To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.4.130
- compare with another revision
- download diff
- download tarball
- view history from revision 237.4.130
- Committer: teddy at recompile
- Date: 2020-04-08 18:40:10 UTC
- mto: This revision was merged to the branch mainline in revision 1214.
- Revision ID: teddy@recompile.se-20200408184010-lvs5alrq2gqcpb12
Tags: version-1.8.11-1
Version 1.8.11-1
* Makefile (version): Change to "1.8.11".
* NEWS (Version 1.8.11): Add new entry.
* debian/changelog (1.8.11-1): - '' -
* Makefile (version): Change to "1.8.11".
* NEWS (Version 1.8.11): Add new entry.
* debian/changelog (1.8.11-1): - '' -
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
3
* Mandos-client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
20
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
25
* General Public License for more details.
23
26
*
24
27
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
27
29
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
30
* Contact the authors at <mandos@recompile.se>.
29
31
*/
30
32
31
33
/* Needed by GPGME, specifically gpgme_data_seek() */
34
#ifndef _LARGEFILE_SOURCE
32
35
#define _LARGEFILE_SOURCE
36
#endif /* not _LARGEFILE_SOURCE */
37
#ifndef _FILE_OFFSET_BITS
33
38
#define _FILE_OFFSET_BITS 64
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
39
#endif /* not _FILE_OFFSET_BITS */
40
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
42
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
44
stdout, ferror() */
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
46
#include <stddef.h> /* NULL, size_t, ssize_t */
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
strtof(), abort() */
49
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
53
#include <sys/ioctl.h> /* ioctl */
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
sockaddr_in6, PF_INET6,
56
SOCK_STREAM, uid_t, gid_t, open(),
57
opendir(), DIR */
58
#include <sys/stat.h> /* open(), S_ISREG */
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
*/
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
72
program_invocation_short_name */
73
#include <time.h> /* nanosleep(), time(), sleep() */
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
75
SIOCSIFFLAGS, if_indextoname(),
76
if_nametoindex(), IF_NAMESIZE */
77
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
78
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
79
*/
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
81
getuid(), getgid(), seteuid(),
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
85
#include <iso646.h> /* not, or, and */
86
#include <argp.h> /* struct argp_option, error_t, struct
87
argp_state, struct argp,
88
argp_parse(), ARGP_KEY_ARG,
89
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
90
#include <signal.h> /* sigemptyset(), sigaddset(),
91
sigaction(), SIGTERM, sig_atomic_t,
92
raise() */
93
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
94
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
95
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
96
WEXITSTATUS(), WTERMSIG() */
97
#include <grp.h> /* setgroups() */
98
#include <argz.h> /* argz_add_sep(), argz_next(),
99
argz_delete(), argz_append(),
100
argz_stringify(), argz_add(),
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
104
105
#ifdef __linux__
106
#include <sys/klog.h> /* klogctl() */
107
#endif /* __linux__ */
108
109
/* Avahi */
110
/* All Avahi types, constants and functions
111
Avahi*, avahi_*,
112
AVAHI_* */
41
113
#include <avahi-core/core.h>
42
114
#include <avahi-core/lookup.h>
43
115
#include <avahi-core/log.h>
45
117
#include <avahi-common/malloc.h>
46
118
#include <avahi-common/error.h>
47
119
48
//mandos client part
49
#include <sys/types.h> /* socket(), inet_pton() */
50
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
51
struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
53
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
54
55
#include <unistd.h> /* close() */
56
#include <netinet/in.h>
57
#include <stdbool.h> /* true */
58
#include <string.h> /* memset */
59
#include <arpa/inet.h> /* inet_pton() */
60
#include <iso646.h> /* not */
61
62
// gpgme
63
#include <errno.h> /* perror() */
64
#include <gpgme.h>
65
66
// getopt long
67
#include <getopt.h>
120
/* GnuTLS */
121
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
122
functions:
123
gnutls_*
124
init_gnutls_session(),
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
#include <gnutls/openpgp.h>
128
/* gnutls_certificate_set_openpgp_key_file(),
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
135
136
/* GPGME */
137
#include <gpgme.h> /* All GPGME types, constants and
138
functions:
139
gpgme_*
140
GPGME_PROTOCOL_OpenPGP,
141
GPG_ERR_NO_* */
68
142
69
143
#define BUFFER_SIZE 256
70
#define DH_BITS 1024
71
144
72
const char *certdir = "/conf/conf.d/cryptkeyreq/";
73
const char *certfile = "openpgp-client.txt";
74
const char *certkey = "openpgp-client-key.txt";
145
#define PATHDIR "/conf/conf.d/mandos"
146
#define SECKEY "seckey.txt"
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
75
151
76
152
bool debug = false;
77
153
static const char mandos_protocol_version[] = "1";
154
const char *argp_program_version = "mandos-client " VERSION;
155
const char *argp_program_bug_address = "<mandos@recompile.se>";
156
static const char sys_class_net[] = "/sys/class/net";
157
char *connect_to = NULL;
158
const char *hookdir = HOOKDIR;
159
int hookdir_fd = -1;
160
uid_t uid = 65534;
161
gid_t gid = 65534;
162
163
/* Doubly linked list that need to be circularly linked when used */
164
typedef struct server{
165
const char *ip;
166
in_port_t port;
167
AvahiIfIndex if_index;
168
int af;
169
struct timespec last_seen;
170
struct server *next;
171
struct server *prev;
172
} server;
173
174
/* Used for passing in values through the Avahi callback functions */
78
175
typedef struct {
79
gnutls_session_t session;
176
AvahiServer *server;
80
177
gnutls_certificate_credentials_t cred;
178
unsigned int dh_bits;
81
179
gnutls_dh_params_t dh_params;
82
} encrypted_session;
83
84
85
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet, const char *homedir){
87
gpgme_data_t dh_crypto, dh_plain;
180
const char *priority;
88
181
gpgme_ctx_t ctx;
182
server *current_server;
183
char *interfaces;
184
size_t interfaces_size;
185
} mandos_context;
186
187
/* global so signal handler can reach it*/
188
AvahiSimplePoll *simple_poll;
189
190
sig_atomic_t quit_now = 0;
191
int signal_received = 0;
192
193
/* Function to use when printing errors */
194
void perror_plus(const char *print_text){
195
int e = errno;
196
fprintf(stderr, "Mandos plugin %s: ",
197
program_invocation_short_name);
198
errno = e;
199
perror(print_text);
200
}
201
202
__attribute__((format (gnu_printf, 2, 3), nonnull))
203
int fprintf_plus(FILE *stream, const char *format, ...){
204
va_list ap;
205
va_start (ap, format);
206
207
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
208
program_invocation_short_name));
209
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
210
}
211
212
/*
213
* Make additional room in "buffer" for at least BUFFER_SIZE more
214
* bytes. "buffer_capacity" is how much is currently allocated,
215
* "buffer_length" is how much is already used.
216
*/
217
__attribute__((nonnull, warn_unused_result))
218
size_t incbuffer(char **buffer, size_t buffer_length,
219
size_t buffer_capacity){
220
if(buffer_length + BUFFER_SIZE > buffer_capacity){
221
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
222
if(new_buf == NULL){
223
int old_errno = errno;
224
free(*buffer);
225
errno = old_errno;
226
*buffer = NULL;
227
return 0;
228
}
229
*buffer = new_buf;
230
buffer_capacity += BUFFER_SIZE;
231
}
232
return buffer_capacity;
233
}
234
235
/* Add server to set of servers to retry periodically */
236
__attribute__((nonnull, warn_unused_result))
237
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
238
int af, server **current_server){
239
int ret;
240
server *new_server = malloc(sizeof(server));
241
if(new_server == NULL){
242
perror_plus("malloc");
243
return false;
244
}
245
*new_server = (server){ .ip = strdup(ip),
246
.port = port,
247
.if_index = if_index,
248
.af = af };
249
if(new_server->ip == NULL){
250
perror_plus("strdup");
251
free(new_server);
252
return false;
253
}
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
255
if(ret == -1){
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
266
return false;
267
}
268
/* Special case of first server */
269
if(*current_server == NULL){
270
new_server->next = new_server;
271
new_server->prev = new_server;
272
*current_server = new_server;
273
} else {
274
/* Place the new server last in the list */
275
new_server->next = *current_server;
276
new_server->prev = (*current_server)->prev;
277
new_server->prev->next = new_server;
278
(*current_server)->prev = new_server;
279
}
280
return true;
281
}
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
335
/*
336
* Initialize GPGME.
337
*/
338
__attribute__((nonnull, warn_unused_result))
339
static bool init_gpgme(const char * const seckey,
340
const char * const pubkey,
341
const char * const tempdir,
342
mandos_context *mc){
89
343
gpgme_error_t rc;
90
ssize_t ret;
91
ssize_t new_packet_capacity = 0;
92
ssize_t new_packet_length = 0;
93
344
gpgme_engine_info_t engine_info;
345
346
/*
347
* Helper function to insert pub and seckey to the engine keyring.
348
*/
349
bool import_key(const char * const filename){
350
int ret;
351
int fd;
352
gpgme_data_t pgp_data;
353
354
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
355
if(fd == -1){
356
perror_plus("open");
357
return false;
358
}
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
94
409
95
if (debug){
96
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
411
if(rc != GPG_ERR_NO_ERROR){
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
413
gpgme_strsource(rc), gpgme_strerror(rc));
414
return false;
415
}
416
417
rc = gpgme_op_import(mc->ctx, pgp_data);
418
if(rc != GPG_ERR_NO_ERROR){
419
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
420
gpgme_strsource(rc), gpgme_strerror(rc));
421
return false;
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
498
499
ret = close(fd);
500
if(ret == -1){
501
perror_plus("close");
502
}
503
gpgme_data_release(pgp_data);
504
return true;
505
}
506
507
if(debug){
508
fprintf_plus(stderr, "Initializing GPGME\n");
97
509
}
98
510
99
511
/* Init GPGME */
100
512
gpgme_check_version(NULL);
101
513
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
if (rc != GPG_ERR_NO_ERROR){
103
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
104
gpgme_strsource(rc), gpgme_strerror(rc));
105
return -1;
514
if(rc != GPG_ERR_NO_ERROR){
515
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
516
gpgme_strsource(rc), gpgme_strerror(rc));
517
return false;
106
518
}
107
519
108
/* Set GPGME home directory */
109
rc = gpgme_get_engine_info (&engine_info);
110
if (rc != GPG_ERR_NO_ERROR){
111
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
112
gpgme_strsource(rc), gpgme_strerror(rc));
113
return -1;
520
/* Set GPGME home directory for the OpenPGP engine only */
521
rc = gpgme_get_engine_info(&engine_info);
522
if(rc != GPG_ERR_NO_ERROR){
523
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
524
gpgme_strsource(rc), gpgme_strerror(rc));
525
return false;
114
526
}
115
527
while(engine_info != NULL){
116
528
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
117
529
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
118
engine_info->file_name, homedir);
530
engine_info->file_name, tempdir);
119
531
break;
120
532
}
121
533
engine_info = engine_info->next;
122
534
}
123
535
if(engine_info == NULL){
124
fprintf(stderr, "Could not set home dir to %s\n", homedir);
125
return -1;
126
}
127
128
/* Create new GPGME data buffer from packet buffer */
129
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
130
if (rc != GPG_ERR_NO_ERROR){
131
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
132
gpgme_strsource(rc), gpgme_strerror(rc));
536
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
537
tempdir);
538
return false;
539
}
540
541
/* Create new GPGME "context" */
542
rc = gpgme_new(&(mc->ctx));
543
if(rc != GPG_ERR_NO_ERROR){
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
546
return false;
547
}
548
549
if(not import_key(pubkey) or not import_key(seckey)){
550
return false;
551
}
552
553
return true;
554
}
555
556
/*
557
* Decrypt OpenPGP data.
