To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.4.88
- compare with another revision
- download diff
- download tarball
- view history from revision 237.4.88
- Committer: Teddy Hogeborn
- Date: 2017-01-25 19:38:31 UTC
- mto: This revision was merged to the branch mainline in revision 892.
- Revision ID: teddy@recompile.se-20170125193831-rz39tr8c5yg8yy7f
Tags: version-1.7.14-1
* Makefile (version): Change to 1.7.14.
* NEWS (Version 1.7.14): Add new entry.
* debian/changelog (1.7.14-1): - '' -
* NEWS (Version 1.7.14): Add new entry.
* debian/changelog (1.7.14-1): - '' -
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- plugins.d
- files removed:
- ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2008-2016 Teddy Hogeborn
13
* Copyright © 2008-2016 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
* General Public License for more details.
24
*
25
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
*
29
* Contact the authors at <mandos@recompile.se>.
30
*/
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
34
#define _LARGEFILE_SOURCE
35
#endif /* not _LARGEFILE_SOURCE */
36
#ifndef _FILE_OFFSET_BITS
37
#define _FILE_OFFSET_BITS 64
38
#endif /* not _FILE_OFFSET_BITS */
39
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy(), strsignal()
51
*/
52
#include <sys/ioctl.h> /* ioctl */
53
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
54
sockaddr_in6, PF_INET6,
55
SOCK_STREAM, uid_t, gid_t, open(),
56
opendir(), DIR */
57
#include <sys/stat.h> /* open(), S_ISREG */
58
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
59
inet_pton(), connect(),
60
getnameinfo() */
61
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
62
#include <dirent.h> /* opendir(), struct dirent, readdir()
63
*/
64
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
65
strtoimax() */
66
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
67
EAI_SYSTEM, ENETUNREACH,
68
EHOSTUNREACH, ECONNREFUSED, EPROTO,
69
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
70
ENOTEMPTY,
71
program_invocation_short_name */
72
#include <time.h> /* nanosleep(), time(), sleep() */
73
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
74
SIOCSIFFLAGS, if_indextoname(),
75
if_nametoindex(), IF_NAMESIZE */
76
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
77
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
78
*/
79
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
80
getuid(), getgid(), seteuid(),
81
setgid(), pause(), _exit(),
82
unlinkat() */
83
#include <arpa/inet.h> /* inet_pton(), htons() */
84
#include <iso646.h> /* not, or, and */
85
#include <argp.h> /* struct argp_option, error_t, struct
86
argp_state, struct argp,
87
argp_parse(), ARGP_KEY_ARG,
88
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
89
#include <signal.h> /* sigemptyset(), sigaddset(),
90
sigaction(), SIGTERM, sig_atomic_t,
91
raise() */
92
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
93
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
94
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
95
WEXITSTATUS(), WTERMSIG() */
96
#include <grp.h> /* setgroups() */
97
#include <argz.h> /* argz_add_sep(), argz_next(),
98
argz_delete(), argz_append(),
99
argz_stringify(), argz_add(),
100
argz_count() */
101
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
102
EAI_SYSTEM, gai_strerror() */
103
104
#ifdef __linux__
105
#include <sys/klog.h> /* klogctl() */
106
#endif /* __linux__ */
107
108
/* Avahi */
109
/* All Avahi types, constants and functions
110
Avahi*, avahi_*,
111
AVAHI_* */
112
#include <avahi-core/core.h>
113
#include <avahi-core/lookup.h>
114
#include <avahi-core/log.h>
115
#include <avahi-common/simple-watch.h>
116
#include <avahi-common/malloc.h>
117
#include <avahi-common/error.h>
118
119
/* GnuTLS */
120
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
121
functions:
122
gnutls_*
123
init_gnutls_session(),
124
GNUTLS_* */
125
#include <gnutls/openpgp.h>
126
/* gnutls_certificate_set_openpgp_key_file(),
127
GNUTLS_OPENPGP_FMT_BASE64 */
128
129
/* GPGME */
130
#include <gpgme.h> /* All GPGME types, constants and
131
functions:
132
gpgme_*
133
GPGME_PROTOCOL_OpenPGP,
134
GPG_ERR_NO_* */
135
136
#define BUFFER_SIZE 256
137
138
#define PATHDIR "/conf/conf.d/mandos"
139
#define SECKEY "seckey.txt"
140
#define PUBKEY "pubkey.txt"
141
#define HOOKDIR "/lib/mandos/network-hooks.d"
142
143
bool debug = false;
144
static const char mandos_protocol_version[] = "1";
145
const char *argp_program_version = "mandos-client " VERSION;
146
const char *argp_program_bug_address = "<mandos@recompile.se>";
147
static const char sys_class_net[] = "/sys/class/net";
148
char *connect_to = NULL;
149
const char *hookdir = HOOKDIR;
150
int hookdir_fd = -1;
151
uid_t uid = 65534;
152
gid_t gid = 65534;
153
154
/* Doubly linked list that need to be circularly linked when used */
155
typedef struct server{
156
const char *ip;
157
in_port_t port;
158
AvahiIfIndex if_index;
159
int af;
160
struct timespec last_seen;
161
struct server *next;
162
struct server *prev;
163
} server;
164
165
/* Used for passing in values through the Avahi callback functions */
166
typedef struct {
167
AvahiServer *server;
168
gnutls_certificate_credentials_t cred;
169
unsigned int dh_bits;
170
gnutls_dh_params_t dh_params;
171
const char *priority;
172
gpgme_ctx_t ctx;
173
server *current_server;
174
char *interfaces;
175
size_t interfaces_size;
176
} mandos_context;
177
178
/* global so signal handler can reach it*/
179
AvahiSimplePoll *simple_poll;
180
181
sig_atomic_t quit_now = 0;
182
int signal_received = 0;
183
184
/* Function to use when printing errors */
185
void perror_plus(const char *print_text){
186
int e = errno;
187
fprintf(stderr, "Mandos plugin %s: ",
188
program_invocation_short_name);
189
errno = e;
190
perror(print_text);
191
}
192
193
__attribute__((format (gnu_printf, 2, 3), nonnull))
194
int fprintf_plus(FILE *stream, const char *format, ...){
195
va_list ap;
196
va_start (ap, format);
197
198
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
199
program_invocation_short_name));
200
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
201
}
202
203
/*
204
* Make additional room in "buffer" for at least BUFFER_SIZE more
205
* bytes. "buffer_capacity" is how much is currently allocated,
206
* "buffer_length" is how much is already used.
