = errno;
1616
error_t ret_errno = 0;
1617
if(setuid(uid) == -1){
1618
ret_errno = errno;
1619
}
1620
errno = old_errno;
1621
return ret_errno;
1622
}
1623
1624
2113
__attribute__((nonnull))
1625
2114
void run_network_hooks(const char *mode, const char *interface,
1626
2115
const float delay){
1627
2116
struct dirent **direntries = NULL;
1628
2117
if(hookdir_fd == -1){
1629
hookdir_fd = open(hookdir, O_RDONLY);
2118
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2119
| O_CLOEXEC);
1630
2120
if(hookdir_fd == -1){
1631
2121
if(errno == ENOENT){
1632
2122
if(debug){
1639
2129
return;
1640
2130
}
1641
2131
}
1642
#ifdef __GLIBC__
1643
#if __GLIBC_PREREQ(2, 15)
2132
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2133
if(devnull == -1){
2134
perror_plus("open(\"/dev/null\", O_RDONLY)");
2135
return;
2136
}
1644
2137
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1645
2138
runnable_hook, alphasort);
1646
#else /* not __GLIBC_PREREQ(2, 15) */
1647
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1648
alphasort);
1649
#endif /* not __GLIBC_PREREQ(2, 15) */
1650
#else /* not __GLIBC__ */
1651
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1652
alphasort);
1653
#endif /* not __GLIBC__ */
1654
2139
if(numhooks == -1){
1655
2140
perror_plus("scandir");
2141
close(devnull);
1656
2142
return;
1657
2143
}
1658
2144
struct dirent *direntry;
1659
2145
int ret;
1660
int devnull = open("/dev/null", O_RDONLY);
1661
2146
for(int i = 0; i < numhooks; i++){
1662
2147
direntry = direntries[i];
1663
2148
if(debug){
1687
2172
perror_plus("setgroups");
1688
2173
_exit(EX_NOPERM);
1689
2174
}
1690
ret = dup2(devnull, STDIN_FILENO);
1691
if(ret == -1){
1692
perror_plus("dup2(devnull, STDIN_FILENO)");
1693
_exit(EX_OSERR);
1694
}
1695
ret = close(devnull);
1696
if(ret == -1){
1697
perror_plus("close");
1698
_exit(EX_OSERR);
1699
}
1700
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1701
if(ret == -1){
1702
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1703
_exit(EX_OSERR);
1704
}
1705
2175
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1706
2176
if(ret == -1){
1707
2177
perror_plus("setenv");
1742
2212
_exit(EX_OSERR);
1743
2213
}
1744
2214
}
1745
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2215
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2216
direntry->d_name,
2217
O_RDONLY));
1746
2218
if(hook_fd == -1){
1747
2219
perror_plus("openat");
1748
2220
_exit(EXIT_FAILURE);
1749
2221
}
1750
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2222
if(close(hookdir_fd) == -1){
1751
2223
perror_plus("close");
1752
2224
_exit(EXIT_FAILURE);
1753
2225
}
2226
ret = dup2(devnull, STDIN_FILENO);
2227
if(ret == -1){
2228
perror_plus("dup2(devnull, STDIN_FILENO)");
2229
_exit(EX_OSERR);
2230
}
2231
ret = close(devnull);
2232
if(ret == -1){
2233
perror_plus("close");
2234
_exit(EX_OSERR);
2235
}
2236
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2237
if(ret == -1){
2238
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2239
_exit(EX_OSERR);
2240
}
1754
2241
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1755
2242
environ) == -1){
1756
2243
perror_plus("fexecve");
1796
2283
free(direntry);
1797
2284
}
1798
2285
free(direntries);
1799
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2286
if(close(hookdir_fd) == -1){
1800
2287
perror_plus("close");
1801
2288
} else {
1802
2289
hookdir_fd = -1;
1805
2292
}
1806
2293
1807
2294
__attribute__((nonnull, warn_unused_result))
1808
error_t bring_up_interface(const char *const interface,
1809
const float delay){
1810
error_t old_errno = errno;
2295
int bring_up_interface(const char *const interface,
2296
const float delay){
2297
int old_errno = errno;
1811
2298
int ret;
1812
2299
struct ifreq network;
1813
2300
unsigned int if_index = if_nametoindex(interface);
1823
2310
}
1824
2311
1825
2312
if(not interface_is_up(interface)){
1826
error_t ret_errno = 0, ioctl_errno = 0;
2313
int ret_errno = 0;
2314
int ioctl_errno = 0;
1827
2315
if(not get_flags(interface, &network)){
1828
2316
ret_errno = errno;
1829
2317
fprintf_plus(stderr, "Failed to get flags for interface "
1842
2330
}
1843
2331
1844
2332
if(quit_now){
1845
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2333
ret = close(sd);
1846
2334
if(ret == -1){
1847
2335
perror_plus("close");
1848
2336
}
1898
2386
}
1899
2387
1900
2388
/* Close the socket */
1901
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2389
ret = close(sd);
1902
2390
if(ret == -1){
1903
2391
perror_plus("close");
1904
2392
}
1916
2404
1917
2405
/* Sleep checking until interface is running.