558
* Returns -1 on error
559
*/
560
__attribute__((nonnull, warn_unused_result))
561
static ssize_t pgp_packet_decrypt(const char *cryptotext,
562
size_t crypto_size,
563
char **plaintext,
564
mandos_context *mc){
565
gpgme_data_t dh_crypto, dh_plain;
566
gpgme_error_t rc;
567
ssize_t ret;
568
size_t plaintext_capacity = 0;
569
ssize_t plaintext_length = 0;
570
571
if(debug){
572
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
573
}
574
575
/* Create new GPGME data buffer from memory cryptotext */
576
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
577
0);
578
if(rc != GPG_ERR_NO_ERROR){
579
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
580
gpgme_strsource(rc), gpgme_strerror(rc));
133
581
return -1;
134
582
}
135
583
136
584
/* Create new empty GPGME data buffer for the plaintext */
137
585
rc = gpgme_data_new(&dh_plain);
138
if (rc != GPG_ERR_NO_ERROR){
139
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
140
gpgme_strsource(rc), gpgme_strerror(rc));
141
return -1;
142
}
143
144
/* Create new GPGME "context" */
145
rc = gpgme_new(&ctx);
146
if (rc != GPG_ERR_NO_ERROR){
147
fprintf(stderr, "bad gpgme_new: %s: %s\n",
148
gpgme_strsource(rc), gpgme_strerror(rc));
149
return -1;
150
}
151
152
/* Decrypt data from the FILE pointer to the plaintext data
153
buffer */
154
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
155
if (rc != GPG_ERR_NO_ERROR){
156
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
157
gpgme_strsource(rc), gpgme_strerror(rc));
158
return -1;
159
}
586
if(rc != GPG_ERR_NO_ERROR){
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
588
gpgme_strsource(rc), gpgme_strerror(rc));
589
gpgme_data_release(dh_crypto);
590
return -1;
591
}
592
593
/* Decrypt data from the cryptotext data buffer to the plaintext
594
data buffer */
595
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
596
if(rc != GPG_ERR_NO_ERROR){
597
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
598
gpgme_strsource(rc), gpgme_strerror(rc));
599
plaintext_length = -1;
600
if(debug){
601
gpgme_decrypt_result_t result;
602
result = gpgme_op_decrypt_result(mc->ctx);
603
if(result == NULL){
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
605
} else {
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
612
if(result->file_name != NULL){
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
614
}
160
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
621
fprintf_plus(stderr, "Secret key available: %s\n",
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
623
}
624
}
625
}
626
goto decrypt_end;
627
}
628
161
629
if(debug){
162
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
163
}
164
165
if (debug){
166
gpgme_decrypt_result_t result;
167
result = gpgme_op_decrypt_result(ctx);
168
if (result == NULL){
169
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
170
} else {
171
fprintf(stderr, "Unsupported algorithm: %s\n",
172
result->unsupported_algorithm);
173
fprintf(stderr, "Wrong key usage: %d\n",
174
result->wrong_key_usage);
175
if(result->file_name != NULL){
176
fprintf(stderr, "File name: %s\n", result->file_name);
177
}
178
gpgme_recipient_t recipient;
179
recipient = result->recipients;
180
if(recipient){
181
while(recipient != NULL){
182
fprintf(stderr, "Public key algorithm: %s\n",
183
gpgme_pubkey_algo_name(recipient->pubkey_algo));
184
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
185
fprintf(stderr, "Secret key available: %s\n",
186
recipient->status == GPG_ERR_NO_SECKEY
187
? "No" : "Yes");
188
recipient = recipient->next;
189
}
190
}
191
}
192
}
193
194
/* Delete the GPGME FILE pointer cryptotext data buffer */
195
gpgme_data_release(dh_crypto);
630
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
631
}
196
632
197
633
/* Seek back to the beginning of the GPGME plaintext data buffer */
198
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
199
perror("pgpme_data_seek");
634
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
635
perror_plus("gpgme_data_seek");
636
plaintext_length = -1;
637
goto decrypt_end;
200
638
}
201
639
202
*new_packet = 0;
640
*plaintext = NULL;
203
641
while(true){
204
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
205
*new_packet = realloc(*new_packet,
206
(unsigned int)new_packet_capacity
207
+ BUFFER_SIZE);
208
if (*new_packet == NULL){
209
perror("realloc");
210
return -1;
211
}
212
new_packet_capacity += BUFFER_SIZE;
642
plaintext_capacity = incbuffer(plaintext,
643
(size_t)plaintext_length,
644
plaintext_capacity);
645
if(plaintext_capacity == 0){
646
perror_plus("incbuffer");
647
plaintext_length = -1;
648
goto decrypt_end;
213
649
}
214
650
215
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
651
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
216
652
BUFFER_SIZE);
217
653
/* Print the data, if any */
218
if (ret == 0){
654
if(ret == 0){
655
/* EOF */
219
656
break;
220
657
}
221
658
if(ret < 0){
222
perror("gpgme_data_read");
223
return -1;
224
}
225
new_packet_length += ret;
226
}
227
228
/* FIXME: check characters before printing to screen so to not print
229
terminal control characters */
230
/* if(debug){ */
231
/* fprintf(stderr, "decrypted password is: "); */
232
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
233
/* fprintf(stderr, "\n"); */
234
/* } */
659
perror_plus("gpgme_data_read");
660
plaintext_length = -1;
661
goto decrypt_end;
662
}
663
plaintext_length += ret;
664
}
665
666
if(debug){
667
fprintf_plus(stderr, "Decrypted password is: ");
668
for(ssize_t i = 0; i < plaintext_length; i++){
669
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
670
}
671
fprintf(stderr, "\n");
672
}
673
674
decrypt_end:
675
676
/* Delete the GPGME cryptotext data buffer */
677
gpgme_data_release(dh_crypto);
235
678
236
679
/* Delete the GPGME plaintext data buffer */
237
680
gpgme_data_release(dh_plain);
238
return new_packet_length;
239
}
240
241
static const char * safer_gnutls_strerror (int value) {
242
const char *ret = gnutls_strerror (value);
243
if (ret == NULL)
244
ret = "(unknown)";
245
return ret;
246
}
247
248
void debuggnutls(__attribute__((unused)) int level,
249
const char* string){
250
fprintf(stderr, "%s", string);
251
}
252
253
int initgnutls(encrypted_session *es){
254
const char *err;
681
return plaintext_length;
682
}
683
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
691
__attribute__((warn_unused_result))
692
static const char *safer_gnutls_strerror(int value){
693
const char *ret = gnutls_strerror(value);
694
return safe_string(ret);
695
}
696
697
/* GnuTLS log function callback */
698
__attribute__((nonnull))
699
static void debuggnutls(__attribute__((unused)) int level,
700
const char* string){
701
fprintf_plus(stderr, "GnuTLS: %s", string);
702
}
703
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
705
static int init_gnutls_global(const char *pubkeyfilename,
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
708
mandos_context *mc){
255
709
int ret;
256
710
257
711
if(debug){
258
fprintf(stderr, "Initializing GnuTLS\n");
259
}
260
261
if ((ret = gnutls_global_init ())
262
!= GNUTLS_E_SUCCESS) {
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
264
return -1;
265
}
266
267
if (debug){
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
713
}
714
715
if(debug){
716
/* "Use a log level over 10 to enable all debugging options."