207
*/
208
__attribute__((nonnull, warn_unused_result))
209
size_t incbuffer(char **buffer, size_t buffer_length,
210
size_t buffer_capacity){
211
if(buffer_length + BUFFER_SIZE > buffer_capacity){
212
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
213
if(new_buf == NULL){
214
int old_errno = errno;
215
free(*buffer);
216
errno = old_errno;
217
*buffer = NULL;
218
return 0;
219
}
220
*buffer = new_buf;
221
buffer_capacity += BUFFER_SIZE;
222
}
223
return buffer_capacity;
224
}
225
226
/* Add server to set of servers to retry periodically */
227
__attribute__((nonnull, warn_unused_result))
228
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
229
int af, server **current_server){
230
int ret;
231
server *new_server = malloc(sizeof(server));
232
if(new_server == NULL){
233
perror_plus("malloc");
234
return false;
235
}
236
*new_server = (server){ .ip = strdup(ip),
237
.port = port,
238
.if_index = if_index,
239
.af = af };
240
if(new_server->ip == NULL){
241
perror_plus("strdup");
242
free(new_server);
243
return false;
244
}
245
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
246
if(ret == -1){
247
perror_plus("clock_gettime");
248
#ifdef __GNUC__
249
#pragma GCC diagnostic push
250
#pragma GCC diagnostic ignored "-Wcast-qual"
251
#endif
252
free((char *)(new_server->ip));
253
#ifdef __GNUC__
254
#pragma GCC diagnostic pop
255
#endif
256
free(new_server);
257
return false;
258
}
259
/* Special case of first server */
260
if(*current_server == NULL){
261
new_server->next = new_server;
262
new_server->prev = new_server;
263
*current_server = new_server;
264
} else {
265
/* Place the new server last in the list */
266
new_server->next = *current_server;
267
new_server->prev = (*current_server)->prev;
268
new_server->prev->next = new_server;
269
(*current_server)->prev = new_server;
270
}
271
return true;
272
}
273
274
/*
275
* Initialize GPGME.
276
*/
277
__attribute__((nonnull, warn_unused_result))
278
static bool init_gpgme(const char * const seckey,
279
const char * const pubkey,
280
const char * const tempdir,
281
mandos_context *mc){
282
gpgme_error_t rc;
283
gpgme_engine_info_t engine_info;
284
285
/*
286
* Helper function to insert pub and seckey to the engine keyring.
287
*/
288
bool import_key(const char * const filename){
289
int ret;
290
int fd;
291
gpgme_data_t pgp_data;
292
293
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
294
if(fd == -1){
295
perror_plus("open");
296
return false;
297
}
298
299
rc = gpgme_data_new_from_fd(&pgp_data, fd);
300
if(rc != GPG_ERR_NO_ERROR){
301
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
302
gpgme_strsource(rc), gpgme_strerror(rc));
303
return false;
304
}
305
306
rc = gpgme_op_import(mc->ctx, pgp_data);
307
if(rc != GPG_ERR_NO_ERROR){
308
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
309
gpgme_strsource(rc), gpgme_strerror(rc));
310
return false;
311
}
312
313
ret = close(fd);
314
if(ret == -1){
315
perror_plus("close");
316
}
317
gpgme_data_release(pgp_data);
318
return true;
319
}
320
321
if(debug){
322
fprintf_plus(stderr, "Initializing GPGME\n");
323
}
324
325
/* Init GPGME */
326
gpgme_check_version(NULL);
327
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
328
if(rc != GPG_ERR_NO_ERROR){
329
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
330
gpgme_strsource(rc), gpgme_strerror(rc));
331
return false;
332
}
333
334
/* Set GPGME home directory for the OpenPGP engine only */
335
rc = gpgme_get_engine_info(&engine_info);
336
if(rc != GPG_ERR_NO_ERROR){
337
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
338
gpgme_strsource(rc), gpgme_strerror(rc));
339
return false;
340
}
341
while(engine_info != NULL){
342
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
343
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
344
engine_info->file_name, tempdir);
345
break;
346
}
347
engine_info = engine_info->next;
348
}
349
if(engine_info == NULL){
350
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
351
tempdir);
352
return false;
353
}
354
355
/* Create new GPGME "context" */
356
rc = gpgme_new(&(mc->ctx));
357
if(rc != GPG_ERR_NO_ERROR){
358
fprintf_plus(stderr, "Mandos plugin mandos-client: "
359
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
360
gpgme_strerror(rc));
361
return false;
362
}
363
364
if(not import_key(pubkey) or not import_key(seckey)){
365
return false;
366
}
367
368
return true;
369
}
370
371
/*
372
* Decrypt OpenPGP data.
