To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1237
- compare with another revision
- download diff
- download tarball
- view history from revision 1237
- Committer: Teddy Hogeborn
- Date: 2021-02-03 23:10:42 UTC
- Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
- files added:
- bugs.xml
- debian/tests
- dracut-module
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2016 Teddy Hogeborn
13
* Copyright © 2008-2016 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2021 Teddy Hogeborn
13
* Copyright © 2008-2021 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
37
38
#define _FILE_OFFSET_BITS 64
38
39
#endif /* not _FILE_OFFSET_BITS */
39
40
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
41
#define _GNU_SOURCE /* program_invocation_short_name,
42
TEMP_FAILURE_RETRY(), O_CLOEXEC,
43
scandirat(), asprintf() */
48
44
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open(), S_ISREG */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect(),
59
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
*/
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
45
#include <argp.h> /* argp_program_version,
46
argp_program_bug_address,
47
struct argp_option,
48
struct argp_state, argp_error(),
49
argp_state_help,
50
ARGP_HELP_STD_HELP,
51
ARGP_HELP_EXIT_ERR,
52
ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,
53
argp_err_exit_status,
54
ARGP_ERR_UNKNOWN, struct argp,
55
argp_parse(), ARGP_IN_ORDER,
56
ARGP_NO_HELP */
57
#include <stddef.h> /* NULL, size_t */
58
#include <sys/types.h> /* uid_t, gid_t, sig_atomic_t,
59
seteuid(), setuid(), pid_t,
60
setgid(), getuid(), getgid() */
61
#include <unistd.h> /* uid_t, gid_t, TEMP_FAILURE_RETRY(),
62
seteuid(), setuid(), close(),
63
ssize_t, read(), fork(), setgid(),
64
_exit(), dup2(), STDIN_FILENO,
65
STDERR_FILENO, STDOUT_FILENO,
66
fexecve(), write(), getuid(),
67
getgid(), fchown(), symlink(),
68
sleep(), unlinkat(), pause() */
69
#include <netinet/in.h> /* in_port_t, struct sockaddr_in6,
70
sa_family_t, struct sockaddr_in,
71
htons(), IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN,
73
ntohl(), IPPROTO_IP */
74
#include <time.h> /* struct timespec, clock_gettime(),
75
CLOCK_MONOTONIC, time_t, struct tm,
76
gmtime_r(), clock_settime(),
77
CLOCK_REALTIME, nanosleep() */
78
#include <errno.h> /* errno,
79
program_invocation_short_name,
80
EINTR, EINVAL, ENETUNREACH,
81
EHOSTUNREACH, ECONNREFUSED, EPROTO,
82
EIO, ENOENT, ENXIO, error_t,
83
ENOMEM, EISDIR, ENOTEMPTY */
84
#include <stdio.h> /* fprintf(), stderr, perror(), FILE,
85
vfprintf(), off_t, SEEK_SET,
86
stdout, fwrite(), ferror(),
87
fflush(), asprintf() */
88
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
89
#include <stdlib.h> /* realloc(), free(), malloc(),
90
getenv(), EXIT_FAILURE, setenv(),
91
EXIT_SUCCESS, strtof(), strtod(),
92
srand(), mkdtemp(), abort() */
93
#include <string.h> /* strdup(), strcmp(), strlen(),
94
strerror(), strncpy(), strspn(),
95
memcpy(), strrchr(), strchr(),
96
strsignal() */
97
#include <fcntl.h> /* open(), O_RDONLY, O_DIRECTORY,
98
O_PATH, O_CLOEXEC, openat(),
99
O_NOFOLLOW, AT_REMOVEDIR */
100
#include <iso646.h> /* or, and, not */
101
#include <sys/stat.h> /* struct stat, fstat(), fstatat(),
102
S_ISREG(), S_IXUSR, S_IXGRP,
103
S_IXOTH, lstat() */
104
#include <net/if.h> /* IF_NAMESIZE, if_indextoname(),
105
if_nametoindex(), SIOCGIFFLAGS,
106
IFF_LOOPBACK, IFF_POINTOPOINT,
107
IFF_BROADCAST, IFF_NOARP, IFF_UP,
108
IFF_RUNNING, SIOCSIFFLAGS */
109
#include <sysexits.h> /* EX_NOPERM, EX_OSERR,
110
EX_UNAVAILABLE, EX_USAGE */
111
#include <grp.h> /* setgroups() */
112
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
113
WEXITSTATUS(), WIFSIGNALED(),
114
WTERMSIG() */
115
#include <signal.h> /* kill(), SIGTERM, struct sigaction,
116
SIG_DFL, sigemptyset(),
117
sigaddset(), SIGINT, SIGHUP,
118
SIG_IGN, raise() */
119
#include <sys/socket.h> /* struct sockaddr_storage, AF_INET6,
120
PF_INET6, AF_INET, PF_INET,
121
socket(), SOCK_STREAM,
122
SOCK_CLOEXEC, struct sockaddr,
123
connect(), SOCK_DGRAM */
124
#include <argz.h> /* argz_next(), argz_add_sep(),
125