717
* - GnuTLS manual
718
*/
268
719
gnutls_global_set_log_level(11);
269
720
gnutls_global_set_log_function(debuggnutls);
270
721
}
271
722
272
/* openpgp credentials */
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
274
!= GNUTLS_E_SUCCESS) {
275
fprintf (stderr, "memory error: %s\n",
276
safer_gnutls_strerror(ret));
723
/* OpenPGP credentials */
724
ret = gnutls_certificate_allocate_credentials(&mc->cred);
725
if(ret != GNUTLS_E_SUCCESS){
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
727
safer_gnutls_strerror(ret));
277
728
return -1;
278
729
}
279
730
280
731
if(debug){
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
734
pubkeyfilename,
735
seckeyfilename);
284
736
}
285
737
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
286
751
ret = gnutls_certificate_set_openpgp_key_file
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
288
if (ret != GNUTLS_E_SUCCESS) {
289
fprintf
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
291
" '%s')\n",
292
ret, certfile, certkey);
293
fprintf(stdout, "The Error is: %s\n",
294
safer_gnutls_strerror(ret));
295
return -1;
296
}
297
298
//GnuTLS server initialization
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
300
!= GNUTLS_E_SUCCESS) {
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
302
safer_gnutls_strerror(ret));
303
return -1;
304
}
305
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
307
!= GNUTLS_E_SUCCESS) {
308
fprintf (stderr, "Error in prime generation: %s\n",
309
safer_gnutls_strerror(ret));
310
return -1;
311
}
312
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
314
315
// GnuTLS session creation
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
317
!= GNUTLS_E_SUCCESS){
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
319
safer_gnutls_strerror(ret));
320
}
321
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf(stderr, "Syntax error at: %s\n", err);
325
fprintf(stderr, "GnuTLS error: %s\n",
326
safer_gnutls_strerror(ret));
327
return -1;
328
}
329
330
if ((ret = gnutls_credentials_set
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
332
!= GNUTLS_E_SUCCESS) {
333
fprintf(stderr, "Error setting a credentials set: %s\n",
334
safer_gnutls_strerror(ret));
752
(mc->cred, pubkeyfilename, seckeyfilename,
753
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
757
if(ret != GNUTLS_E_SUCCESS){
758
fprintf_plus(stderr,
759
"Error[%d] while reading the key pair ('%s',"
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
762
safer_gnutls_strerror(ret));
763
goto globalfail;
764
}
765
766
/* GnuTLS server initialization */
767
ret = gnutls_dh_params_init(&mc->dh_params);
768
if(ret != GNUTLS_E_SUCCESS){
769
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
770
" initialization: %s\n",
771
safer_gnutls_strerror(ret));
772
goto globalfail;
773
}
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
956
957
return 0;
958
959
globalfail:
960
961
gnutls_certificate_free_credentials(mc->cred);
962
gnutls_dh_params_deinit(mc->dh_params);
963
return -1;
964
}
965
966
__attribute__((nonnull, warn_unused_result))
967
static int init_gnutls_session(gnutls_session_t *session,
968
mandos_context *mc){
969
int ret;
970
/* GnuTLS session creation */
971
do {
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
980
if(quit_now){
981
return -1;
982
}
983
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
984
if(ret != GNUTLS_E_SUCCESS){
985
fprintf_plus(stderr,
986
"Error in GnuTLS session initialization: %s\n",
987
safer_gnutls_strerror(ret));
988
}
989
990
{
991
const char *err;
992
do {
993
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
994
if(quit_now){
995
gnutls_deinit(*session);
996
return -1;
997
}
998
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
999
if(ret != GNUTLS_E_SUCCESS){
1000
fprintf_plus(stderr, "Syntax error at: %s\n", err);
1001
fprintf_plus(stderr, "GnuTLS error: %s\n",
1002
safer_gnutls_strerror(ret));
1003
gnutls_deinit(*session);
1004
return -1;
1005
}
1006
}
1007
1008
do {
1009
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
1010
mc->cred);
1011
if(quit_now){
1012
gnutls_deinit(*session);
1013
return -1;
1014
}
1015
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1016
if(ret != GNUTLS_E_SUCCESS){
1017
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
1018
safer_gnutls_strerror(ret));
1019
gnutls_deinit(*session);
335
1020
return -1;
336
1021
}
337
1022
338
1023
/* ignore client certificate if any. */
339
gnutls_certificate_server_set_request (es->session,
340
GNUTLS_CERT_IGNORE);
341
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
343
1025
344
1026
return 0;
345
1027
}
346
1028
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
349
350
int start_mandos_communication(const char *ip, uint16_t port,
1029
/* Avahi log function callback */
1030
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1031
__attribute__((unused)) const char *txt){}
1032
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
351
1199
AvahiIfIndex if_index){
352
int ret, tcp_sd;
353
struct sockaddr_in6 to;
354
encrypted_session es;
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
1206
/* Called when a Mandos server is found */
1207
__attribute__((nonnull, warn_unused_result))
1208
static int start_mandos_communication(const char *ip, in_port_t port,
1209
AvahiIfIndex if_index,
1210
int af, mandos_context *mc){
1211
int ret, tcp_sd = -1;
1212
ssize_t sret;
1213
struct sockaddr_storage to;
355
1214
char *buffer = NULL;
356
char *decrypted_buffer;
1215
char *decrypted_buffer = NULL;
357
1216
size_t buffer_length = 0;
358
1217
size_t buffer_capacity = 0;
359
ssize_t decrypted_buffer_size;
360
size_t written = 0;
361
int retval = 0;
362
char interface[IF_NAMESIZE];
363
364
if(debug){
365
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
366
ip, port);
367
}
368
369
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
370
if(tcp_sd < 0) {
371
perror("socket");
372
return -1;
373
}
374
375
if(if_indextoname((unsigned int)if_index, interface) == NULL){
376
if(debug){
377
perror("if_indextoname");
378
}
379
return -1;
380
}
381
382
if(debug){
383
fprintf(stderr, "Binding to interface %s\n", interface);
384
}
385
386
memset(&to,0,sizeof(to)); /* Spurious warning */
387
to.sin6_family = AF_INET6;
388
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
389
if (ret < 0 ){
390
perror("inet_pton");
391
return -1;
392
}
1218
size_t written;
1219
int retval = -1;
1220
gnutls_session_t session;
1221
int pf; /* Protocol family */
1222
bool route_added = false;
1223
1224
errno = 0;
1225
1226
if(quit_now){
1227
errno = EINTR;
1228
return -1;
1229
}
1230
1231
switch(af){
1232
case AF_INET6:
1233
pf = PF_INET6;
1234
break;
1235
case AF_INET:
1236
pf = PF_INET;
1237
break;
1238
default:
1239
fprintf_plus(stderr, "Bad address family: %d\n", af);
1240
errno = EINVAL;
1241
return -1;
1242
}
1243
1244
/* If the interface is specified and we have a list of interfaces */
1245
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1246
/* Check if the interface is one of the interfaces we are using */
1247
bool match = false;
1248
{
1249
char *interface = NULL;
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
1254
match = true;
1255
break;
1256
}
1257
}
1258
}
1259
if(not match){
1260
/* This interface does not match any in the list, so we don't
1261
connect to the server */
1262
if(debug){
1263
char interface[IF_NAMESIZE];
1264
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1265
perror_plus("if_indextoname");
1266
} else {
1267
fprintf_plus(stderr, "Skipping server on non-used interface"
1268
" \"%s\"\n",
1269
if_indextoname((unsigned int)if_index,
1270
interface));
1271
}
1272
}
1273
return -1;
1274
}
1275
}
1276
1277
ret = init_gnutls_session(&session, mc);
1278
if(ret != 0){
1279
return -1;
1280
}
1281
1282
if(debug){
1283
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1284
PRIuMAX "\n", ip, (uintmax_t)port);
1285
}
1286
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1288
if(tcp_sd < 0){
1289
int e = errno;
1290
perror_plus("socket");
1291
errno = e;
1292
goto mandos_end;
1293
}
1294
1295
if(quit_now){
1296
errno = EINTR;
1297
goto mandos_end;
1298
}
1299
1300
if(af == AF_INET6){
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
1304
} else { /* IPv4 */
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
1308
}
1309
if(ret < 0 ){
1310
int e = errno;
1311
perror_plus("inet_pton");
1312
errno = e;
1313
goto mandos_end;
1314
}
393
1315
if(ret == 0){
394
fprintf(stderr, "Bad address: %s\n", ip);
395
return -1;
396
}
397
to.sin6_port = htons(port); /* Spurious warning */
398
399
to.sin6_scope_id = (uint32_t)if_index;
400
401
if(debug){
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
407
/* } else { */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
410
/* } */
411
}
412
413
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
414
if (ret < 0){
415
perror("connect");
416
return -1;
417
}
418
419
ret = initgnutls (&es);
420
if (ret != 0){
421
retval = -1;
422
return -1;
423
}
424
425
gnutls_transport_set_ptr (es.session,
426
(gnutls_transport_ptr_t) tcp_sd);
427
428
if(debug){
429
fprintf(stderr, "Establishing TLS session with %s\n", ip);
430
}
431
432
ret = gnutls_handshake (es.session);
433
434
if (ret != GNUTLS_E_SUCCESS){
1316
int e = errno;
1317
fprintf_plus(stderr, "Bad address: %s\n", ip);
1318
errno = e;
1319
goto mandos_end;
1320
}
1321
if(af == AF_INET6){
1322
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1323
if(IN6_IS_ADDR_LINKLOCAL
1324
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1325
if(if_index == AVAHI_IF_UNSPEC){
1326
fprintf_plus(stderr, "An IPv6 link-local address is"
1327
" incomplete without a network interface\n");
1328
errno = EINVAL;
1329
goto mandos_end;
1330
}
1331
/* Set the network interface number as scope */
1332
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1333
}
1334
} else {
1335
((struct sockaddr_in *)&to)->sin_port = htons(port);
1336
}
1337
1338
if(quit_now){
1339
errno = EINTR;
1340
goto mandos_end;
1341
}
1342
1343
if(debug){
1344
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1345
char interface[IF_NAMESIZE];
1346
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1347
perror_plus("if_indextoname");
1348
} else {
1349
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1350
"\n", ip, interface, (uintmax_t)port);
1351
}
1352
} else {
1353
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1354
ip, (uintmax_t)port);
1355
}
1356
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1357
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1358
if(af == AF_INET6){
1359
ret = getnameinfo((struct sockaddr *)&to,
1360
sizeof(struct sockaddr_in6),
1361
addrstr, sizeof(addrstr), NULL, 0,
1362
NI_NUMERICHOST);
1363
} else {
1364
ret = getnameinfo((struct sockaddr *)&to,
1365
sizeof(struct sockaddr_in),
1366
addrstr, sizeof(addrstr), NULL, 0,
1367
NI_NUMERICHOST);
1368
}
1369
if(ret == EAI_SYSTEM){
1370
perror_plus("getnameinfo");
1371
} else if(ret != 0) {
1372
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1373
} else if(strcmp(addrstr, ip) != 0){
1374
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1375
}
1376
}
1377
1378
if(quit_now){
1379
errno = EINTR;
1380
goto mandos_end;
1381
}
1382
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
1438
}
1439
1440
const char *out = mandos_protocol_version;
1441
written = 0;
1442
while(true){
1443
size_t out_size = strlen(out);
1444
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1445
out_size - written));
1446
if(ret == -1){
1447
int e = errno;
1448
perror_plus("write");
1449
errno = e;
1450
goto mandos_end;
1451
}
1452
written += (size_t)ret;
1453
if(written < out_size){
1454
continue;
1455
} else {
1456
if(out == mandos_protocol_version){
1457
written = 0;
1458
out = "\r\n";
1459
} else {
1460
break;
1461
}
1462
}
1463
1464
if(quit_now){
1465
errno = EINTR;
1466
goto mandos_end;
1467
}
1468
}
1469
1470
if(debug){
1471
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1472
}
1473
1474
if(quit_now){
1475
errno = EINTR;
1476
goto mandos_end;
1477
}
1478
1479
/* This casting via intptr_t is to eliminate warning about casting
1480
an int to a pointer type. This is exactly how the GnuTLS Guile
1481
function "set-session-transport-fd!" does it. */
1482
gnutls_transport_set_ptr(session,
1483
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1484
1485
if(quit_now){
1486
errno = EINTR;
1487
goto mandos_end;
1488
}
1489
1490
do {
1491
ret = gnutls_handshake(session);
1492
if(quit_now){
1493
errno = EINTR;
1494