373
* Returns -1 on error
374
*/
375
__attribute__((nonnull, warn_unused_result))
376
static ssize_t pgp_packet_decrypt(const char *cryptotext,
377
size_t crypto_size,
378
char **plaintext,
379
mandos_context *mc){
380
gpgme_data_t dh_crypto, dh_plain;
381
gpgme_error_t rc;
382
ssize_t ret;
383
size_t plaintext_capacity = 0;
384
ssize_t plaintext_length = 0;
385
386
if(debug){
387
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
388
}
389
390
/* Create new GPGME data buffer from memory cryptotext */
391
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
392
0);
393
if(rc != GPG_ERR_NO_ERROR){
394
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
395
gpgme_strsource(rc), gpgme_strerror(rc));
396
return -1;
397
}
398
399
/* Create new empty GPGME data buffer for the plaintext */
400
rc = gpgme_data_new(&dh_plain);
401
if(rc != GPG_ERR_NO_ERROR){
402
fprintf_plus(stderr, "Mandos plugin mandos-client: "
403
"bad gpgme_data_new: %s: %s\n",
404
gpgme_strsource(rc), gpgme_strerror(rc));
405
gpgme_data_release(dh_crypto);
406
return -1;
407
}
408
409
/* Decrypt data from the cryptotext data buffer to the plaintext
410
data buffer */
411
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
412
if(rc != GPG_ERR_NO_ERROR){
413
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
414
gpgme_strsource(rc), gpgme_strerror(rc));
415
plaintext_length = -1;
416
if(debug){
417
gpgme_decrypt_result_t result;
418
result = gpgme_op_decrypt_result(mc->ctx);
419
if(result == NULL){
420
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
421
} else {
422
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
423
result->unsupported_algorithm);
424
fprintf_plus(stderr, "Wrong key usage: %u\n",
425
result->wrong_key_usage);
426
if(result->file_name != NULL){
427
fprintf_plus(stderr, "File name: %s\n", result->file_name);
428
}
429
gpgme_recipient_t recipient;
430
recipient = result->recipients;
431
while(recipient != NULL){
432
fprintf_plus(stderr, "Public key algorithm: %s\n",
433
gpgme_pubkey_algo_name
434
(recipient->pubkey_algo));
435
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
436
fprintf_plus(stderr, "Secret key available: %s\n",
437
recipient->status == GPG_ERR_NO_SECKEY
438
? "No" : "Yes");
439
recipient = recipient->next;
440
}
441
}
442
}
443
goto decrypt_end;
444
}
445
446
if(debug){
447
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
448
}
449
450
/* Seek back to the beginning of the GPGME plaintext data buffer */
451
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
452
perror_plus("gpgme_data_seek");
453
plaintext_length = -1;
454
goto decrypt_end;
455
}
456
457
*plaintext = NULL;
458
while(true){
459
plaintext_capacity = incbuffer(plaintext,
460
(size_t)plaintext_length,
461
plaintext_capacity);
462
if(plaintext_capacity == 0){
463
perror_plus("incbuffer");
464
plaintext_length = -1;
465
goto decrypt_end;
466
}
467
468
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
469
BUFFER_SIZE);
470
/* Print the data, if any */
471
if(ret == 0){
472
/* EOF */
473
break;
474
}
475
if(ret < 0){
476
perror_plus("gpgme_data_read");
477
plaintext_length = -1;
478
goto decrypt_end;
479
}
480
plaintext_length += ret;
481
}
482
483
if(debug){
484
fprintf_plus(stderr, "Decrypted password is: ");
485
for(ssize_t i = 0; i < plaintext_length; i++){
486
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
487
}
488
fprintf(stderr, "\n");
489
}
490
491
decrypt_end:
492
493
/* Delete the GPGME cryptotext data buffer */
494
gpgme_data_release(dh_crypto);
495
496
/* Delete the GPGME plaintext data buffer */
497
gpgme_data_release(dh_plain);
498
return plaintext_length;
499
}
500
501
__attribute__((warn_unused_result, const))
502
static const char *safe_string(const char *str){
503
if(str == NULL)
504
return "(unknown)";
505
return str;
506
}
507
508
__attribute__((warn_unused_result))
509
static const char *safer_gnutls_strerror(int value){
510
const char *ret = gnutls_strerror(value);
511
return safe_string(ret);
512
}
513
514
/* GnuTLS log function callback */
515
__attribute__((nonnull))
516
static void debuggnutls(__attribute__((unused)) int level,
517
const char* string){
518
fprintf_plus(stderr, "GnuTLS: %s", string);
519
}
520
521
__attribute__((nonnull(1, 2, 4), warn_unused_result))
522
static int init_gnutls_global(const char *pubkeyfilename,
523
const char *seckeyfilename,
524
const char *dhparamsfilename,
525
mandos_context *mc){
526
int ret;
527
unsigned int uret;
528
529
if(debug){
530
fprintf_plus(stderr, "Initializing GnuTLS\n");
531
}
532
533
if(debug){
534
/* "Use a log level over 10 to enable all debugging options."