argz_delete(), argz_stringify(),
126
argz_add(), argz_count() */
127
#include <inttypes.h> /* PRIuMAX, uintmax_t, uint32_t,
128
PRIdMAX, PRIu16, intmax_t,
64
129
strtoimax() */
65
#include <errno.h> /* perror(), errno,
66
program_invocation_short_name */
67
#include <time.h> /* nanosleep(), time(), sleep() */
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
69
SIOCSIFFLAGS, if_indextoname(),
70
if_nametoindex(), IF_NAMESIZE */
71
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
*/
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit(),
77
unlinkat() */
78
#include <arpa/inet.h> /* inet_pton(), htons() */
79
#include <iso646.h> /* not, or, and */
80
#include <argp.h> /* struct argp_option, error_t, struct
81
argp_state, struct argp,
82
argp_parse(), ARGP_KEY_ARG,
83
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
84
#include <signal.h> /* sigemptyset(), sigaddset(),
85
sigaction(), SIGTERM, sig_atomic_t,
86
raise() */
87
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
88
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
89
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
90
WEXITSTATUS(), WTERMSIG() */
91
#include <grp.h> /* setgroups() */
92
#include <argz.h> /* argz_add_sep(), argz_next(),
93
argz_delete(), argz_append(),
94
argz_stringify(), argz_add(),
95
argz_count() */
130
#include <arpa/inet.h> /* inet_pton() */
131
#include <stdint.h> /* uint32_t, intptr_t, uint16_t */
96
132
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
97
133
EAI_SYSTEM, gai_strerror() */
134
#include <sys/ioctl.h> /* ioctl() */
135
#include <dirent.h> /* struct dirent, scandirat(),
136
alphasort(), scandir() */
137
#include <limits.h> /* INT_MAX */
98
138
99
139
#ifdef __linux__
100
140
#include <sys/klog.h> /* klogctl() */
113
153
114
154
/* GnuTLS */
115
155
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
116
functions:
117
gnutls_*
118
init_gnutls_session(),
119
GNUTLS_* */
156
functions: gnutls_*, GNUTLS_* */
157
#if GNUTLS_VERSION_NUMBER < 0x030600
120
158
#include <gnutls/openpgp.h>
121
159
/* gnutls_certificate_set_openpgp_key_file(),
122
160
GNUTLS_OPENPGP_FMT_BASE64 */
161
#elif GNUTLS_VERSION_NUMBER >= 0x030606
162
#include <gnutls/x509.h> /* GNUTLS_PKCS_PLAIN,
163
GNUTLS_PKCS_NULL_PASSWORD */
164
#endif
123
165
124
166
/* GPGME */
125
167
#include <gpgme.h> /* All GPGME types, constants and
126
168
functions:
127
gpgme_*
128
GPGME_PROTOCOL_OpenPGP,
129
GPG_ERR_NO_* */
169
gpgme_*, GPG_ERR_NO_*,
170
GPGME_IMPORT_*
171
GPGME_PROTOCOL_OpenPGP */
130
172
131
173
#define BUFFER_SIZE 256
132
174
133
175
#define PATHDIR "/conf/conf.d/mandos"
134
176
#define SECKEY "seckey.txt"
135
177
#define PUBKEY "pubkey.txt"
178
#define TLS_PRIVKEY "tls-privkey.pem"
179
#define TLS_PUBKEY "tls-pubkey.pem"
136
180
#define HOOKDIR "/lib/mandos/network-hooks.d"
137
181
138
182
bool debug = false;
266
310
return true;
267
311
}
268
312
313
/* Set effective uid to 0, return errno */
314
__attribute__((warn_unused_result))
315
int raise_privileges(void){
316
int old_errno = errno;
317
int ret = 0;
318
if(seteuid(0) == -1){
319
ret = errno;
320
}
321
errno = old_errno;
322
return ret;
323
}
324
325
/* Set effective and real user ID to 0. Return errno. */
326
__attribute__((warn_unused_result))
327
int raise_privileges_permanently(void){
328
int old_errno = errno;
329
int ret = raise_privileges();
330
if(ret != 0){
331
errno = old_errno;
332
return ret;
333
}
334
if(setuid(0) == -1){
335
ret = errno;
336
}
337
errno = old_errno;
338
return ret;
339
}
340
341
/* Set effective user ID to unprivileged saved user ID */
342
__attribute__((warn_unused_result))
343
int lower_privileges(void){
344
int old_errno = errno;
345
int ret = 0;
346
if(seteuid(uid) == -1){
347
ret = errno;
348
}
349
errno = old_errno;
350
return ret;
351
}
352
353
/* Lower privileges permanently */
354
__attribute__((warn_unused_result))
355
int lower_privileges_permanently(void){
356
int old_errno = errno;
357
int ret = 0;
358
if(setuid(uid) == -1){
359
ret = errno;
360
}
361
errno = old_errno;
362
return ret;
363
}
364
269
365
/*
270
366
* Initialize GPGME.