goto mandos_end;
1495
}
1496
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1497
1498
if(ret != GNUTLS_E_SUCCESS){
435
1499
if(debug){
436
fprintf(stderr, "\n*** Handshake failed ***\n");
437
gnutls_perror (ret);
1500
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1501
gnutls_perror(ret);
438
1502
}
439
retval = -1;
440
goto exit;
1503
errno = EPROTO;
1504
goto mandos_end;
441
1505
}
442
1506
443
//Retrieve OpenPGP packet that contains the wanted password
1507
/* Read OpenPGP packet that contains the wanted password */
444
1508
445
1509
if(debug){
446
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
447
ip);
1510
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1511
" %s\n", ip);
448
1512
}
449
1513
450
1514
while(true){
451
if (buffer_length + BUFFER_SIZE > buffer_capacity){
452
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
453
if (buffer == NULL){
454
perror("realloc");
455
goto exit;
456
}
457
buffer_capacity += BUFFER_SIZE;
458
}
459
460
ret = gnutls_record_recv
461
(es.session, buffer+buffer_length, BUFFER_SIZE);
462
if (ret == 0){
1515
1516
if(quit_now){
1517
errno = EINTR;
1518
goto mandos_end;
1519
}
1520
1521
buffer_capacity = incbuffer(&buffer, buffer_length,
1522
buffer_capacity);
1523
if(buffer_capacity == 0){
1524
int e = errno;
1525
perror_plus("incbuffer");
1526
errno = e;
1527
goto mandos_end;
1528
}
1529
1530
if(quit_now){
1531
errno = EINTR;
1532
goto mandos_end;
1533
}
1534
1535
sret = gnutls_record_recv(session, buffer+buffer_length,
1536
BUFFER_SIZE);
1537
if(sret == 0){
463
1538
break;
464
1539
}
465
if (ret < 0){
466
switch(ret){
1540
if(sret < 0){
1541
switch(sret){
467
1542
case GNUTLS_E_INTERRUPTED:
468
1543
case GNUTLS_E_AGAIN:
469
1544
break;
470
1545
case GNUTLS_E_REHANDSHAKE:
471
ret = gnutls_handshake (es.session);
472
if (ret < 0){
473
fprintf(stderr, "\n*** Handshake failed ***\n");
474
gnutls_perror (ret);
475
retval = -1;
476
goto exit;
1546
do {
1547
ret = gnutls_handshake(session);
1548
1549
if(quit_now){
1550
errno = EINTR;
1551
goto mandos_end;
1552
}
1553
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1554
if(ret < 0){
1555
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1556
"***\n");
1557
gnutls_perror(ret);
1558
errno = EPROTO;
1559
goto mandos_end;
477
1560
}
478
1561
break;
479
1562
default:
480
fprintf(stderr, "Unknown error while reading data from"
481
" encrypted session with mandos server\n");
482
retval = -1;
483
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
484
goto exit;
1563
fprintf_plus(stderr, "Unknown error while reading data from"
1564
" encrypted session with Mandos server\n");
1565
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1566
errno = EIO;
1567
goto mandos_end;
485
1568
}
486
1569
} else {
487
buffer_length += (size_t) ret;
488
}
489
}
490
491
if (buffer_length > 0){
492
decrypted_buffer_size = pgp_packet_decrypt(buffer,
493
buffer_length,
494
&decrypted_buffer,
495
certdir);
496
if (decrypted_buffer_size >= 0){
1570
buffer_length += (size_t) sret;
1571
}
1572
}
1573
1574
if(debug){
1575
fprintf_plus(stderr, "Closing TLS session\n");
1576
}
1577
1578
if(quit_now){
1579
errno = EINTR;
1580
goto mandos_end;
1581
}
1582
1583
do {
1584
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1585
if(quit_now){
1586
errno = EINTR;
1587
goto mandos_end;
1588
}
1589
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1590
1591
if(buffer_length > 0){
1592
ssize_t decrypted_buffer_size;
1593
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1594
&decrypted_buffer, mc);
1595
if(decrypted_buffer_size >= 0){
1596
1597
clearerr(stdout);
1598
written = 0;
497
1599
while(written < (size_t) decrypted_buffer_size){
498
ret = (int)fwrite (decrypted_buffer + written, 1,
499
(size_t)decrypted_buffer_size - written,
500
stdout);
1600
if(quit_now){
1601
errno = EINTR;
1602
goto mandos_end;
1603
}
1604
1605
ret = (int)fwrite(decrypted_buffer + written, 1,
1606
(size_t)decrypted_buffer_size - written,
1607
stdout);
501
1608
if(ret == 0 and ferror(stdout)){
1609
int e = errno;
502
1610
if(debug){
503
fprintf(stderr, "Error writing encrypted data: %s\n",
504
strerror(errno));
1611
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1612
strerror(errno));
505
1613
}
506
retval = -1;
507
break;
1614
errno = e;
1615
goto mandos_end;
508
1616
}
509
1617
written += (size_t)ret;
510
1618
}
511
free(decrypted_buffer);
512
} else {
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1629
retval = 0;
1630
}
1631
}
1632
1633
/* Shutdown procedure */
1634
1635
mandos_end:
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1643
int e = errno;
1644
free(decrypted_buffer);
1645
free(buffer);
1646
if(tcp_sd >= 0){
1647
ret = close(tcp_sd);
1648
}
1649
if(ret == -1){
1650
if(e == 0){
1651
e = errno;
1652
}
1653
perror_plus("close");
1654
}
1655
gnutls_deinit(session);
1656
errno = e;
1657
if(quit_now){
1658
errno = EINTR;
513
1659
retval = -1;
514
1660
}
515
1661
}
516
517
//shutdown procedure
518
519
if(debug){
520
fprintf(stderr, "Closing TLS session\n");
521
}
522
523
free(buffer);
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
exit:
526
close(tcp_sd);
527
gnutls_deinit (es.session);
528
gnutls_certificate_free_credentials (es.cred);
529
gnutls_global_deinit ();
530
1662
return retval;
531
1663
}
532
1664
533
static AvahiSimplePoll *simple_poll = NULL;
534
static AvahiServer *server = NULL;
535
536
static void resolve_callback(
537
AvahiSServiceResolver *r,
538
AvahiIfIndex interface,
539
AVAHI_GCC_UNUSED AvahiProtocol protocol,
540
AvahiResolverEvent event,
541
const char *name,
542
const char *type,
543
const char *domain,
544
const char *host_name,
545
const AvahiAddress *address,
546
uint16_t port,
547
AVAHI_GCC_UNUSED AvahiStringList *txt,
548
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
549
AVAHI_GCC_UNUSED void* userdata) {
550
551
assert(r); /* Spurious warning */
1665
static void resolve_callback(AvahiSServiceResolver *r,
1666
AvahiIfIndex interface,
1667
AvahiProtocol proto,
1668
AvahiResolverEvent event,
1669
const char *name,
1670
const char *type,
1671
const char *domain,
1672
const char *host_name,
1673
const AvahiAddress *address,
1674
uint16_t port,
1675
AVAHI_GCC_UNUSED AvahiStringList *txt,
1676
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1677
flags,
1678
void *mc){
1679
if(r == NULL){
1680
return;
1681
}
552
1682
553
1683
/* Called whenever a service has been resolved successfully or
554
1684
timed out */
555
1685
556
switch (event) {
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1688
return;
1689
}
1690
1691
switch(event){
557
1692
default:
558
1693
case AVAHI_RESOLVER_FAILURE:
559
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
560
" type '%s' in domain '%s': %s\n", name, type, domain,
561
avahi_strerror(avahi_server_errno(server)));
1694
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1695
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1696
domain,
1697
avahi_strerror(avahi_server_errno
1698
(((mandos_context*)mc)->server)));
562
1699
break;
563
1700
564
1701
case AVAHI_RESOLVER_FOUND:
566
1703
char ip[AVAHI_ADDRESS_STR_MAX];
567
1704
avahi_address_snprint(ip, sizeof(ip), address);
568
1705
if(debug){
569
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
" port %d\n", name, host_name, ip, port);
1706
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1707
PRIdMAX ") on port %" PRIu16 "\n", name,
1708
host_name, ip, (intmax_t)interface, port);
571
1709
}
572
int ret = start_mandos_communication(ip, port, interface);
573
if (ret == 0){
574
exit(EXIT_SUCCESS);
1710
int ret = start_mandos_communication(ip, (in_port_t)port,
1711
interface,
1712
avahi_proto_to_af(proto),
1713
mc);
1714
if(ret == 0){
1715
avahi_simple_poll_quit(simple_poll);
1716
} else {
1717
if(not add_server(ip, (in_port_t)port, interface,
1718
avahi_proto_to_af(proto),
1719
&((mandos_context*)mc)->current_server)){
1720
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1721
" list\n", name);
1722
}
575
1723
}
576
1724
}
577
1725
}
578
1726
avahi_s_service_resolver_free(r);
579
1727
}
580
1728
581
static void browse_callback(
582
AvahiSServiceBrowser *b,
583
AvahiIfIndex interface,
584
AvahiProtocol protocol,
585
AvahiBrowserEvent event,
586
const char *name,
587
const char *type,
588
const char *domain,
589
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
590
void* userdata) {
591
592
AvahiServer *s = userdata;
593
assert(b); /* Spurious warning */
594
595
/* Called whenever a new services becomes available on the LAN or
596
is removed from the LAN */
597
598
switch (event) {
1729
static void browse_callback(AvahiSServiceBrowser *b,
1730
AvahiIfIndex interface,
1731
AvahiProtocol protocol,
1732
AvahiBrowserEvent event,
1733
const char *name,
1734
const char *type,
1735
const char *domain,
1736
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1737
flags,
1738
void *mc){
1739
if(b == NULL){
1740
return;
1741
}
1742
1743
/* Called whenever a new services becomes available on the LAN or
1744
is removed from the LAN */
1745
1746
if(quit_now){
1747
return;
1748
}
1749
1750
switch(event){
1751
default:
1752
case AVAHI_BROWSER_FAILURE:
1753
1754
fprintf_plus(stderr, "(Avahi browser) %s\n",
1755
avahi_strerror(avahi_server_errno
1756
(((mandos_context*)mc)->server)));
1757
avahi_simple_poll_quit(simple_poll);
1758
return;
1759
1760
case AVAHI_BROWSER_NEW:
1761
/* We ignore the returned Avahi resolver object. In the callback
1762
function we free it. If the Avahi server is terminated before
1763
the callback function is called the Avahi server will free the
1764
resolver for us. */
1765
1766
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1767
interface, protocol, name, type,
1768
domain, protocol, 0,
1769
resolve_callback, mc) == NULL)
1770
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1771
" %s\n", name,
1772
avahi_strerror(avahi_server_errno
1773
(((mandos_context*)mc)->server)));
1774
break;
1775
1776
case AVAHI_BROWSER_REMOVE:
1777
break;
1778
1779
case AVAHI_BROWSER_ALL_FOR_NOW:
1780
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1781
if(debug){
1782
fprintf_plus(stderr, "No Mandos server found, still"
1783
" searching...\n");
1784
}
1785
break;
1786
}
1787
}
1788
1789
/* Signal handler that stops main loop after SIGTERM */
1790
static void handle_sigterm(int sig){
1791
if(quit_now){
1792
return;
1793
}
1794
quit_now = 1;
1795
signal_received = sig;
1796
int old_errno = errno;
1797
/* set main loop to exit */
1798
if(simple_poll != NULL){
1799
avahi_simple_poll_quit(simple_poll);
1800
}
1801
errno = old_errno;
1802
}
1803
1804
__attribute__((nonnull, warn_unused_result))
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1806
int ret;
1807
int old_errno;
1808
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1810
if(s < 0){
1811
old_errno = errno;
1812
perror_plus("socket");
1813
errno = old_errno;
1814
return false;
1815
}
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1819
if(ret == -1){
1820
if(debug){
1821
old_errno = errno;
1822
perror_plus("ioctl SIOCGIFFLAGS");
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1829
}
1830
return false;
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1837
return true;
1838
}
1839
1840
__attribute__((nonnull, warn_unused_result))
1841
bool good_flags(const char *ifname, const struct ifreq *ifr){
1842
1843
/* Reject the loopback device */
1844
if(ifr->ifr_flags & IFF_LOOPBACK){
1845
if(debug){
1846
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1847
ifname);
1848
}
1849
return false;
1850
}
1851
/* Accept point-to-point devices only if connect_to is specified */
1852
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1853
if(debug){
1854
fprintf_plus(stderr, "Accepting point-to-point interface"
1855
" \"%s\"\n", ifname);
1856
}
1857
return true;
1858
}
1859
/* Otherwise, reject non-broadcast-capable devices */
1860
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1861
if(debug){
1862
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1863
" \"%s\"\n", ifname);
1864
}
1865
return false;
1866
}
1867
/* Reject non-ARP interfaces (including dummy interfaces) */
1868
if(ifr->ifr_flags & IFF_NOARP){
1869
if(debug){
1870
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1871
ifname);
1872
}
1873
return false;
1874
}
1875
1876
/* Accept this device */
1877
if(debug){
1878
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1879
}
1880
return true;
1881
}
1882
1883
/*
1884
* This function determines if a directory entry in /sys/class/net
1885
* corresponds to an acceptable network device.