535
* - GnuTLS manual
536
*/
537
gnutls_global_set_log_level(11);
538
gnutls_global_set_log_function(debuggnutls);
539
}
540
541
/* OpenPGP credentials */
542
ret = gnutls_certificate_allocate_credentials(&mc->cred);
543
if(ret != GNUTLS_E_SUCCESS){
544
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
545
safer_gnutls_strerror(ret));
546
return -1;
547
}
548
549
if(debug){
550
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
551
" secret key %s as GnuTLS credentials\n",
552
pubkeyfilename,
553
seckeyfilename);
554
}
555
556
ret = gnutls_certificate_set_openpgp_key_file
557
(mc->cred, pubkeyfilename, seckeyfilename,
558
GNUTLS_OPENPGP_FMT_BASE64);
559
if(ret != GNUTLS_E_SUCCESS){
560
fprintf_plus(stderr,
561
"Error[%d] while reading the OpenPGP key pair ('%s',"
562
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
563
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
564
safer_gnutls_strerror(ret));
565
goto globalfail;
566
}
567
568
/* GnuTLS server initialization */
569
ret = gnutls_dh_params_init(&mc->dh_params);
570
if(ret != GNUTLS_E_SUCCESS){
571
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
572
" initialization: %s\n",
573
safer_gnutls_strerror(ret));
574
goto globalfail;
575
}
576
/* If a Diffie-Hellman parameters file was given, try to use it */
577
if(dhparamsfilename != NULL){
578
gnutls_datum_t params = { .data = NULL, .size = 0 };
579
do {
580
int dhpfile = open(dhparamsfilename, O_RDONLY);
581
if(dhpfile == -1){
582
perror_plus("open");
583
dhparamsfilename = NULL;
584
break;
585
}
586
size_t params_capacity = 0;
587
while(true){
588
params_capacity = incbuffer((char **)¶ms.data,
589
(size_t)params.size,
590
(size_t)params_capacity);
591
if(params_capacity == 0){
592
perror_plus("incbuffer");
593
free(params.data);
594
params.data = NULL;
595
dhparamsfilename = NULL;
596
break;
597
}
598
ssize_t bytes_read = read(dhpfile,
599
params.data + params.size,
600
BUFFER_SIZE);
601
/* EOF */
602
if(bytes_read == 0){
603
break;
604
}
605
/* check bytes_read for failure */
606
if(bytes_read < 0){
607
perror_plus("read");
608
free(params.data);
609
params.data = NULL;
610
dhparamsfilename = NULL;
611
break;
612
}
613
params.size += (unsigned int)bytes_read;
614
}
615
if(params.data == NULL){
616
dhparamsfilename = NULL;
617
}
618
if(dhparamsfilename == NULL){
619
break;
620
}
621
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
622
GNUTLS_X509_FMT_PEM);
623
if(ret != GNUTLS_E_SUCCESS){
624
fprintf_plus(stderr, "Failed to parse DH parameters in file"
625
" \"%s\": %s\n", dhparamsfilename,
626
safer_gnutls_strerror(ret));
627
dhparamsfilename = NULL;
628
}
629
free(params.data);
630
} while(false);
631
}
632
if(dhparamsfilename == NULL){
633
if(mc->dh_bits == 0){
634
/* Find out the optimal number of DH bits */
635
/* Try to read the private key file */
636
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
637
do {
638
int secfile = open(seckeyfilename, O_RDONLY);
639
if(secfile == -1){
640
perror_plus("open");
641
break;
642
}
643
size_t buffer_capacity = 0;
644
while(true){
645
buffer_capacity = incbuffer((char **)&buffer.data,
646
(size_t)buffer.size,
647
(size_t)buffer_capacity);
648
if(buffer_capacity == 0){
649
perror_plus("incbuffer");
650
free(buffer.data);
651
buffer.data = NULL;
652
break;
653
}
654
ssize_t bytes_read = read(secfile,
655
buffer.data + buffer.size,
656
BUFFER_SIZE);
657
/* EOF */
658
if(bytes_read == 0){
659
break;
660
}
661
/* check bytes_read for failure */
662
if(bytes_read < 0){
663
perror_plus("read");
664
free(buffer.data);
665
buffer.data = NULL;
666
break;
667
}
668
buffer.size += (unsigned int)bytes_read;
669
}
670
close(secfile);
671
} while(false);
672
/* If successful, use buffer to parse private key */
673
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
674
if(buffer.data != NULL){
675
{
676
gnutls_openpgp_privkey_t privkey = NULL;
677
ret = gnutls_openpgp_privkey_init(&privkey);
678
if(ret != GNUTLS_E_SUCCESS){
679
fprintf_plus(stderr, "Error initializing OpenPGP key"
680
" structure: %s",
681
safer_gnutls_strerror(ret));
682
free(buffer.data);
683
buffer.data = NULL;
684
} else {
685
ret = gnutls_openpgp_privkey_import
686
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
687
if(ret != GNUTLS_E_SUCCESS){
688
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
689
safer_gnutls_strerror(ret));
690
privkey = NULL;
691
}
692
free(buffer.data);
693
buffer.data = NULL;
694
if(privkey != NULL){
695
/* Use private key to suggest an appropriate
696
sec_param */
697
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
698
gnutls_openpgp_privkey_deinit(privkey);
699
if(debug){
700
fprintf_plus(stderr, "This OpenPGP key implies using"
701
" a GnuTLS security parameter \"%s\".\n",
702
safe_string(gnutls_sec_param_get_name
703
(sec_param)));
704
}
705
}
706
}
707
}
708