271
367
*/
291
387
return false;
292
388
}
293
389
390
/* Workaround for systems without a real-time clock; see also
391
Debian bug #894495: <https://bugs.debian.org/894495> */
392
do {
393
{
394
time_t currtime = time(NULL);
395
if(currtime != (time_t)-1){
396
struct tm tm;
397
if(gmtime_r(&currtime, &tm) == NULL) {
398
perror_plus("gmtime_r");
399
break;
400
}
401
if(tm.tm_year != 70 or tm.tm_mon != 0){
402
break;
403
}
404
if(debug){
405
fprintf_plus(stderr, "System clock is January 1970");
406
}
407
} else {
408
if(debug){
409
fprintf_plus(stderr, "System clock is invalid");
410
}
411
}
412
}
413
struct stat keystat;
414
ret = fstat(fd, &keystat);
415
if(ret != 0){
416
perror_plus("fstat");
417
break;
418
}
419
ret = raise_privileges();
420
if(ret != 0){
421
errno = ret;
422
perror_plus("Failed to raise privileges");
423
break;
424
}
425
if(debug){
426
fprintf_plus(stderr,
427
"Setting system clock to key file mtime");
428
}
429
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
430
perror_plus("clock_settime");
431
}
432
ret = lower_privileges();
433
if(ret != 0){
434
errno = ret;
435
perror_plus("Failed to lower privileges");
436
}
437
} while(false);
438
294
439
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
440
if(rc != GPG_ERR_NO_ERROR){
296
441
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
304
449
gpgme_strsource(rc), gpgme_strerror(rc));
305
450
return false;
306
451
}
452
{
453
gpgme_import_result_t import_result
454
= gpgme_op_import_result(mc->ctx);
455
if((import_result->imported < 1
456
or import_result->not_imported > 0)
457
and import_result->unchanged == 0){
458
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
459
fprintf_plus(stderr,
460
"The total number of considered keys: %d\n",
461
import_result->considered);
462
fprintf_plus(stderr,
463
"The number of keys without user ID: %d\n",
464
import_result->no_user_id);
465
fprintf_plus(stderr,
466
"The total number of imported keys: %d\n",
467
import_result->imported);
468
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
469
import_result->imported_rsa);
470
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
471
import_result->unchanged);
472
fprintf_plus(stderr, "The number of new user IDs: %d\n",
473
import_result->new_user_ids);
474
fprintf_plus(stderr, "The number of new sub keys: %d\n",
475
import_result->new_sub_keys);
476
fprintf_plus(stderr, "The number of new signatures: %d\n",
477
import_result->new_signatures);
478
fprintf_plus(stderr, "The number of new revocations: %d\n",
479
import_result->new_revocations);
480
fprintf_plus(stderr,
481
"The total number of secret keys read: %d\n",
482
import_result->secret_read);
483
fprintf_plus(stderr,
484
"The number of imported secret keys: %d\n",
485
import_result->secret_imported);
486
fprintf_plus(stderr,
487
"The number of unchanged secret keys: %d\n",
488
import_result->secret_unchanged);
489
fprintf_plus(stderr, "The number of keys not imported: %d\n",
490
import_result->not_imported);
491
for(gpgme_import_status_t import_status
492
= import_result->imports;
493
import_status != NULL;
494
import_status = import_status->next){
495
fprintf_plus(stderr, "Import status for key: %s\n",
496
import_status->fpr);
497
if(import_status->result != GPG_ERR_NO_ERROR){
498
fprintf_plus(stderr, "Import result: %s: %s\n",
499
gpgme_strsource(import_status->result),
500
gpgme_strerror(import_status->result));
501
}
502
fprintf_plus(stderr, "Key status:\n");
503
fprintf_plus(stderr,
504
import_status->status & GPGME_IMPORT_NEW
505
? "The key was new.\n"
506
: "The key was not new.\n");
507
fprintf_plus(stderr,
508
import_status->status & GPGME_IMPORT_UID
509
? "The key contained new user IDs.\n"
510
: "The key did not contain new user IDs.\n");
511
fprintf_plus(stderr,
512
import_status->status & GPGME_IMPORT_SIG
513
? "The key contained new signatures.\n"
514
: "The key did not contain new signatures.\n");
515
fprintf_plus(stderr,
516
import_status->status & GPGME_IMPORT_SUBKEY
517
? "The key contained new sub keys.\n"
518
: "The key did not contain new sub keys.\n");
519
fprintf_plus(stderr,
520
import_status->status & GPGME_IMPORT_SECRET
521
? "The key contained a secret key.\n"
522
: "The key did not contain a secret key.\n");
523
}
524
return false;
525
}
526
}
307
527
308
528
ret = close(fd);
309
529
if(ret == -1){
350
570
/* Create new GPGME "context" */
351
571
rc = gpgme_new(&(mc->ctx));
352
572
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
573
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
574
gpgme_strsource(rc), gpgme_strerror(rc));
356
575