1886
* (This function is passed to scandir(3) as a filter function.)
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1889
int good_interface(const struct dirent *if_entry){
1890
if(if_entry->d_name[0] == '.'){
1891
return 0;
1892
}
1893
1894
struct ifreq ifr;
1895
if(not get_flags(if_entry->d_name, &ifr)){
1896
if(debug){
1897
fprintf_plus(stderr, "Failed to get flags for interface "
1898
"\"%s\"\n", if_entry->d_name);
1899
}
1900
return 0;
1901
}
1902
1903
if(not good_flags(if_entry->d_name, &ifr)){
1904
return 0;
1905
}
1906
return 1;
1907
}
1908
1909
/*
1910
* This function determines if a network interface is up.
1911
*/
1912
__attribute__((nonnull, warn_unused_result))
1913
bool interface_is_up(const char *interface){
1914
struct ifreq ifr;
1915
if(not get_flags(interface, &ifr)){
1916
if(debug){
1917
fprintf_plus(stderr, "Failed to get flags for interface "
1918
"\"%s\"\n", interface);
1919
}
1920
return false;
1921
}
1922
1923
return (bool)(ifr.ifr_flags & IFF_UP);
1924
}
1925
1926
/*
1927
* This function determines if a network interface is running
1928
*/
1929
__attribute__((nonnull, warn_unused_result))
1930
bool interface_is_running(const char *interface){
1931
struct ifreq ifr;
1932
if(not get_flags(interface, &ifr)){
1933
if(debug){
1934
fprintf_plus(stderr, "Failed to get flags for interface "
1935
"\"%s\"\n", interface);
1936
}
1937
return false;
1938
}
1939
1940
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1941
}
1942
1943
__attribute__((nonnull, pure, warn_unused_result))
1944
int notdotentries(const struct dirent *direntry){
1945
/* Skip "." and ".." */
1946
if(direntry->d_name[0] == '.'
1947
and (direntry->d_name[1] == '\0'
1948
or (direntry->d_name[1] == '.'
1949
and direntry->d_name[2] == '\0'))){
1950
return 0;
1951
}
1952
return 1;
1953
}
1954
1955
/* Is this directory entry a runnable program? */
1956
__attribute__((nonnull, warn_unused_result))
1957
int runnable_hook(const struct dirent *direntry){
1958
int ret;
1959
size_t sret;
1960
struct stat st;
1961
1962
if((direntry->d_name)[0] == '\0'){
1963
/* Empty name? */
1964
return 0;
1965
}
1966
1967
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1968
"abcdefghijklmnopqrstuvwxyz"
1969
"0123456789"
1970
"_.-");
1971
if((direntry->d_name)[sret] != '\0'){
1972
/* Contains non-allowed characters */
1973
if(debug){
1974
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1975
direntry->d_name);
1976
}
1977
return 0;
1978
}
1979
1980
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1981
if(ret == -1){
1982
if(debug){
1983
perror_plus("Could not stat hook");
1984
}
1985
return 0;
1986
}
1987
if(not (S_ISREG(st.st_mode))){
1988
/* Not a regular file */
1989
if(debug){
1990
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1991
direntry->d_name);
1992
}
1993
return 0;
1994
}
1995
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1996
/* Not executable */
1997
if(debug){
1998
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1999
direntry->d_name);
2000
}
2001
return 0;
2002
}
2003
if(debug){
2004
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
2005
direntry->d_name);
2006
}
2007
return 1;
2008
}
2009
2010
__attribute__((nonnull, warn_unused_result))
2011
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
2012
mandos_context *mc){
2013
int ret;
2014
struct timespec now;
2015
struct timespec waited_time;
2016
intmax_t block_time;
2017
2018
while(true){
2019
if(mc->current_server == NULL){
2020
if(debug){
2021
fprintf_plus(stderr, "Wait until first server is found."
2022
" No timeout!\n");
2023
}
2024
ret = avahi_simple_poll_iterate(s, -1);
2025
} else {
2026
if(debug){
2027
fprintf_plus(stderr, "Check current_server if we should run"
2028
" it, or wait\n");
2029
}
2030
/* the current time */
2031
ret = clock_gettime(CLOCK_MONOTONIC, &now);
2032
if(ret == -1){
2033
perror_plus("clock_gettime");
2034
return -1;
2035
}
2036
/* Calculating in ms how long time between now and server
2037
who we visted longest time ago. Now - last seen. */
2038
waited_time.tv_sec = (now.tv_sec
2039
- mc->current_server->last_seen.tv_sec);
2040
waited_time.tv_nsec = (now.tv_nsec
2041
- mc->current_server->last_seen.tv_nsec);
2042
/* total time is 10s/10,000ms.
2043
Converting to s from ms by dividing by 1,000,
2044
and ns to ms by dividing by 1,000,000. */
2045
block_time = ((retry_interval
2046
- ((intmax_t)waited_time.tv_sec * 1000))
2047
- ((intmax_t)waited_time.tv_nsec / 1000000));
2048
2049
if(debug){
2050
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
2051
block_time);
2052
}
2053
2054
if(block_time <= 0){
2055
ret = start_mandos_communication(mc->current_server->ip,
2056
mc->current_server->port,
2057
mc->current_server->if_index,
2058
mc->current_server->af, mc);
2059
if(ret == 0){
2060
avahi_simple_poll_quit(s);
2061
return 0;
2062
}
2063
ret = clock_gettime(CLOCK_MONOTONIC,
2064
&mc->current_server->last_seen);
2065
if(ret == -1){
2066
perror_plus("clock_gettime");
2067
return -1;
2068
}
2069
mc->current_server = mc->current_server->next;
2070
block_time = 0; /* Call avahi to find new Mandos
2071
servers, but don't block */
2072
}
2073
2074
ret = avahi_simple_poll_iterate(s, (int)block_time);
2075
}
2076
if(ret != 0){
2077
if(ret > 0 or errno != EINTR){
2078
return (ret != 1) ? ret : 0;
2079
}
2080
}
2081
}
2082
}
2083
2084
__attribute__((nonnull))
2085
void run_network_hooks(const char *mode, const char *interface,
2086
const float delay){
2087
struct dirent **direntries = NULL;
2088
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
2091
if(hookdir_fd == -1){
2092
if(errno == ENOENT){
2093
if(debug){
2094
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2095
" found\n", hookdir);
2096
}
2097
} else {
2098
perror_plus("open");
2099
}
2100
return;
2101
}
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
runnable_hook, alphasort);
2110
if(numhooks == -1){
2111
perror_plus("scandir");
2112
close(devnull);
2113
return;
2114
}
2115
struct dirent *direntry;
2116
int ret;
2117
for(int i = 0; i < numhooks; i++){
2118
direntry = direntries[i];
2119
if(debug){
2120
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2121
direntry->d_name);
2122
}
2123
pid_t hook_pid = fork();
2124
if(hook_pid == 0){
2125
/* Child */
2126
/* Raise privileges */
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
2129
perror_plus("Failed to raise privileges");
2130
_exit(EX_NOPERM);
2131
}
2132
/* Set group */
2133
errno = 0;
2134
ret = setgid(0);
2135
if(ret == -1){
2136
perror_plus("setgid");
2137
_exit(EX_NOPERM);
2138
}
2139
/* Reset supplementary groups */
2140
errno = 0;
2141
ret = setgroups(0, NULL);
2142
if(ret == -1){
2143
perror_plus("setgroups");
2144
_exit(EX_NOPERM);
2145
}
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
if(ret == -1){
2148
perror_plus("setenv");
2149
_exit(EX_OSERR);
2150
}
2151
ret = setenv("DEVICE", interface, 1);
2152
if(ret == -1){
2153
perror_plus("setenv");
2154
_exit(EX_OSERR);
2155
}
2156
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2157
if(ret == -1){
2158
perror_plus("setenv");
2159
_exit(EX_OSERR);
2160
}
2161
ret = setenv("MODE", mode, 1);
2162
if(ret == -1){
2163
perror_plus("setenv");
2164
_exit(EX_OSERR);
2165
}
2166
char *delaystring;
2167
ret = asprintf(&delaystring, "%f", (double)delay);
2168
if(ret == -1){
2169
perror_plus("asprintf");
2170
_exit(EX_OSERR);
2171
}
2172
ret = setenv("DELAY", delaystring, 1);
2173
if(ret == -1){
2174
free(delaystring);
2175
perror_plus("setenv");
2176
_exit(EX_OSERR);
2177
}
2178
free(delaystring);
2179
if(connect_to != NULL){
2180
ret = setenv("CONNECT", connect_to, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
2189
if(hook_fd == -1){
2190
perror_plus("openat");
2191
_exit(EXIT_FAILURE);
2192
}
2193
if(close(hookdir_fd) == -1){
2194
perror_plus("close");
2195
_exit(EXIT_FAILURE);
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
environ) == -1){
2214
perror_plus("fexecve");
2215
_exit(EXIT_FAILURE);
2216
}
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
int status;
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
perror_plus("waitpid");
2226
free(direntry);
2227
continue;
2228
}
2229
if(WIFEXITED(status)){
2230
if(WEXITSTATUS(status) != 0){
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2232
" with status %d\n", direntry->d_name,
2233
WEXITSTATUS(status));
2234
free(direntry);
2235
continue;
2236
}
2237
} else if(WIFSIGNALED(status)){
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2239
" signal %d\n", direntry->d_name,
2240
WTERMSIG(status));
2241
free(direntry);
2242
continue;
2243
} else {
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
2247
continue;
2248
}
2249
}
2250
if(debug){
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2252
direntry->d_name);
2253
}
2254
free(direntry);
2255
}
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
2258
perror_plus("close");
2259
} else {
2260
hookdir_fd = -1;
2261
}
2262