1918
2406
Check every 0.25s, up to total time of delay */
1919
for(int i=0; i < delay * 4; i++){
2407
for(int i = 0; i < delay * 4; i++){
1920
2408
if(interface_is_running(interface)){
1921
2409
break;
1922
2410
}
1932
2420
}
1933
2421
1934
2422
__attribute__((nonnull, warn_unused_result))
1935
error_t take_down_interface(const char *const interface){
1936
error_t old_errno = errno;
2423
int take_down_interface(const char *const interface){
2424
int old_errno = errno;
1937
2425
struct ifreq network;
1938
2426
unsigned int if_index = if_nametoindex(interface);
1939
2427
if(if_index == 0){
1942
2430
return ENXIO;
1943
2431
}
1944
2432
if(interface_is_up(interface)){
1945
error_t ret_errno = 0, ioctl_errno = 0;
2433
int ret_errno = 0;
2434
int ioctl_errno = 0;
1946
2435
if(not get_flags(interface, &network) and debug){
1947
2436
ret_errno = errno;
1948
2437
fprintf_plus(stderr, "Failed to get flags for interface "
1986
2475
}
1987
2476
1988
2477
/* Close the socket */
1989
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2478
int ret = close(sd);
1990
2479
if(ret == -1){
1991
2480
perror_plus("close");
1992
2481
}
2008
2497
2009
2498
int main(int argc, char *argv[]){
2010
2499
mandos_context mc = { .server = NULL, .dh_bits = 0,
2011
.priority = "SECURE256:!CTYPE-X.509:"
2012
"+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2013
.interfaces = NULL, .interfaces_size = 0 };
2500
#if GNUTLS_VERSION_NUMBER >= 0x030606
2501
.priority = "SECURE128:!CTYPE-X.509"
2502
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2503
":%PROFILE_ULTRA",
2504
#elif GNUTLS_VERSION_NUMBER < 0x030600
2505
.priority = "SECURE256:!CTYPE-X.509"
2506
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2507
#else
2508
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2509
#endif
2510
.current_server = NULL, .interfaces = NULL,
2511
.interfaces_size = 0 };
2014
2512
AvahiSServiceBrowser *sb = NULL;
2015
2513
error_t ret_errno;
2016
2514
int ret;
2025
2523
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2026
2524
const char *seckey = PATHDIR "/" SECKEY;
2027
2525
const char *pubkey = PATHDIR "/" PUBKEY;
2526
#if GNUTLS_VERSION_NUMBER >= 0x030606
2527
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2528
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2529
#endif
2530
const char *dh_params_file = NULL;
2028
2531
char *interfaces_hooks = NULL;
2029
2532
2030
2533
bool gnutls_initialized = false;
2077
2580
{ .name = "pubkey", .key = 'p',
2078
2581
.arg = "FILE",
2079
2582
.doc = "OpenPGP public key file base name",
2080
.group = 2 },
2583
.group = 1 },
2584
{ .name = "tls-privkey", .key = 't',
2585
.arg = "FILE",
2586
#if GNUTLS_VERSION_NUMBER >= 0x030606
2587
.doc = "TLS private key file base name",
2588
#else
2589
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2590
#endif
2591
.group = 1 },
2592
{ .name = "tls-pubkey", .key = 'T',
2593
.arg = "FILE",
2594
#if GNUTLS_VERSION_NUMBER >= 0x030606
2595
.doc = "TLS public key file base name",
2596
#else
2597
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2598
#endif
2599
.group = 1 },
2081
2600
{ .name = "dh-bits", .key = 129,
2082
2601
.arg = "BITS",
2083
2602
.doc = "Bit length of the prime number used in the"
2084
2603
" Diffie-Hellman key exchange",
2085
2604
.group = 2 },
2605
{ .name = "dh-params", .key = 134,
2606
.arg = "FILE",
2607
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2608
" for the Diffie-Hellman key exchange",
2609
.group = 2 },
2086
2610
{ .name = "priority", .key = 130,