return false;
357
576
}
358
577
394
613
/* Create new empty GPGME data buffer for the plaintext */
395
614
rc = gpgme_data_new(&dh_plain);
396
615
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
616
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
399
617
gpgme_strsource(rc), gpgme_strerror(rc));
400
618
gpgme_data_release(dh_crypto);
401
619
return -1;
414
632
if(result == NULL){
415
633
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
634
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
635
if(result->unsupported_algorithm != NULL) {
636
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
637
result->unsupported_algorithm);
638
}
639
fprintf_plus(stderr, "Wrong key usage: %s\n",
640
result->wrong_key_usage ? "Yes" : "No");
421
641
if(result->file_name != NULL){
422
642
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
643
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
644
645
for(gpgme_recipient_t r = result->recipients; r != NULL;
646
r = r->next){
427
647
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
648
gpgme_pubkey_algo_name(r->pubkey_algo));
649
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
431
650
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
651
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
435
652
}
436
653
}
437
654
}
513
730
fprintf_plus(stderr, "GnuTLS: %s", string);
514
731
}
515
732
516
__attribute__((nonnull, warn_unused_result))
733
__attribute__((nonnull(1, 2, 4), warn_unused_result))
517
734
static int init_gnutls_global(const char *pubkeyfilename,
518
735
const char *seckeyfilename,
519
736
const char *dhparamsfilename,
520
737
mandos_context *mc){
521
738
int ret;
522
unsigned int uret;
523
739
524
740
if(debug){
525
741
fprintf_plus(stderr, "Initializing GnuTLS\n");
526
742
}
527
743
528
ret = gnutls_global_init();
529
if(ret != GNUTLS_E_SUCCESS){
530
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
531
safer_gnutls_strerror(ret));
532
return -1;
533
}
534
535
744
if(debug){
536
745
/* "Use a log level over 10 to enable all debugging options."
537
746
* - GnuTLS manual
545
754
if(ret != GNUTLS_E_SUCCESS){
546
755
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
547
756
safer_gnutls_strerror(ret));
548
gnutls_global_deinit();
549
757
return -1;
550
758
}
551
759
552
760
if(debug){
553
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
554
" secret key %s as GnuTLS credentials\n",
761
fprintf_plus(stderr, "Attempting to use public key %s and"
762
" private key %s as GnuTLS credentials\n",
555
763
pubkeyfilename,
556
764
seckeyfilename);
557
765
}
558
766
767
#if GNUTLS_VERSION_NUMBER >= 0x030606
768
ret = gnutls_certificate_set_rawpk_key_file
769
(mc->cred, pubkeyfilename, seckeyfilename,
770
GNUTLS_X509_FMT_PEM, /* format */
771
NULL, /* pass */
772
/* key_usage */
773
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
774
NULL, /* names */
775
0, /* names_length */
776
/* privkey_flags */
777
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
778
0); /* pkcs11_flags */
779
#elif GNUTLS_VERSION_NUMBER < 0x030600
559
780
ret = gnutls_certificate_set_openpgp_key_file
560
781
(mc->cred, pubkeyfilename, seckeyfilename,
561
782
GNUTLS_OPENPGP_FMT_BASE64);
783
#else
784
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
785
#endif
562
786
if(ret != GNUTLS_E_SUCCESS){
563
787
fprintf_plus(stderr,
564
"Error[%d] while reading the OpenPGP key pair ('%s',"
788
"Error[%d] while reading the key pair ('%s',"
565
789
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
566
790
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
567
791
safer_gnutls_strerror(ret));
615
839
}
616
840
params.size += (unsigned int)bytes_read;
617
841
}
842
ret = close(dhpfile);
843
if(ret == -1){
844
perror_plus("close");
845
}
618
846
if(params.data == NULL){
619
847
dhparamsfilename = NULL;
620
848
}
629
857
safer_gnutls_strerror(ret));
630
858
dhparamsfilename = NULL;
631
859
}
860
free(params.data);
632
861
} while(false);
633
862
}
634
863
if(dhparamsfilename == NULL){
635
864
if(mc->dh_bits == 0){
865
#if GNUTLS_VERSION_NUMBER < 0x030600
636
866
/* Find out the optimal number of DH bits */
637
867
/* Try to read the private key file */
638
868
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
718
948
}
719
949
}
720
950
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
951
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
952
if(uret != 0){
723
953
mc->dh_bits = uret;
724
954
if(debug){
736
966
safer_gnutls_strerror(ret));
737
967
goto globalfail;
738
968
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
969