close(devnull);
2263
}
2264
2265
__attribute__((nonnull, warn_unused_result))
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
2269
int ret;
2270
struct ifreq network;
2271
unsigned int if_index = if_nametoindex(interface);
2272
if(if_index == 0){
2273
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2274
errno = old_errno;
2275
return ENXIO;
2276
}
2277
2278
if(quit_now){
2279
errno = old_errno;
2280
return EINTR;
2281
}
2282
2283
if(not interface_is_up(interface)){
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
2286
if(not get_flags(interface, &network)){
2287
ret_errno = errno;
2288
fprintf_plus(stderr, "Failed to get flags for interface "
2289
"\"%s\"\n", interface);
2290
errno = old_errno;
2291
return ret_errno;
2292
}
2293
network.ifr_flags |= IFF_UP; /* set flag */
2294
2295
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2296
if(sd == -1){
2297
ret_errno = errno;
2298
perror_plus("socket");
2299
errno = old_errno;
2300
return ret_errno;
2301
}
2302
2303
if(quit_now){
2304
ret = close(sd);
2305
if(ret == -1){
2306
perror_plus("close");
2307
}
2308
errno = old_errno;
2309
return EINTR;
2310
}
2311
2312
if(debug){
2313
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2314
interface);
2315
}
2316
2317
/* Raise privileges */
2318
ret_errno = raise_privileges();
2319
if(ret_errno != 0){
2320
errno = ret_errno;
2321
perror_plus("Failed to raise privileges");
2322
}
2323
2324
#ifdef __linux__
2325
int ret_linux;
2326
bool restore_loglevel = false;
2327
if(ret_errno == 0){
2328
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2329
messages about the network interface to mess up the prompt */
2330
ret_linux = klogctl(8, NULL, 5);
2331
if(ret_linux == -1){
2332
perror_plus("klogctl");
2333
} else {
2334
restore_loglevel = true;
2335
}
2336
}
2337
#endif /* __linux__ */
2338
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2339
ioctl_errno = errno;
2340
#ifdef __linux__
2341
if(restore_loglevel){
2342
ret_linux = klogctl(7, NULL, 0);
2343
if(ret_linux == -1){
2344
perror_plus("klogctl");
2345
}
2346
}
2347
#endif /* __linux__ */
2348
2349
/* If raise_privileges() succeeded above */
2350
if(ret_errno == 0){
2351
/* Lower privileges */
2352
ret_errno = lower_privileges();
2353
if(ret_errno != 0){
2354
errno = ret_errno;
2355
perror_plus("Failed to lower privileges");
2356
}
2357
}
2358
2359
/* Close the socket */
2360
ret = close(sd);
2361
if(ret == -1){
2362
perror_plus("close");
2363
}
2364
2365
if(ret_setflags == -1){
2366
errno = ioctl_errno;
2367
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2368
errno = old_errno;
2369
return ioctl_errno;
2370
}
2371
} else if(debug){
2372
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2373
interface);
2374
}
2375
2376
/* Sleep checking until interface is running.
2377
Check every 0.25s, up to total time of delay */
2378
for(int i = 0; i < delay * 4; i++){
2379
if(interface_is_running(interface)){
2380
break;
2381
}
2382
struct timespec sleeptime = { .tv_nsec = 250000000 };
2383
ret = nanosleep(&sleeptime, NULL);
2384
if(ret == -1 and errno != EINTR){
2385
perror_plus("nanosleep");
2386
}
2387
}
2388
2389
errno = old_errno;
2390
return 0;
2391
}
2392
2393
__attribute__((nonnull, warn_unused_result))
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
2396
struct ifreq network;
2397
unsigned int if_index = if_nametoindex(interface);
2398
if(if_index == 0){
2399
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2400
errno = old_errno;
2401
return ENXIO;
2402
}
2403
if(interface_is_up(interface)){
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
2406
if(not get_flags(interface, &network) and debug){
2407
ret_errno = errno;
2408
fprintf_plus(stderr, "Failed to get flags for interface "
2409
"\"%s\"\n", interface);
2410
errno = old_errno;
2411
return ret_errno;
2412
}
2413
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2414
2415
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2416
if(sd == -1){
2417
ret_errno = errno;
2418
perror_plus("socket");
2419
errno = old_errno;
2420
return ret_errno;
2421
}
2422
2423
if(debug){
2424
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2425
interface);
2426
}
2427
2428
/* Raise privileges */
2429
ret_errno = raise_privileges();
2430
if(ret_errno != 0){
2431
errno = ret_errno;
2432
perror_plus("Failed to raise privileges");
2433
}
2434
2435
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2436
ioctl_errno = errno;
2437
2438
/* If raise_privileges() succeeded above */
2439
if(ret_errno == 0){
2440
/* Lower privileges */
2441
ret_errno = lower_privileges();
2442
if(ret_errno != 0){
2443
errno = ret_errno;
2444
perror_plus("Failed to lower privileges");
2445
}
2446
}
2447
2448
/* Close the socket */
2449
int ret = close(sd);
2450
if(ret == -1){
2451
perror_plus("close");
2452
}
2453
2454
if(ret_setflags == -1){
2455
errno = ioctl_errno;
2456
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2457
errno = old_errno;
2458
return ioctl_errno;
2459
}
2460
} else if(debug){
2461
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2462
interface);
2463
}
2464
2465
errno = old_errno;
2466
return 0;
2467
}
2468
2469
int main(int argc, char *argv[]){
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
2483
AvahiSServiceBrowser *sb = NULL;
2484
error_t ret_errno;
2485
int ret;
2486
intmax_t tmpmax;
2487
char *tmp;
2488
int exitcode = EXIT_SUCCESS;
2489
char *interfaces_to_take_down = NULL;
2490
size_t interfaces_to_take_down_size = 0;
2491
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2492
char old_tempdir[] = "/tmp/mandosXXXXXX";
2493
char *tempdir = NULL;
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2495
const char *seckey = PATHDIR "/" SECKEY;
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
2502
char *interfaces_hooks = NULL;
2503
2504
bool gnutls_initialized = false;
2505
bool gpgme_initialized = false;
2506
float delay = 2.5f;
2507
double retry_interval = 10; /* 10s between trying a server and
2508
retrying the same server again */
2509
2510
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2511
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2512
2513
uid = getuid();
2514
gid = getgid();
2515
2516
/* Lower any group privileges we might have, just to be safe */
2517
errno = 0;
2518
ret = setgid(gid);
2519
if(ret == -1){
2520
perror_plus("setgid");
2521
}
2522
2523
/* Lower user privileges (temporarily) */
2524
errno = 0;
2525
ret = seteuid(uid);
2526
if(ret == -1){
2527
perror_plus("seteuid");
2528
}
2529
2530
if(quit_now){
2531
goto end;
2532
}
2533
2534
{
2535
struct argp_option options[] = {
2536
{ .name = "debug", .key = 128,
2537
.doc = "Debug mode", .group = 3 },
2538
{ .name = "connect", .key = 'c',
2539
.arg = "ADDRESS:PORT",
2540
.doc = "Connect directly to a specific Mandos server",
2541
.group = 1 },
2542
{ .name = "interface", .key = 'i',
2543
.arg = "NAME",
2544
.doc = "Network interface that will be used to search for"
2545
" Mandos servers",
2546
.group = 1 },
2547
{ .name = "seckey", .key = 's',
2548
.arg = "FILE",
2549
.doc = "OpenPGP secret key file base name",
2550
.group = 1 },
2551
{ .name = "pubkey", .key = 'p',
2552
.arg = "FILE",
2553
.doc = "OpenPGP public key file base name",
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
2571
{ .name = "dh-bits", .key = 129,
2572
.arg = "BITS",
2573
.doc = "Bit length of the prime number used in the"
2574
" Diffie-Hellman key exchange",
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
2581
{ .name = "priority", .key = 130,
2582
.arg = "STRING",
2583
.doc = "GnuTLS priority string for the TLS handshake",
2584
.group = 1 },
2585
{ .name = "delay", .key = 131,
2586
.arg = "SECONDS",
2587
.doc = "Maximum delay to wait for interface startup",
2588
.group = 2 },
2589
{ .name = "retry", .key = 132,
2590
.arg = "SECONDS",
2591
.doc = "Retry interval used when denied by the Mandos server",
2592
.group = 2 },
2593
{ .name = "network-hook-dir", .key = 133,
2594
.arg = "DIR",
2595
.doc = "Directory where network hooks are located",
2596
.group = 2 },
2597
/*
2598
* These reproduce what we would get without ARGP_NO_HELP
2599
*/
2600
{ .name = "help", .key = '?',
2601
.doc = "Give this help list", .group = -1 },
2602
{ .name = "usage", .key = -3,
2603
.doc = "Give a short usage message", .group = -1 },
2604
{ .name = "version", .key = 'V',
2605
.doc = "Print program version", .group = -1 },
2606
{ .name = NULL }
2607
};
2608
2609
error_t parse_opt(int key, char *arg,
2610
struct argp_state *state){
2611
errno = 0;
2612
switch(key){
2613
case 128: /* --debug */
2614
debug = true;
2615
break;
2616
case 'c': /* --connect */
2617
connect_to = arg;
2618
break;
2619
case 'i': /* --interface */
2620
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2621
arg, (int)',');
2622
if(ret_errno != 0){
2623
argp_error(state, "%s", strerror(ret_errno));
2624
}
2625
break;
2626
case 's': /* --seckey */
2627
seckey = arg;
2628