2087
2611
.arg = "STRING",
2088
2612
.doc = "GnuTLS priority string for the TLS handshake",
2134
2658
case 'p': /* --pubkey */
2135
2659
pubkey = arg;
2136
2660
break;
2661
case 't': /* --tls-privkey */
2662
#if GNUTLS_VERSION_NUMBER >= 0x030606
2663
tls_privkey = arg;
2664
#endif
2665
break;
2666
case 'T': /* --tls-pubkey */
2667
#if GNUTLS_VERSION_NUMBER >= 0x030606
2668
tls_pubkey = arg;
2669
#endif
2670
break;
2137
2671
case 129: /* --dh-bits */
2138
2672
errno = 0;
2139
2673
tmpmax = strtoimax(arg, &tmp, 10);
2143
2677
}
2144
2678
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2145
2679
break;
2680
case 134: /* --dh-params */
2681
dh_params_file = arg;
2682
break;
2146
2683
case 130: /* --priority */
2147
2684
mc.priority = arg;
2148
2685
break;
2171
2708
argp_state_help(state, state->out_stream,
2172
2709
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2173
2710
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2711
__builtin_unreachable();
2174
2712
case -3: /* --usage */
2175
2713
argp_state_help(state, state->out_stream,
2176
2714
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2715
__builtin_unreachable();
2177
2716
case 'V': /* --version */
2178
2717
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2179
2718
exit(argp_err_exit_status);
2188
2727
.args_doc = "",
2189
2728
.doc = "Mandos client -- Get and decrypt"
2190
2729
" passwords from a Mandos server" };
2191
ret = argp_parse(&argp, argc, argv,
2192
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2193
switch(ret){
2730
ret_errno = argp_parse(&argp, argc, argv,
2731
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2732
switch(ret_errno){
2194
2733
case 0:
2195
2734
break;
2196
2735
case ENOMEM:
2197
2736
default:
2198
errno = ret;
2737
errno = ret_errno;
2199
2738
perror_plus("argp_parse");
2200
2739
exitcode = EX_OSERR;
2201
2740
goto end;
2204
2743
goto end;
2205
2744
}
2206
2745
}
2207
2746
2208
2747
{
2209
/* Work around Debian bug #633582:
2210
<http://bugs.debian.org/633582> */
2211
2212
2748
/* Re-raise privileges */
2213
ret_errno = raise_privileges();
2214
if(ret_errno != 0){
2215
errno = ret_errno;
2749
ret = raise_privileges();
2750
if(ret != 0){
2751
errno = ret;
2216
2752
perror_plus("Failed to raise privileges");
2217
2753
} else {
2218
2754
struct stat st;
2219
2755
2756
/* Work around Debian bug #633582:
2757
<https://bugs.debian.org/633582> */
2758
2220
2759
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2221
2760
int seckey_fd = open(seckey, O_RDONLY);
2222
2761
if(seckey_fd == -1){
2234
2773
}
2235
2774
}
2236
2775
}
2237
TEMP_FAILURE_RETRY(close(seckey_fd));
2776
close(seckey_fd);
2238
2777
}
2239
2778
}
2240
2779
2241
2780
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2242
2781
int pubkey_fd = open(pubkey, O_RDONLY);
2243
2782
if(pubkey_fd == -1){
2255
2794
}
2256
2795
}
2257
2796
}
2258
TEMP_FAILURE_RETRY(close(pubkey_fd));
2259
}
2260
}
2261
2797
close(pubkey_fd);
2798
}
2799
}
2800
2801
if(dh_params_file != NULL
2802
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2803
int dhparams_fd = open(dh_params_file, O_RDONLY);
2804
if(dhparams_fd == -1){
2805
perror_plus("open");
2806
} else {
2807
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2808
if(ret == -1){
2809
perror_plus("fstat");
2810
} else {
2811
if(S_ISREG(st.st_mode)
2812
and st.st_uid == 0 and st.st_gid == 0){
2813
ret = fchown(dhparams_fd, uid, gid);
2814
if(ret == -1){
2815
perror_plus("fchown");
2816
}
2817
}
2818
}