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
709
/* Err on the side of caution */
710
sec_param = GNUTLS_SEC_PARAM_ULTRA;
711
if(debug){
712
fprintf_plus(stderr, "Falling back to security parameter"
713
" \"%s\"\n",
714
safe_string(gnutls_sec_param_get_name
715
(sec_param)));
716
}
717
}
718
}
719
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
720
if(uret != 0){
721
mc->dh_bits = uret;
722
if(debug){
723
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
724
" implies %u DH bits; using that.\n",
725
safe_string(gnutls_sec_param_get_name
726
(sec_param)),
727
mc->dh_bits);
728
}
729
} else {
730
fprintf_plus(stderr, "Failed to get implied number of DH"
731
" bits for security parameter \"%s\"): %s\n",
732
safe_string(gnutls_sec_param_get_name
733
(sec_param)),
734
safer_gnutls_strerror(ret));
735
goto globalfail;
736
}
737
} else if(debug){
738
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
739
mc->dh_bits);
740
}
741
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
742
if(ret != GNUTLS_E_SUCCESS){
743
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
744
" bits): %s\n", mc->dh_bits,
745
safer_gnutls_strerror(ret));
746
goto globalfail;
747
}
748
}
749
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
750
751
return 0;
752
753
globalfail:
754
755
gnutls_certificate_free_credentials(mc->cred);
756
gnutls_dh_params_deinit(mc->dh_params);
757
return -1;
758
}
759
760
__attribute__((nonnull, warn_unused_result))
761
static int init_gnutls_session(gnutls_session_t *session,
762
mandos_context *mc){
763
int ret;
764
/* GnuTLS session creation */
765
do {
766
ret = gnutls_init(session, GNUTLS_SERVER);
767
if(quit_now){
768
return -1;
769
}
770
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
771
if(ret != GNUTLS_E_SUCCESS){
772
fprintf_plus(stderr,
773
"Error in GnuTLS session initialization: %s\n",
774
safer_gnutls_strerror(ret));
775
}
776
777
{
778
const char *err;
779
do {
780
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
781
if(quit_now){
782
gnutls_deinit(*session);
783
return -1;
784
}
785
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
786
if(ret != GNUTLS_E_SUCCESS){
787
fprintf_plus(stderr, "Syntax error at: %s\n", err);
788
fprintf_plus(stderr, "GnuTLS error: %s\n",
789
safer_gnutls_strerror(ret));
790
gnutls_deinit(*session);
791
return -1;
792
}
793
}
794
795
do {
796
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
797
mc->cred);
798
if(quit_now){
799
gnutls_deinit(*session);
800
return -1;
801
}
802
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
803
if(ret != GNUTLS_E_SUCCESS){
804
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
805
safer_gnutls_strerror(ret));
806
gnutls_deinit(*session);
807
return -1;
808
}
809
810
/* ignore client certificate if any. */
811
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
812
813
return 0;
814
}
815
816
/* Avahi log function callback */
817
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
818
__attribute__((unused)) const char *txt){}
819
820
/* Set effective uid to 0, return errno */
821
__attribute__((warn_unused_result))
822
int raise_privileges(void){
823
int old_errno = errno;
824
int ret = 0;
825
if(seteuid(0) == -1){
826
ret = errno;
827
}
828
errno = old_errno;
829
return ret;
830
}
831
832
/* Set effective and real user ID to 0. Return errno. */
833
__attribute__((warn_unused_result))
834
int raise_privileges_permanently(void){
835
int old_errno = errno;
836
int ret = raise_privileges();
837
if(ret != 0){
838
errno = old_errno;
839
return ret;
840
}
841
if(setuid(0) == -1){
842
ret = errno;
843
}
844
errno = old_errno;
845
return ret;
846
}
847
848
/* Set effective user ID to unprivileged saved user ID */
849
__attribute__((warn_unused_result))
850
int lower_privileges(void){
851
int old_errno = errno;
852
int ret = 0;
853
if(seteuid(uid) == -1){
854
ret = errno;
855
}
856
errno = old_errno;
857
return ret;
858
}
859
860
/* Lower privileges permanently */
861
__attribute__((warn_unused_result))
862
int lower_privileges_permanently(void){
863
int old_errno = errno;
864
int ret = 0;
865
if(setuid(uid) == -1){
866
ret = errno;
867
}
868
errno = old_errno;
869
return ret;
870
}
871
872
/* Helper function to add_local_route() and delete_local_route() */
873
__attribute__((nonnull, warn_unused_result))
874
static bool add_delete_local_route(const bool add,
875
const char *address,
876
AvahiIfIndex if_index){
877
int ret;
878
char helper[] = "mandos-client-iprouteadddel";
879
char add_arg[] = "add";
880
char delete_arg[] = "delete";
881
char debug_flag[] = "--debug";
882
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
883
if(pluginhelperdir == NULL){
884
if(debug){
885
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
886
" variable not set; cannot run helper\n");
887
}
888
return false;
889
}
890
891
char interface[IF_NAMESIZE];
892