break;
2629
case 'p': /* --pubkey */
2630
pubkey = arg;
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2642
case 129: /* --dh-bits */
2643
errno = 0;
2644
tmpmax = strtoimax(arg, &tmp, 10);
2645
if(errno != 0 or tmp == arg or *tmp != '\0'
2646
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2647
argp_error(state, "Bad number of DH bits");
2648
}
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2654
case 130: /* --priority */
2655
mc.priority = arg;
2656
break;
2657
case 131: /* --delay */
2658
errno = 0;
2659
delay = strtof(arg, &tmp);
2660
if(errno != 0 or tmp == arg or *tmp != '\0'){
2661
argp_error(state, "Bad delay");
2662
}
2663
case 132: /* --retry */
2664
errno = 0;
2665
retry_interval = strtod(arg, &tmp);
2666
if(errno != 0 or tmp == arg or *tmp != '\0'
2667
or (retry_interval * 1000) > INT_MAX
2668
or retry_interval < 0){
2669
argp_error(state, "Bad retry interval");
2670
}
2671
break;
2672
case 133: /* --network-hook-dir */
2673
hookdir = arg;
2674
break;
2675
/*
2676
* These reproduce what we would get without ARGP_NO_HELP
2677
*/
2678
case '?': /* --help */
2679
argp_state_help(state, state->out_stream,
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2683
case -3: /* --usage */
2684
argp_state_help(state, state->out_stream,
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2687
case 'V': /* --version */
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2689
exit(argp_err_exit_status);
2690
break;
2691
default:
2692
return ARGP_ERR_UNKNOWN;
2693
}
2694
return errno;
2695
}
2696
2697
struct argp argp = { .options = options, .parser = parse_opt,
2698
.args_doc = "",
2699
.doc = "Mandos client -- Get and decrypt"
2700
" passwords from a Mandos server" };
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2704
case 0:
2705
break;
2706
case ENOMEM:
599
2707
default:
600
case AVAHI_BROWSER_FAILURE:
601
602
fprintf(stderr, "(Browser) %s\n",
603
avahi_strerror(avahi_server_errno(server)));
604
avahi_simple_poll_quit(simple_poll);
605
return;
606
607
case AVAHI_BROWSER_NEW:
608
/* We ignore the returned resolver object. In the callback
609
function we free it. If the server is terminated before
610
the callback function is called the server will free
611
the resolver for us. */
612
613
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
614
type, domain,
615
AVAHI_PROTO_INET6, 0,
616
resolve_callback, s)))
617
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
618
avahi_strerror(avahi_server_errno(s)));
619
break;
620
621
case AVAHI_BROWSER_REMOVE:
622
break;
623
624
case AVAHI_BROWSER_ALL_FOR_NOW:
625
case AVAHI_BROWSER_CACHE_EXHAUSTED:
626
break;
627
}
628
}
629
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
632
char *tmp;
633
tmp = malloc(strlen(first) + strlen(second) + 2);
634
if (tmp == NULL){
635
perror("malloc");
636
return NULL;
637
}
638
strcpy(tmp, first);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
640
strcat(tmp, "/");
641
}
642
strcat(tmp, second);
643
return tmp;
644
}
645
646
647
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
2708
errno = ret_errno;
2709
perror_plus("argp_parse");
2710
exitcode = EX_OSERR;
2711
goto end;
2712
case EINVAL:
2713
exitcode = EX_USAGE;
2714
goto end;
2715
}
2716
}
2717
2718
{
2719
/* Work around Debian bug #633582:
2720
<https://bugs.debian.org/633582> */
2721
2722
/* Re-raise privileges */
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2726
perror_plus("Failed to raise privileges");
2727
} else {
2728
struct stat st;
2729
2730
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2731
int seckey_fd = open(seckey, O_RDONLY);
2732
if(seckey_fd == -1){
2733
perror_plus("open");
2734
} else {
2735
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2736
if(ret == -1){
2737
perror_plus("fstat");
2738
} else {
2739
if(S_ISREG(st.st_mode)
2740
and st.st_uid == 0 and st.st_gid == 0){
2741
ret = fchown(seckey_fd, uid, gid);
2742
if(ret == -1){
2743
perror_plus("fchown");
2744
}
2745
}
2746
}
2747
close(seckey_fd);
2748
}
2749
}
2750
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2753
if(pubkey_fd == -1){
2754
perror_plus("open");
2755
} else {
2756
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2757
if(ret == -1){
2758
perror_plus("fstat");
2759
} else {
2760
if(S_ISREG(st.st_mode)
2761
and st.st_uid == 0 and st.st_gid == 0){
2762
ret = fchown(pubkey_fd, uid, gid);
2763
if(ret == -1){
2764
perror_plus("fchown");
2765
}
2766
}
2767
}
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2794
/* Lower privileges */
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2798
perror_plus("Failed to lower privileges");
2799
}
2800
}
2801
}
2802
2803
/* Remove invalid interface names (except "none") */
2804
{
2805
char *interface = NULL;
2806
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2807
interface))){
2808
if(strcmp(interface, "none") != 0
2809
and if_nametoindex(interface) == 0){
2810
if(interface[0] != '\0'){
2811
fprintf_plus(stderr, "Not using nonexisting interface"
2812
" \"%s\"\n", interface);
2813
}
2814
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2815
interface = NULL;
2816
}
2817
}
2818
}
2819
2820
/* Run network hooks */
2821
{
2822
if(mc.interfaces != NULL){
2823
interfaces_hooks = malloc(mc.interfaces_size);
2824
if(interfaces_hooks == NULL){
2825
perror_plus("malloc");
2826
goto end;
2827
}
2828
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2829
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2830
}
2831
run_network_hooks("start", interfaces_hooks != NULL ?
2832
interfaces_hooks : "", delay);
2833
}
2834
2835
if(not debug){
2836
avahi_set_log_function(empty_log);
2837
}
2838
2839
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2840
from the signal handler */
2841
/* Initialize the pseudo-RNG for Avahi */
2842
srand((unsigned int) time(NULL));
2843
simple_poll = avahi_simple_poll_new();
2844
if(simple_poll == NULL){
2845
fprintf_plus(stderr,
2846
"Avahi: Failed to create simple poll object.\n");
2847
exitcode = EX_UNAVAILABLE;
2848
goto end;
2849
}
2850
2851
sigemptyset(&sigterm_action.sa_mask);
2852
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2853
if(ret == -1){
2854
perror_plus("sigaddset");
2855
exitcode = EX_OSERR;
2856
goto end;
2857
}
2858
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2859
if(ret == -1){
2860
perror_plus("sigaddset");
2861
exitcode = EX_OSERR;
2862
goto end;
2863
}
2864
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2865
if(ret == -1){
2866
perror_plus("sigaddset");
2867
exitcode = EX_OSERR;
2868
goto end;
2869
}
2870
/* Need to check if the handler is SIG_IGN before handling:
2871
| [[info:libc:Initial Signal Actions]] |
2872
| [[info:libc:Basic Signal Handling]] |
2873
*/
2874
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2875
if(ret == -1){
2876
perror_plus("sigaction");
2877
return EX_OSERR;
2878
}
2879
if(old_sigterm_action.sa_handler != SIG_IGN){
2880
ret = sigaction(SIGINT, &sigterm_action, NULL);
2881
if(ret == -1){
2882
perror_plus("sigaction");
2883
exitcode = EX_OSERR;
2884
goto end;
2885
}
2886
}
2887
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2888
if(ret == -1){
2889
perror_plus("sigaction");
2890
return EX_OSERR;
2891
}
2892
if(old_sigterm_action.sa_handler != SIG_IGN){
2893
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2894
if(ret == -1){
2895
perror_plus("sigaction");
2896
exitcode = EX_OSERR;
2897
goto end;
2898
}
2899
}
2900
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2901
if(ret == -1){
2902
perror_plus("sigaction");
2903
return EX_OSERR;
2904
}
2905
if(old_sigterm_action.sa_handler != SIG_IGN){
2906
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2907
if(ret == -1){
2908
perror_plus("sigaction");
2909
exitcode = EX_OSERR;
2910
goto end;
2911
}
2912
}
2913
2914
/* If no interfaces were specified, make a list */
2915
if(mc.interfaces == NULL){
2916
struct dirent **direntries = NULL;
2917
/* Look for any good interfaces */
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2919
alphasort);
2920
if(ret >= 1){
2921
/* Add all found interfaces to interfaces list */
2922
for(int i = 0; i < ret; ++i){
2923
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2924
direntries[i]->d_name);
2925
if(ret_errno != 0){
2926
errno = ret_errno;
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2929
continue;
2930
}
2931
if(debug){
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2933
direntries[i]->d_name);
2934
}
2935
free(direntries[i]);
2936
}
2937
free(direntries);
2938
} else {
2939
if(ret == 0){
2940
free(direntries);
2941
}
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2943
exitcode = EXIT_FAILURE;
2944
goto end;
2945
}
2946
}
2947
2948
/* Bring up interfaces which are down, and remove any "none"s */
2949
{
2950
char *interface = NULL;
2951
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2952
interface))){
2953
/* If interface name is "none", stop bringing up interfaces.