#endif
970
} else { /* dh_bits != 0 */
971
if(debug){
972
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
973
mc->dh_bits);
974
}
975
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
976
if(ret != GNUTLS_E_SUCCESS){
977
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
978
" bits): %s\n", mc->dh_bits,
979
safer_gnutls_strerror(ret));
980
goto globalfail;
981
}
982
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
749
983
}
750
984
}
751
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
752
985
753
986
return 0;
754
987
755
988
globalfail:
756
989
757
990
gnutls_certificate_free_credentials(mc->cred);
758
gnutls_global_deinit();
759
991
gnutls_dh_params_deinit(mc->dh_params);
760
992
return -1;
761
993
}
766
998
int ret;
767
999
/* GnuTLS session creation */
768
1000
do {
769
ret = gnutls_init(session, GNUTLS_SERVER);
1001
ret = gnutls_init(session, (GNUTLS_SERVER
1002
#if GNUTLS_VERSION_NUMBER >= 0x030506
1003
| GNUTLS_NO_TICKETS
1004
#endif
1005
#if GNUTLS_VERSION_NUMBER >= 0x030606
1006
| GNUTLS_ENABLE_RAWPK
1007
#endif
1008
));
770
1009
if(quit_now){
771
1010
return -1;
772
1011
}
820
1059
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
821
1060
__attribute__((unused)) const char *txt){}
822
1061
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
1062
/* Helper function to add_local_route() and delete_local_route() */
876
1063
__attribute__((nonnull, warn_unused_result))
877
1064
static bool add_delete_local_route(const bool add,
916
1103
ret = setgid(0);
917
1104
if(ret == -1){
918
1105
perror_plus("setgid");
1106
close(devnull);
919
1107
_exit(EX_NOPERM);
920
1108
}
921
1109
/* Reset supplementary groups */
923
1111
ret = setgroups(0, NULL);
924
1112
if(ret == -1){
925
1113
perror_plus("setgroups");
1114
close(devnull);
926
1115
_exit(EX_NOPERM);
927
1116
}
928
1117
}
929
1118
ret = dup2(devnull, STDIN_FILENO);
930
1119
if(ret == -1){
931
1120
perror_plus("dup2(devnull, STDIN_FILENO)");
1121
close(devnull);
932
1122
_exit(EX_OSERR);
933
1123
}
934
1124
ret = close(devnull);
935
1125
if(ret == -1){
936
1126
perror_plus("close");
937
_exit(EX_OSERR);
938
1127
}
939
1128
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
1129
if(ret == -1){
975
1164
}
976
1165
if(pid == -1){
977
1166
perror_plus("fork");
1167
close(devnull);
978
1168
return false;
979
1169
}
1170
ret = close(devnull);
1171
if(ret == -1){
1172
perror_plus("close");
1173
}
980
1174
int status;
981
1175
pid_t pret = -1;
982
1176
errno = 0;
1082
1276
bool match = false;
1083
1277
{
1084
1278
char *interface = NULL;
1085
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1086
interface))){
1279
while((interface = argz_next(mc->interfaces,
1280
mc->interfaces_size,
1281
interface))){
1087
1282
if(if_nametoindex(interface) == (unsigned int)if_index){
1088
1283
match = true;
1089
1284
break;
1242
1437
with an explicit route added with the server's address.
1243
1438
1244
1439
Avahi bug reference:
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1440
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1246
1441
https://bugs.debian.org/587961
1247
1442
*/
1248
1443
if(debug){
1428
1623
&decrypted_buffer, mc);
1429
1624
if(decrypted_buffer_size >= 0){
1430
1625
1626
clearerr(stdout);
1431
1627
written = 0;
1432
1628
while(written < (size_t) decrypted_buffer_size){
1433
1629
if(quit_now){
1449
1645
}
1450
1646
written += (size_t)ret;
1451
1647
}
1648
ret = fflush(stdout);
1649
if(ret != 0){
1650
int e = errno;
1651
if(debug){
1652
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1653
strerror(errno));
1654
}
1655
errno = e;
1656
goto mandos_end;
1657
}
1452
1658
retval = 0;
1453
1659
}
1454
1660
}
1485
1691
return retval;
1486
1692
}
1487
1693
1488
__attribute__((nonnull))
1489
1694
static void resolve_callback(AvahiSServiceResolver *r,
1490
1695
AvahiIfIndex interface,
1491
1696
AvahiProtocol proto,
1628
1833
__attribute__((nonnull, warn_unused_result))
1629
1834
bool get_flags(const char *ifname, struct ifreq *ifr){
1630
1835
int ret;
1631
error_t ret_errno;
1836
int old_errno;
1632
1837
1633
1838
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1634
1839
if(s < 0){
1635
ret_errno = errno;
1840
old_errno = errno;
1636
1841
perror_plus("socket");
1637
errno = ret_errno;
1842
errno = old_errno;
1638
1843
return false;
1639
1844
}
1640
1845
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1642
1847
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1643
1848
if(ret == -1){
1644
1849
if(debug){
1645
ret_errno = errno;
1850
old_errno = errno;
1646
1851
perror_plus("ioctl SIOCGIFFLAGS");
1647