if(if_indextoname((unsigned int)if_index, interface) == NULL){
893
perror_plus("if_indextoname");
894
return false;
895
}
896
897
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
898
if(devnull == -1){
899
perror_plus("open(\"/dev/null\", O_RDONLY)");
900
return false;
901
}
902
pid_t pid = fork();
903
if(pid == 0){
904
/* Child */
905
/* Raise privileges */
906
errno = raise_privileges_permanently();
907
if(errno != 0){
908
perror_plus("Failed to raise privileges");
909
/* _exit(EX_NOPERM); */
910
} else {
911
/* Set group */
912
errno = 0;
913
ret = setgid(0);
914
if(ret == -1){
915
perror_plus("setgid");
916
_exit(EX_NOPERM);
917
}
918
/* Reset supplementary groups */
919
errno = 0;
920
ret = setgroups(0, NULL);
921
if(ret == -1){
922
perror_plus("setgroups");
923
_exit(EX_NOPERM);
924
}
925
}
926
ret = dup2(devnull, STDIN_FILENO);
927
if(ret == -1){
928
perror_plus("dup2(devnull, STDIN_FILENO)");
929
_exit(EX_OSERR);
930
}
931
ret = close(devnull);
932
if(ret == -1){
933
perror_plus("close");
934
_exit(EX_OSERR);
935
}
936
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
937
if(ret == -1){
938
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
939
_exit(EX_OSERR);
940
}
941
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
942
O_RDONLY
943
| O_DIRECTORY
944
| O_PATH
945
| O_CLOEXEC));
946
if(helperdir_fd == -1){
947
perror_plus("open");
948
_exit(EX_UNAVAILABLE);
949
}
950
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
951
helper, O_RDONLY));
952
if(helper_fd == -1){
953
perror_plus("openat");
954
close(helperdir_fd);
955
_exit(EX_UNAVAILABLE);
956
}
957
close(helperdir_fd);
958
#ifdef __GNUC__
959
#pragma GCC diagnostic push
960
#pragma GCC diagnostic ignored "-Wcast-qual"
961
#endif
962
if(fexecve(helper_fd, (char *const [])
963
{ helper, add ? add_arg : delete_arg, (char *)address,
964
interface, debug ? debug_flag : NULL, NULL },
965
environ) == -1){
966
#ifdef __GNUC__
967
#pragma GCC diagnostic pop
968
#endif
969
perror_plus("fexecve");
970
_exit(EXIT_FAILURE);
971
}
972
}
973
if(pid == -1){
974
perror_plus("fork");
975
return false;
976
}
977
int status;
978
pid_t pret = -1;
979
errno = 0;
980
do {
981
pret = waitpid(pid, &status, 0);
982
if(pret == -1 and errno == EINTR and quit_now){
983
int errno_raising = 0;
984
if((errno = raise_privileges()) != 0){
985
errno_raising = errno;
986
perror_plus("Failed to raise privileges in order to"
987
" kill helper program");
988
}
989
if(kill(pid, SIGTERM) == -1){
990
perror_plus("kill");
991
}
992
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
993
perror_plus("Failed to lower privileges after killing"
994
" helper program");
995
}
996
return false;
997
}
998
} while(pret == -1 and errno == EINTR);
999
if(pret == -1){
1000
perror_plus("waitpid");
1001
return false;
1002
}
1003
if(WIFEXITED(status)){
1004
if(WEXITSTATUS(status) != 0){
1005
fprintf_plus(stderr, "Error: iprouteadddel exited"
1006
" with status %d\n", WEXITSTATUS(status));
1007
return false;
1008
}
1009
return true;
1010
}
1011
if(WIFSIGNALED(status)){
1012
fprintf_plus(stderr, "Error: iprouteadddel died by"
1013
" signal %d\n", WTERMSIG(status));
1014
return false;
1015
}
1016
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1017
return false;
1018
}
1019
1020
__attribute__((nonnull, warn_unused_result))
1021
static bool add_local_route(const char *address,
1022
AvahiIfIndex if_index){
1023
if(debug){
1024
fprintf_plus(stderr, "Adding route to %s\n", address);
1025
}
1026
return add_delete_local_route(true, address, if_index);
1027
}
1028
1029
__attribute__((nonnull, warn_unused_result))
1030
static bool delete_local_route(const char *address,
1031
AvahiIfIndex if_index){
1032
if(debug){
1033
fprintf_plus(stderr, "Removing route to %s\n", address);
1034
}
1035
return add_delete_local_route(false, address, if_index);
1036
}
1037
1038
/* Called when a Mandos server is found */
1039
__attribute__((nonnull, warn_unused_result))
1040
static int start_mandos_communication(const char *ip, in_port_t port,
1041
AvahiIfIndex if_index,
1042
int af, mandos_context *mc){
1043
int ret, tcp_sd = -1;
1044
ssize_t sret;
1045
struct sockaddr_storage to;
1046
char *buffer = NULL;
1047
char *decrypted_buffer = NULL;
1048
size_t buffer_length = 0;
1049
size_t buffer_capacity = 0;
1050
size_t written;
1051
int retval = -1;
1052
gnutls_session_t session;
1053
int pf; /* Protocol family */
1054
bool route_added = false;
1055
1056
errno = 0;
1057
1058
if(quit_now){
1059
errno = EINTR;
1060
return -1;
1061
}
1062
1063
switch(af){
1064
case AF_INET6:
1065
pf = PF_INET6;
1066
break;
1067
case AF_INET:
1068
pf = PF_INET;
1069
break;
1070
default:
1071
fprintf_plus(stderr, "Bad address family: %d\n", af);
1072
errno = EINVAL;
1073
return -1;
1074
}
1075
1076
/* If the interface is specified and we have a list of interfaces */
1077
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1078