2819
close(dhparams_fd);
2820
}
2821
}
2822
2823
/* Work around Debian bug #981302
2824
<https://bugs.debian.org/981302> */
2825
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2826
ret = symlink("/proc/self/fd", "/dev/fd");
2827
if(ret == -1){
2828
perror_plus("Failed to create /dev/fd symlink");
2829
}
2830
}
2831
2262
2832
/* Lower privileges */
2263
ret_errno = lower_privileges();
2264
if(ret_errno != 0){
2265
errno = ret_errno;
2833
ret = lower_privileges();
2834
if(ret != 0){
2835
errno = ret;
2266
2836
perror_plus("Failed to lower privileges");
2267
2837
}
2268
2838
}
2438
3008
errno = bring_up_interface(interface, delay);
2439
3009
if(not interface_was_up){
2440
3010
if(errno != 0){
2441
perror_plus("Failed to bring up interface");
3011
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
3012
" %s\n", interface, strerror(errno));
2442
3013
} else {
2443
3014
errno = argz_add(&interfaces_to_take_down,
2444
3015
&interfaces_to_take_down_size,
2467
3038
goto end;
2468
3039
}
2469
3040
2470
ret = init_gnutls_global(pubkey, seckey, &mc);
3041
#if GNUTLS_VERSION_NUMBER >= 0x030606
3042
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3043
#elif GNUTLS_VERSION_NUMBER < 0x030600
3044
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3045
#else
3046
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3047
#endif
2471
3048
if(ret == -1){
2472
3049
fprintf_plus(stderr, "init_gnutls_global failed\n");
2473
3050
exitcode = EX_UNAVAILABLE;
2595
3172
2596
3173
/* Allocate a new server */
2597
3174
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2598
&config, NULL, NULL, &ret_errno);
3175
&config, NULL, NULL, &ret);
2599
3176
2600
3177
/* Free the Avahi configuration data */
2601
3178
avahi_server_config_free(&config);
2604
3181
/* Check if creating the Avahi server object succeeded */
2605
3182
if(mc.server == NULL){
2606
3183
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2607
avahi_strerror(ret_errno));
3184
avahi_strerror(ret));
2608
3185
exitcode = EX_UNAVAILABLE;
2609
3186
goto end;
2610
3187
}
2645
3222
end:
2646
3223
2647
3224
if(debug){
2648
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3225
if(signal_received){
3226
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3227
argv[0], signal_received,
3228
strsignal(signal_received));
3229
} else {
3230
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3231
}
2649
3232
}
2650
3233
2651
3234
/* Cleanup things */
2662
3245
2663
3246
if(gnutls_initialized){
2664
3247
gnutls_certificate_free_credentials(mc.cred);
2665
gnutls_global_deinit();
2666
3248
gnutls_dh_params_deinit(mc.dh_params);
2667
3249
}
2668
3250
2691
3273
2692
3274
/* Re-raise privileges */
2693
3275
{
2694
ret_errno = raise_privileges();
2695
if(ret_errno != 0){
2696
errno = ret_errno;
3276
ret = raise_privileges();
3277
if(ret != 0){
3278
errno = ret;
2697
3279
perror_plus("Failed to raise privileges");
2698
3280
} else {
2699
3281
2704
3286
/* Take down the network interfaces which were brought up */
2705
3287
{
2706
3288
char *interface = NULL;
2707
while((interface=argz_next(interfaces_to_take_down,
2708
interfaces_to_take_down_size,
2709
interface))){
2710
ret_errno = take_down_interface(interface);
2711
if(ret_errno != 0){
2712
errno = ret_errno;
3289
while((interface = argz_next(interfaces_to_take_down,
3290
interfaces_to_take_down_size,
3291
interface))){
3292
ret = take_down_interface(interface);
3293
if(ret != 0){
3294
errno = ret;
2713
3295
perror_plus("Failed to take down interface");