errno = ret_errno;
1852
errno = old_errno;
1853
}
1854
if((close(s) == -1) and debug){
1855
old_errno = errno;
1856
perror_plus("close");
1857
errno = old_errno;
1648
1858
}
1649
1859
return false;
1650
1860
}
1861
if((close(s) == -1) and debug){
1862
old_errno = errno;
1863
perror_plus("close");
1864
errno = old_errno;
1865
}
1651
1866
return true;
1652
1867
}
1653
1868
1914
2129
return;
1915
2130
}
1916
2131
}
1917
#ifdef __GLIBC__
1918
#if __GLIBC_PREREQ(2, 15)
2132
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2133
if(devnull == -1){
2134
perror_plus("open(\"/dev/null\", O_RDONLY)");
2135
return;
2136
}
1919
2137
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1920
2138
runnable_hook, alphasort);
1921
#else /* not __GLIBC_PREREQ(2, 15) */
1922
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1923
alphasort);
1924
#endif /* not __GLIBC_PREREQ(2, 15) */
1925
#else /* not __GLIBC__ */
1926
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1927
alphasort);
1928
#endif /* not __GLIBC__ */
1929
2139
if(numhooks == -1){
1930
2140
perror_plus("scandir");
2141
close(devnull);
1931
2142
return;
1932
2143
}
1933
2144
struct dirent *direntry;
1934
2145
int ret;
1935
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1936
if(devnull == -1){
1937
perror_plus("open(\"/dev/null\", O_RDONLY)");
1938
return;
1939
}
1940
2146
for(int i = 0; i < numhooks; i++){
1941
2147
direntry = direntries[i];
1942
2148
if(debug){
2086
2292
}
2087
2293
2088
2294
__attribute__((nonnull, warn_unused_result))
2089
error_t bring_up_interface(const char *const interface,
2090
const float delay){
2091
error_t old_errno = errno;
2295
int bring_up_interface(const char *const interface,
2296
const float delay){
2297
int old_errno = errno;
2092
2298
int ret;
2093
2299
struct ifreq network;
2094
2300
unsigned int if_index = if_nametoindex(interface);
2104
2310
}
2105
2311
2106
2312
if(not interface_is_up(interface)){
2107
error_t ret_errno = 0, ioctl_errno = 0;
2313
int ret_errno = 0;
2314
int ioctl_errno = 0;
2108
2315
if(not get_flags(interface, &network)){
2109
2316
ret_errno = errno;
2110
2317
fprintf_plus(stderr, "Failed to get flags for interface "
2197
2404
2198
2405
/* Sleep checking until interface is running.
2199
2406
Check every 0.25s, up to total time of delay */
2200
for(int i=0; i < delay * 4; i++){
2407
for(int i = 0; i < delay * 4; i++){
2201
2408
if(interface_is_running(interface)){
2202
2409
break;
2203
2410
}
2213
2420
}
2214
2421
2215
2422
__attribute__((nonnull, warn_unused_result))
2216
error_t take_down_interface(const char *const interface){
2217
error_t old_errno = errno;
2423
int take_down_interface(const char *const interface){
2424
int old_errno = errno;
2218
2425
struct ifreq network;
2219
2426
unsigned int if_index = if_nametoindex(interface);
2220
2427
if(if_index == 0){
2223
2430
return ENXIO;
2224
2431
}
2225
2432
if(interface_is_up(interface)){
2226
error_t ret_errno = 0, ioctl_errno = 0;
2433
int ret_errno = 0;
2434
int ioctl_errno = 0;
2227
2435
if(not get_flags(interface, &network) and debug){
2228
2436
ret_errno = errno;
2229
2437
fprintf_plus(stderr, "Failed to get flags for interface "
2289
2497
2290
2498
int main(int argc, char *argv[]){
2291
2499
mandos_context mc = { .server = NULL, .dh_bits = 0,
2500
#if GNUTLS_VERSION_NUMBER >= 0x030606
2501
.priority = "SECURE128:!CTYPE-X.509"
2502
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2503
":%PROFILE_ULTRA",
2504
#elif GNUTLS_VERSION_NUMBER < 0x030600
2292
2505
.priority = "SECURE256:!CTYPE-X.509"
2293
2506
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2507
#else
2508
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2509
#endif
2294
2510
.current_server = NULL, .interfaces = NULL,
2295
2511
.interfaces_size = 0 };
2296
2512
AvahiSServiceBrowser *sb = NULL;
2307
2523
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2308
2524
const char *seckey = PATHDIR "/" SECKEY;
2309
2525
const char *pubkey = PATHDIR "/" PUBKEY;
2526
#if GNUTLS_VERSION_NUMBER >= 0x030606
2527
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2528
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2529
#endif
2310
2530
const char *dh_params_file = NULL;
2311
2531
char *interfaces_hooks = NULL;
2312
2532
2360
2580
{ .name = "pubkey", .key = 'p',
2361
2581
.arg = "FILE",
2362
2582
.doc = "OpenPGP public key file base name",
2363
.group = 2 },
2583
.group = 1 },
2584
{ .name = "tls-privkey", .key = 't',
2585
.arg = "FILE",
2586
#if GNUTLS_VERSION_NUMBER >= 0x030606
2587
.doc = "TLS private key file base name",
2588
#else
2589