/* Check if the interface is one of the interfaces we are using */
1079
bool match = false;
1080
{
1081
char *interface = NULL;
1082
while((interface = argz_next(mc->interfaces,
1083
mc->interfaces_size,
1084
interface))){
1085
if(if_nametoindex(interface) == (unsigned int)if_index){
1086
match = true;
1087
break;
1088
}
1089
}
1090
}
1091
if(not match){
1092
/* This interface does not match any in the list, so we don't
1093
connect to the server */
1094
if(debug){
1095
char interface[IF_NAMESIZE];
1096
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1097
perror_plus("if_indextoname");
1098
} else {
1099
fprintf_plus(stderr, "Skipping server on non-used interface"
1100
" \"%s\"\n",
1101
if_indextoname((unsigned int)if_index,
1102
interface));
1103
}
1104
}
1105
return -1;
1106
}
1107
}
1108
1109
ret = init_gnutls_session(&session, mc);
1110
if(ret != 0){
1111
return -1;
1112
}
1113
1114
if(debug){
1115
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1116
PRIuMAX "\n", ip, (uintmax_t)port);
1117
}
1118
1119
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1120
if(tcp_sd < 0){
1121
int e = errno;
1122
perror_plus("socket");
1123
errno = e;
1124
goto mandos_end;
1125
}
1126
1127
if(quit_now){
1128
errno = EINTR;
1129
goto mandos_end;
1130
}
1131
1132
if(af == AF_INET6){
1133
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1134
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1135
ret = inet_pton(af, ip, &to6->sin6_addr);
1136
} else { /* IPv4 */
1137
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1138
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1139
ret = inet_pton(af, ip, &to4->sin_addr);
1140
}
1141
if(ret < 0 ){
1142
int e = errno;
1143
perror_plus("inet_pton");
1144
errno = e;
1145
goto mandos_end;
1146
}
1147
if(ret == 0){
1148
int e = errno;
1149
fprintf_plus(stderr, "Bad address: %s\n", ip);
1150
errno = e;
1151
goto mandos_end;
1152
}
1153
if(af == AF_INET6){
1154
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1155
if(IN6_IS_ADDR_LINKLOCAL
1156
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1157
if(if_index == AVAHI_IF_UNSPEC){
1158
fprintf_plus(stderr, "An IPv6 link-local address is"
1159
" incomplete without a network interface\n");
1160
errno = EINVAL;
1161
goto mandos_end;
1162
}
1163
/* Set the network interface number as scope */
1164
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1165
}
1166
} else {
1167
((struct sockaddr_in *)&to)->sin_port = htons(port);
1168
}
1169
1170
if(quit_now){
1171
errno = EINTR;
1172
goto mandos_end;
1173
}
1174
1175
if(debug){
1176
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1177
char interface[IF_NAMESIZE];
1178
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1179
perror_plus("if_indextoname");
1180
} else {
1181
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1182
"\n", ip, interface, (uintmax_t)port);
1183
}
1184
} else {
1185
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1186
ip, (uintmax_t)port);
1187
}
1188
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1189
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1190
if(af == AF_INET6){
1191
ret = getnameinfo((struct sockaddr *)&to,
1192
sizeof(struct sockaddr_in6),
1193
addrstr, sizeof(addrstr), NULL, 0,
1194
NI_NUMERICHOST);
1195
} else {
1196
ret = getnameinfo((struct sockaddr *)&to,
1197
sizeof(struct sockaddr_in),
1198
addrstr, sizeof(addrstr), NULL, 0,
1199
NI_NUMERICHOST);
1200
}
1201
if(ret == EAI_SYSTEM){
1202
perror_plus("getnameinfo");
1203
} else if(ret != 0) {
1204
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1205
} else if(strcmp(addrstr, ip) != 0){
1206
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1207
}
1208
}
1209
1210
if(quit_now){
1211
errno = EINTR;
1212
goto mandos_end;
1213
}
1214
1215
while(true){
1216
if(af == AF_INET6){
1217
ret = connect(tcp_sd, (struct sockaddr *)&to,
1218
sizeof(struct sockaddr_in6));
1219
} else {
1220
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1221
sizeof(struct sockaddr_in));
1222
}
1223
if(ret < 0){
1224
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1225
and if_index != AVAHI_IF_UNSPEC
1226
and connect_to == NULL
1227
and not route_added and
1228
((af == AF_INET6 and not
1229
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1230
&to)->sin6_addr)))
1231
or (af == AF_INET and
1232
/* Not a a IPv4LL address */
1233
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1234
& 0xFFFF0000L) != 0xA9FE0000L))){
1235
/* Work around Avahi bug - Avahi does not announce link-local
1236
addresses if it has a global address, so local hosts with
1237
*only* a link-local address (e.g. Mandos clients) cannot
1238
connect to a Mandos server announced by Avahi on a server
1239
host with a global address. Work around this by retrying
1240
with an explicit route added with the server's address.