2954
Also remove all instances of "none" from the list */
2955
if(strcmp(interface, "none") == 0){
2956
argz_delete(&mc.interfaces, &mc.interfaces_size,
2957
interface);
2958
interface = NULL;
2959
while((interface = argz_next(mc.interfaces,
2960
mc.interfaces_size, interface))){
2961
if(strcmp(interface, "none") == 0){
2962
argz_delete(&mc.interfaces, &mc.interfaces_size,
2963
interface);
2964
interface = NULL;
2965
}
2966
}
2967
break;
2968
}
2969
bool interface_was_up = interface_is_up(interface);
2970
errno = bring_up_interface(interface, delay);
2971
if(not interface_was_up){
2972
if(errno != 0){
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2975
} else {
2976
errno = argz_add(&interfaces_to_take_down,
2977
&interfaces_to_take_down_size,
2978
interface);
2979
if(errno != 0){
2980
perror_plus("argz_add");
2981
}
2982
}
2983
}
2984
}
2985
if(debug and (interfaces_to_take_down == NULL)){
2986
fprintf_plus(stderr, "No interfaces were brought up\n");
2987
}
2988
}
2989
2990
/* If we only got one interface, explicitly use only that one */
2991
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2992
if(debug){
2993
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2994
mc.interfaces);
2995
}
2996
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2997
}
2998
2999
if(quit_now){
3000
goto end;
3001
}
3002
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
3010
if(ret == -1){
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
3012
exitcode = EX_UNAVAILABLE;
3013
goto end;
3014
} else {
3015
gnutls_initialized = true;
3016
}
3017
3018
if(quit_now){
3019
goto end;
3020
}
3021
3022
/* Try /run/tmp before /tmp */
3023
tempdir = mkdtemp(run_tempdir);
3024
if(tempdir == NULL and errno == ENOENT){
3025
if(debug){
3026
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3027
run_tempdir, old_tempdir);
3028
}
3029
tempdir = mkdtemp(old_tempdir);
3030
}
3031
if(tempdir == NULL){
3032
perror_plus("mkdtemp");
3033
goto end;
3034
}
3035
3036
if(quit_now){
3037
goto end;
3038
}
3039
3040
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
3041
fprintf_plus(stderr, "init_gpgme failed\n");
3042
exitcode = EX_UNAVAILABLE;
3043
goto end;
3044
} else {
3045
gpgme_initialized = true;
3046
}
3047
3048
if(quit_now){
3049
goto end;
3050
}
3051
3052
if(connect_to != NULL){
3053
/* Connect directly, do not use Zeroconf */
3054
/* (Mainly meant for debugging) */
3055
char *address = strrchr(connect_to, ':');
3056
3057
if(address == NULL){
3058
fprintf_plus(stderr, "No colon in address\n");
3059
exitcode = EX_USAGE;
3060
goto end;
3061
}
3062
3063
if(quit_now){
3064
goto end;
3065
}
3066
3067
in_port_t port;
3068
errno = 0;
3069
tmpmax = strtoimax(address+1, &tmp, 10);
3070
if(errno != 0 or tmp == address+1 or *tmp != '\0'
3071
or tmpmax != (in_port_t)tmpmax){
3072
fprintf_plus(stderr, "Bad port number\n");
3073
exitcode = EX_USAGE;
3074
goto end;
3075
}
3076
3077
if(quit_now){
3078
goto end;
3079
}
3080
3081
port = (in_port_t)tmpmax;
3082
*address = '\0';
3083
/* Colon in address indicates IPv6 */
3084
int af;
3085
if(strchr(connect_to, ':') != NULL){
3086
af = AF_INET6;
3087
/* Accept [] around IPv6 address - see RFC 5952 */
3088
if(connect_to[0] == '[' and address[-1] == ']')
3089
{
3090
connect_to++;
3091
address[-1] = '\0';
3092
}
3093
} else {
3094
af = AF_INET;
3095
}
3096
address = connect_to;
3097
3098
if(quit_now){
3099
goto end;
3100
}
3101
3102
while(not quit_now){
3103
ret = start_mandos_communication(address, port, if_index, af,
3104
&mc);
3105
if(quit_now or ret == 0){
3106
break;
3107
}
3108
if(debug){
3109
fprintf_plus(stderr, "Retrying in %d seconds\n",
3110
(int)retry_interval);
3111
}
3112
sleep((unsigned int)retry_interval);
3113
}
3114
3115
if(not quit_now){
3116
exitcode = EXIT_SUCCESS;
3117
}
3118
3119
goto end;
3120
}
3121
3122
if(quit_now){
3123
goto end;
3124
}
3125
3126
{
648
3127
AvahiServerConfig config;
649
AvahiSServiceBrowser *sb = NULL;
650
int error;
651
int ret;
652
int returncode = EXIT_SUCCESS;
653
const char *interface = NULL;
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
655
char *connect_to = NULL;
656
657
while (true){
658
static struct option long_options[] = {
659
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
661
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
665
{0, 0, 0, 0} };
666
667
int option_index = 0;
668
ret = getopt_long (argc, argv, "i:", long_options,
669
&option_index);
670
671
if (ret == -1){
672
break;
673
}
674
675
switch(ret){
676
case 0:
677
break;
678
case 'i':
679
interface = optarg;
680
break;
681
case 'C':
682
connect_to = optarg;
683
break;
684
case 'd':
685
certdir = optarg;
686
break;
687
case 'c':
688
certfile = optarg;
689
break;
690
case 'k':
691
certkey = optarg;
692
break;
693
default:
694
exit(EXIT_FAILURE);
695
}
696
}
697
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
700
goto exit;
701
}
702
703
if(interface != NULL){
704
if_index = (AvahiIfIndex) if_nametoindex(interface);
705
if(if_index == 0){
706
fprintf(stderr, "No such interface: \"%s\"\n", interface);
707
exit(EXIT_FAILURE);
708
}
709
}
710
711
if(connect_to != NULL){
712
/* Connect directly, do not use Zeroconf */
713
/* (Mainly meant for debugging) */
714
char *address = strrchr(connect_to, ':');
715
if(address == NULL){
716
fprintf(stderr, "No colon in address\n");
717
exit(EXIT_FAILURE);
718
}
719
errno = 0;
720
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
721
if(errno){
722
perror("Bad port number");
723
exit(EXIT_FAILURE);
724
}
725
*address = '\0';
726
address = connect_to;
727
ret = start_mandos_communication(address, port, if_index);
728
if(ret < 0){
729
exit(EXIT_FAILURE);
730
} else {
731
exit(EXIT_SUCCESS);
732
}
733
}
734
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
737
goto exit;
738
}
739
740
if (not debug){
741
avahi_set_log_function(empty_log);
742
}
743
744
/* Initialize the psuedo-RNG */
745
srand((unsigned int) time(NULL));
746
747
/* Allocate main loop object */
748
if (!(simple_poll = avahi_simple_poll_new())) {
749
fprintf(stderr, "Failed to create simple poll object.\n");
750
751
goto exit;
752
}
753
754
/* Do not publish any local records */
3128
/* Do not publish any local Zeroconf records */
755
3129
avahi_server_config_init(&config);
756
3130
config.publish_hinfo = 0;
757
3131
config.publish_addresses = 0;
758
3132
config.publish_workstation = 0;
759
3133
config.publish_domain = 0;
760
3134
761
3135
/* Allocate a new server */
762
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
763
&config, NULL, NULL, &error);
764
765
/* Free the configuration data */
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3137
&config, NULL, NULL, &ret);
3138
3139
/* Free the Avahi configuration data */
766
3140
avahi_server_config_free(&config);
767
768
/* Check if creating the server object succeeded */
769
if (!server) {
770
fprintf(stderr, "Failed to create server: %s\n",
771
avahi_strerror(error));
772
returncode = EXIT_FAILURE;
773
goto exit;
774
}
775
776
/* Create the service browser */
777
sb = avahi_s_service_browser_new(server, if_index,
778
AVAHI_PROTO_INET6,
779
"_mandos._tcp", NULL, 0,
780
browse_callback, server);
781
if (!sb) {
782
fprintf(stderr, "Failed to create service browser: %s\n",
783
avahi_strerror(avahi_server_errno(server)));
784
returncode = EXIT_FAILURE;
785
goto exit;
786
}
787
788
/* Run the main loop */
789
790
if (debug){
791
fprintf(stderr, "Starting avahi loop search\n");
792
}
793
794
avahi_simple_poll_loop(simple_poll);
795
796
exit:
797
798
if (debug){
799
fprintf(stderr, "%s exiting\n", argv[0]);
800
}
801
802
/* Cleanup things */
803
if (sb)
804
avahi_s_service_browser_free(sb);
805
806
if (server)
807
avahi_server_free(server);
808
809
if (simple_poll)
810
avahi_simple_poll_free(simple_poll);
811
free(certfile);
812
free(certkey);
813
814
return returncode;
3141
}
3142
3143
/* Check if creating the Avahi server object succeeded */
3144
if(mc.server == NULL){
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3146
avahi_strerror(ret));
3147
exitcode = EX_UNAVAILABLE;
3148
goto end;
3149
}
3150
3151
if(quit_now){
3152
goto end;
3153
}
3154
3155
/* Create the Avahi service browser */
3156
sb = avahi_s_service_browser_new(mc.server, if_index,
3157
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
3158
NULL, 0, browse_callback,
3159
(void *)&mc);
3160
if(sb == NULL){
3161
fprintf_plus(stderr, "Failed to create service browser: %s\n",
3162
avahi_strerror(avahi_server_errno(mc.server)));
3163
exitcode = EX_UNAVAILABLE;
3164
goto end;
3165
}
3166
3167
if(quit_now){
3168
goto end;
3169
}
3170
3171
/* Run the main loop */
3172
3173
if(debug){
3174
fprintf_plus(stderr, "Starting Avahi loop search\n");
3175
}
3176
3177
ret = avahi_loop_with_timeout(simple_poll,
3178
(int)(retry_interval * 1000), &mc);
3179
if(debug){
3180
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
3181
(ret == 0) ? "successfully" : "with error");
3182
}
3183
3184
end:
3185
3186
if(debug){
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
3194
}
3195
3196
/* Cleanup things */
3197
free(mc.interfaces);
3198
3199
if(sb != NULL)
3200
avahi_s_service_browser_free(sb);
3201
3202
if(mc.server != NULL)
3203
avahi_server_free(mc.server);
3204
3205
if(simple_poll != NULL)
3206
avahi_simple_poll_free(simple_poll);
3207
3208
if(gnutls_initialized){
3209
gnutls_certificate_free_credentials(mc.cred);
3210
gnutls_dh_params_deinit(mc.dh_params);
3211
}
3212
3213
if(gpgme_initialized){
3214
gpgme_release(mc.ctx);
3215
}
3216
3217
/* Cleans up the circular linked list of Mandos servers the client
3218
has seen */
3219
if(mc.current_server != NULL){
3220
mc.current_server->prev->next = NULL;
3221
while(mc.current_server != NULL){
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
3231
free(mc.current_server);
3232
mc.current_server = next;
3233
}
3234
}
3235
3236
/* Re-raise privileges */
3237
{
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
3241
perror_plus("Failed to raise privileges");
3242
} else {
3243
3244
/* Run network hooks */
3245
run_network_hooks("stop", interfaces_hooks != NULL ?
3246
interfaces_hooks : "", delay);
3247
3248
/* Take down the network interfaces which were brought up */
3249
{
3250
char *interface = NULL;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
3257
perror_plus("Failed to take down interface");
3258
}
3259
}
3260
if(debug and (interfaces_to_take_down == NULL)){
3261
fprintf_plus(stderr, "No interfaces needed to be taken"
3262
" down\n");
3263
}
3264
}
3265
}
3266
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
3270
perror_plus("Failed to lower privileges permanently");
3271
}
3272
}
3273
3274
free(interfaces_to_take_down);
3275
free(interfaces_hooks);
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
3331
/* Removes the GPGME temp directory and all files inside */
3332
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
3334
}
3335
3336
if(quit_now){
3337
sigemptyset(&old_sigterm_action.sa_mask);
3338
old_sigterm_action.sa_handler = SIG_DFL;
3339
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3340
&old_sigterm_action,
3341
NULL));
3342
if(ret == -1){
3343
perror_plus("sigaction");
3344
}
3345
do {
3346
ret = raise(signal_received);
3347
} while(ret != 0 and errno == EINTR);
3348
if(ret != 0){
3349
perror_plus("raise");
3350
abort();
3351
}
3352
TEMP_FAILURE_RETRY(pause());
3353
}
3354
3355
return exitcode;
815
3356
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0