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2590
#endif
2591
.group = 1 },
2592
{ .name = "tls-pubkey", .key = 'T',
2593
.arg = "FILE",
2594
#if GNUTLS_VERSION_NUMBER >= 0x030606
2595
.doc = "TLS public key file base name",
2596
#else
2597
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2598
#endif
2599
.group = 1 },
2364
2600
{ .name = "dh-bits", .key = 129,
2365
2601
.arg = "BITS",
2366
2602
.doc = "Bit length of the prime number used in the"
2422
2658
case 'p': /* --pubkey */
2423
2659
pubkey = arg;
2424
2660
break;
2661
case 't': /* --tls-privkey */
2662
#if GNUTLS_VERSION_NUMBER >= 0x030606
2663
tls_privkey = arg;
2664
#endif
2665
break;
2666
case 'T': /* --tls-pubkey */
2667
#if GNUTLS_VERSION_NUMBER >= 0x030606
2668
tls_pubkey = arg;
2669
#endif
2670
break;
2425
2671
case 129: /* --dh-bits */
2426
2672
errno = 0;
2427
2673
tmpmax = strtoimax(arg, &tmp, 10);
2462
2708
argp_state_help(state, state->out_stream,
2463
2709
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2464
2710
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2711
__builtin_unreachable();
2465
2712
case -3: /* --usage */
2466
2713
argp_state_help(state, state->out_stream,
2467
2714
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2715
__builtin_unreachable();
2468
2716
case 'V': /* --version */
2469
2717
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2470
2718
exit(argp_err_exit_status);
2479
2727
.args_doc = "",
2480
2728
.doc = "Mandos client -- Get and decrypt"
2481
2729
" passwords from a Mandos server" };
2482
ret = argp_parse(&argp, argc, argv,
2483
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2484
switch(ret){
2730
ret_errno = argp_parse(&argp, argc, argv,
2731
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2732
switch(ret_errno){
2485
2733
case 0:
2486
2734
break;
2487
2735
case ENOMEM:
2488
2736
default:
2489
errno = ret;
2737
errno = ret_errno;
2490
2738
perror_plus("argp_parse");
2491
2739
exitcode = EX_OSERR;
2492
2740
goto end;
2497
2745
}
2498
2746
2499
2747
{
2500
/* Work around Debian bug #633582:
2501
<http://bugs.debian.org/633582> */
2502
2503
2748
/* Re-raise privileges */
2504
ret_errno = raise_privileges();
2505
if(ret_errno != 0){
2506
errno = ret_errno;
2749
ret = raise_privileges();
2750
if(ret != 0){
2751
errno = ret;
2507
2752
perror_plus("Failed to raise privileges");
2508
2753
} else {
2509
2754
struct stat st;
2510
2755
2756
/* Work around Debian bug #633582:
2757
<https://bugs.debian.org/633582> */
2758
2511
2759
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2512
2760
int seckey_fd = open(seckey, O_RDONLY);
2513
2761
if(seckey_fd == -1){
2572
2820
}
2573
2821
}
2574
2822
2823
/* Work around Debian bug #981302
2824
<https://bugs.debian.org/981302> */
2825
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2826
ret = symlink("/proc/self/fd", "/dev/fd");
2827
if(ret == -1){
2828
perror_plus("Failed to create /dev/fd symlink");
2829
}
2830
}
2831
2575
2832
/* Lower privileges */
2576
ret_errno = lower_privileges();
2577
if(ret_errno != 0){
2578
errno = ret_errno;
2833
ret = lower_privileges();
2834
if(ret != 0){
2835
errno = ret;
2579
2836
perror_plus("Failed to lower privileges");
2580
2837
}
2581
2838
}
2781
3038
goto end;
2782
3039
}
2783
3040
3041
#if GNUTLS_VERSION_NUMBER >= 0x030606
3042
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3043
#elif GNUTLS_VERSION_NUMBER < 0x030600
2784
3044
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3045
#else
3046
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3047
#endif
2785
3048
if(ret == -1){
2786
3049
fprintf_plus(stderr, "init_gnutls_global failed\n");
2787
3050
exitcode = EX_UNAVAILABLE;
2909
3172
2910
3173
/* Allocate a new server */
2911
3174
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2912
&config, NULL, NULL, &ret_errno);
3175
&config, NULL, NULL, &ret);
2913
3176
2914
3177
/* Free the Avahi configuration data */
2915
3178
avahi_server_config_free(&config);
2918
3181
/* Check if creating the Avahi server object succeeded */
2919
3182
if(mc.server == NULL){
2920
3183
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2921
avahi_strerror(ret_errno));
3184
avahi_strerror(ret));
2922
3185
exitcode = EX_UNAVAILABLE;
2923
3186
goto end;
2924
3187
}
2959
3222
end:
2960
3223
2961
3224
if(debug){
2962
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3225
if(signal_received){
3226
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3227
argv[0], signal_received,
3228
strsignal(signal_received));
3229
} else {
3230
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3231
}
2963
3232
}
2964
3233
2965
3234