2714
3296
}
2715
3297
}
2720
3302
}
2721
3303
}
2722
3304
2723
ret_errno = lower_privileges_permanently();
2724
if(ret_errno != 0){
2725
errno = ret_errno;
3305
ret = lower_privileges_permanently();
3306
if(ret != 0){
3307
errno = ret;
2726
3308
perror_plus("Failed to lower privileges permanently");
2727
3309
}
2728
3310
}
2730
3312
free(interfaces_to_take_down);
2731
3313
free(interfaces_hooks);
2732
3314
3315
void clean_dir_at(int base, const char * const dirname,
3316
uintmax_t level){
3317
struct dirent **direntries = NULL;
3318
int dret;
3319
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3320
O_RDONLY
3321
| O_NOFOLLOW
3322
| O_DIRECTORY
3323
| O_PATH));
3324
if(dir_fd == -1){
3325
perror_plus("open");
3326
return;
3327
}
3328
int numentries = scandirat(dir_fd, ".", &direntries,
3329
notdotentries, alphasort);
3330
if(numentries >= 0){
3331
for(int i = 0; i < numentries; i++){
3332
if(debug){
3333
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3334
dirname, direntries[i]->d_name);
3335
}
3336
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3337
if(dret == -1){
3338
if(errno == EISDIR){
3339
dret = unlinkat(dir_fd, direntries[i]->d_name,
3340
AT_REMOVEDIR);
3341
}
3342
if((dret == -1) and (errno == ENOTEMPTY)
3343
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3344
== 0) and (level == 0)){
3345
/* Recurse only in this special case */
3346
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3347
dret = 0;
3348
}
3349
if((dret == -1) and (errno != ENOENT)){
3350
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3351
direntries[i]->d_name, strerror(errno));
3352
}
3353
}
3354
free(direntries[i]);
3355
}
3356
3357
/* need to clean even if 0 because man page doesn't specify */
3358
free(direntries);
3359
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3360
if(dret == -1 and errno != ENOENT){
3361
perror_plus("rmdir");
3362
}
3363
} else {
3364
perror_plus("scandirat");
3365
}
3366
close(dir_fd);
3367
}
3368
2733
3369
/* Removes the GPGME temp directory and all files inside */
2734
3370
if(tempdir != NULL){
2735
struct dirent **direntries = NULL;
2736
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2737
O_NOFOLLOW));
2738
if(tempdir_fd == -1){
2739
perror_plus("open");
2740
} else {
2741
#ifdef __GLIBC__
2742
#if __GLIBC_PREREQ(2, 15)
2743
int numentries = scandirat(tempdir_fd, ".", &direntries,
2744
notdotentries, alphasort);
2745
#else /* not __GLIBC_PREREQ(2, 15) */
2746
int numentries = scandir(tempdir, &direntries, notdotentries,
2747
alphasort);
2748
#endif /* not __GLIBC_PREREQ(2, 15) */
2749
#else /* not __GLIBC__ */
2750
int numentries = scandir(tempdir, &direntries, notdotentries,
2751
alphasort);
2752
#endif /* not __GLIBC__ */
2753
if(numentries >= 0){
2754
for(int i = 0; i < numentries; i++){
2755
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2756
if(ret == -1){
2757
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2758
" \"%s\", 0): %s\n", tempdir,
2759
direntries[i]->d_name, strerror(errno));
2760
}
2761
free(direntries[i]);
2762
}
2763
2764
/* need to clean even if 0 because man page doesn't specify */
2765
free(direntries);
2766
if(numentries == -1){
2767
perror_plus("scandir");
2768
}
2769
ret = rmdir(tempdir);
2770
if(ret == -1 and errno != ENOENT){
2771
perror_plus("rmdir");
2772
}
2773
}
2774
TEMP_FAILURE_RETRY(close(tempdir_fd));
2775
}
3371
clean_dir_at(-1, tempdir, 0);
2776
3372
}
2777
3373
2778
3374
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0