/* Cleanup things */
2976
3245
2977
3246
if(gnutls_initialized){
2978
3247
gnutls_certificate_free_credentials(mc.cred);
2979
gnutls_global_deinit();
2980
3248
gnutls_dh_params_deinit(mc.dh_params);
2981
3249
}
2982
3250
3005
3273
3006
3274
/* Re-raise privileges */
3007
3275
{
3008
ret_errno = raise_privileges();
3009
if(ret_errno != 0){
3010
errno = ret_errno;
3276
ret = raise_privileges();
3277
if(ret != 0){
3278
errno = ret;
3011
3279
perror_plus("Failed to raise privileges");
3012
3280
} else {
3013
3281
3018
3286
/* Take down the network interfaces which were brought up */
3019
3287
{
3020
3288
char *interface = NULL;
3021
while((interface=argz_next(interfaces_to_take_down,
3022
interfaces_to_take_down_size,
3023
interface))){
3024
ret_errno = take_down_interface(interface);
3025
if(ret_errno != 0){
3026
errno = ret_errno;
3289
while((interface = argz_next(interfaces_to_take_down,
3290
interfaces_to_take_down_size,
3291
interface))){
3292
ret = take_down_interface(interface);
3293
if(ret != 0){
3294
errno = ret;
3027
3295
perror_plus("Failed to take down interface");
3028
3296
}
3029
3297
}
3034
3302
}
3035
3303
}
3036
3304
3037
ret_errno = lower_privileges_permanently();
3038
if(ret_errno != 0){
3039
errno = ret_errno;
3305
ret = lower_privileges_permanently();
3306
if(ret != 0){
3307
errno = ret;
3040
3308
perror_plus("Failed to lower privileges permanently");
3041
3309
}
3042
3310
}
3044
3312
free(interfaces_to_take_down);
3045
3313
free(interfaces_hooks);
3046
3314
3315
void clean_dir_at(int base, const char * const dirname,
3316
uintmax_t level){
3317
struct dirent **direntries = NULL;
3318
int dret;
3319
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3320
O_RDONLY
3321
| O_NOFOLLOW
3322
| O_DIRECTORY
3323
| O_PATH));
3324
if(dir_fd == -1){
3325
perror_plus("open");
3326
return;
3327
}
3328
int numentries = scandirat(dir_fd, ".", &direntries,
3329
notdotentries, alphasort);
3330
if(numentries >= 0){
3331
for(int i = 0; i < numentries; i++){
3332
if(debug){
3333
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3334
dirname, direntries[i]->d_name);
3335
}
3336
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3337
if(dret == -1){
3338
if(errno == EISDIR){
3339
dret = unlinkat(dir_fd, direntries[i]->d_name,
3340
AT_REMOVEDIR);
3341
}
3342
if((dret == -1) and (errno == ENOTEMPTY)
3343
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3344
== 0) and (level == 0)){
3345
/* Recurse only in this special case */
3346
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3347
dret = 0;
3348
}
3349
if((dret == -1) and (errno != ENOENT)){
3350
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3351
direntries[i]->d_name, strerror(errno));
3352
}
3353
}
3354
free(direntries[i]);
3355
}
3356
3357
/* need to clean even if 0 because man page doesn't specify */
3358
free(direntries);
3359
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3360
if(dret == -1 and errno != ENOENT){
3361
perror_plus("rmdir");
3362
}
3363
} else {
3364
perror_plus("scandirat");
3365
}
3366
close(dir_fd);
3367
}
3368
3047
3369
/* Removes the GPGME temp directory and all files inside */
3048
3370
if(tempdir != NULL){
3049
struct dirent **direntries = NULL;
3050
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3051
| O_NOFOLLOW
3052
| O_DIRECTORY
3053
| O_PATH));
3054
if(tempdir_fd == -1){
3055
perror_plus("open");
3056
} else {
3057
#ifdef __GLIBC__
3058
#if __GLIBC_PREREQ(2, 15)
3059
int numentries = scandirat(tempdir_fd, ".", &direntries,
3060
notdotentries, alphasort);
3061
#else /* not __GLIBC_PREREQ(2, 15) */
3062
int numentries = scandir(tempdir, &direntries, notdotentries,
3063
alphasort);
3064
#endif /* not __GLIBC_PREREQ(2, 15) */
3065
#else /* not __GLIBC__ */
3066
int numentries = scandir(tempdir, &direntries, notdotentries,
3067
alphasort);
3068
#endif /* not __GLIBC__ */
3069
if(numentries >= 0){
3070
for(int i = 0; i < numentries; i++){
3071
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
3072
if(ret == -1){
3073
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
3074
" \"%s\", 0): %s\n", tempdir,
3075
direntries[i]->d_name, strerror(errno));
3076
}
3077
free(direntries[i]);
3078
}
3079
3080
/* need to clean even if 0 because man page doesn't specify */
3081
free(direntries);
3082
if(numentries == -1){
3083
perror_plus("scandir");
3084
}
3085
ret = rmdir(tempdir);
3086
if(ret == -1 and errno != ENOENT){
3087
perror_plus("rmdir");
3088
}
3089
}
3090
close(tempdir_fd);
3091
}
3371
clean_dir_at(-1, tempdir, 0);
3092
3372
}
3093
3373
3094
3374
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0