1241
1242
Avahi bug reference:
1243
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1244
https://bugs.debian.org/587961
1245
*/
1246
if(debug){
1247
fprintf_plus(stderr, "Mandos server unreachable, trying"
1248
" direct route\n");
1249
}
1250
int e = errno;
1251
route_added = add_local_route(ip, if_index);
1252
if(route_added){
1253
continue;
1254
}
1255
errno = e;
1256
}
1257
if(errno != ECONNREFUSED or debug){
1258
int e = errno;
1259
perror_plus("connect");
1260
errno = e;
1261
}
1262
goto mandos_end;
1263
}
1264
1265
if(quit_now){
1266
errno = EINTR;
1267
goto mandos_end;
1268
}
1269
break;
1270
}
1271
1272
const char *out = mandos_protocol_version;
1273
written = 0;
1274
while(true){
1275
size_t out_size = strlen(out);
1276
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1277
out_size - written));
1278
if(ret == -1){
1279
int e = errno;
1280
perror_plus("write");
1281
errno = e;
1282
goto mandos_end;
1283
}
1284
written += (size_t)ret;
1285
if(written < out_size){
1286
continue;
1287
} else {
1288
if(out == mandos_protocol_version){
1289
written = 0;
1290
out = "\r\n";
1291
} else {
1292
break;
1293
}
1294
}
1295
1296
if(quit_now){
1297
errno = EINTR;
1298
goto mandos_end;
1299
}
1300
}
1301
1302
if(debug){
1303
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1304
}
1305
1306
if(quit_now){
1307
errno = EINTR;
1308
goto mandos_end;
1309
}
1310
1311
/* This casting via intptr_t is to eliminate warning about casting
1312
an int to a pointer type. This is exactly how the GnuTLS Guile
1313
function "set-session-transport-fd!" does it. */
1314
gnutls_transport_set_ptr(session,
1315
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1316
1317
if(quit_now){
1318
errno = EINTR;
1319
goto mandos_end;
1320
}
1321
1322
do {
1323
ret = gnutls_handshake(session);
1324
if(quit_now){
1325
errno = EINTR;
1326
goto mandos_end;
1327
}
1328
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1329
1330
if(ret != GNUTLS_E_SUCCESS){
1331
if(debug){
1332
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1333
gnutls_perror(ret);
1334
}
1335
errno = EPROTO;
1336
goto mandos_end;
1337
}
1338
1339
/* Read OpenPGP packet that contains the wanted password */
1340
1341
if(debug){
1342
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1343
" %s\n", ip);
1344
}
1345
1346
while(true){
1347
1348
if(quit_now){
1349
errno = EINTR;
1350
goto mandos_end;
1351
}
1352
1353
buffer_capacity = incbuffer(&buffer, buffer_length,
1354
buffer_capacity);
1355
if(buffer_capacity == 0){
1356
int e = errno;
1357
perror_plus("incbuffer");
1358
errno = e;
1359
goto mandos_end;
1360
}
1361
1362
if(quit_now){
1363
errno = EINTR;
1364
goto mandos_end;
1365
}
1366
1367
sret = gnutls_record_recv(session, buffer+buffer_length,
1368
BUFFER_SIZE);
1369
if(sret == 0){
1370
break;
1371
}
1372
if(sret < 0){
1373
switch(sret){
1374
case GNUTLS_E_INTERRUPTED:
1375
case GNUTLS_E_AGAIN:
1376
break;
1377
case GNUTLS_E_REHANDSHAKE:
1378
do {
1379
ret = gnutls_handshake(session);
1380
1381
if(quit_now){
1382
errno = EINTR;
1383
goto mandos_end;
1384
}
1385
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1386
if(ret < 0){
1387
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1388
"***\n");
1389
gnutls_perror(ret);
1390
errno = EPROTO;
1391
goto mandos_end;
1392
}
1393
break;
1394
default:
1395
fprintf_plus(stderr, "Unknown error while reading data from"
1396
" encrypted session with Mandos server\n");
1397
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1398
errno = EIO;
1399
goto mandos_end;
1400
}
1401
} else {
1402
buffer_length += (size_t) sret;
1403
}
1404
}
1405
1406
if(debug){
1407
fprintf_plus(stderr, "Closing TLS session\n");
1408
}
1409
1410
if(quit_now){
1411
errno = EINTR;
1412
goto mandos_end;
1413
}
1414
1415
do {
1416
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1417
if(quit_now){
1418
errno = EINTR;
1419
goto mandos_end;
1420
}
1421
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1422
1423
if(buffer_length > 0){
1424
ssize_t decrypted_buffer_size;
1425
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1426
&decrypted_buffer, mc);
1427
if(decrypted_buffer_size >= 0){
1428
1429
clearerr(stdout);
1430
written = 0;
1431
while(written < (size_t) decrypted_buffer_size){
1432
if(quit_now){
1433
errno = EINTR;
1434
goto mandos_end;
1435
}
1436
1437
ret = (int)fwrite(decrypted_buffer + written, 1,
1438
(size_t)decrypted_buffer_size - written,
1439
stdout);
1440
if(ret == 0 and ferror(stdout)){
1441
int e = errno;
1442
if(debug){
1443
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1444
strerror(errno));
1445
}
1446
errno = e;
1447
goto mandos_end;
1448
}
1449
written += (size_t)ret;
1450
}
1451
ret = fflush(stdout);
1452
if(ret != 0){
1453
int e = errno;
1454
if(debug){
1455
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1456
strerror(errno));
1457
}
1458
errno = e;
1459
goto mandos_end;
1460
}
1461
retval = 0;
1462
}
1463
}
1464
1465
/* Shutdown procedure */
1466
1467
mandos_end:
1468
{
1469
if(route_added){
1470
if(not delete_local_route(ip, if_index)){
1471
fprintf_plus(stderr, "Failed to delete local route to %s on"
1472
" interface %d", ip, if_index);
1473
}
1474
}
1475
int e = errno;
1476
free(decrypted_buffer);
1477
free(buffer);
1478
if(tcp_sd >= 0){
1479
ret = close(tcp_sd);
1480
}
1481
if(ret == -1){
1482
if(e == 0){
1483
e = errno;
1484
}
1485
perror_plus("close");
1486
}
1487
gnutls_deinit(session);
1488
errno = e;
1489
if(quit_now){
1490
errno = EINTR;
1491
retval = -1;
1492
}
1493
}
1494
return retval;
1495
}
1496
1497
__attribute__((nonnull))
1498
static void resolve_callback(AvahiSServiceResolver *r,
1499
AvahiIfIndex interface,
1500
AvahiProtocol proto,
1501
AvahiResolverEvent event,
1502
const char *name,
1503
const char *type,
1504
const char *domain,
1505
const char *host_name,
1506
const AvahiAddress *address,
1507
uint16_t port,
1508
AVAHI_GCC_UNUSED AvahiStringList *txt,
1509
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1510
flags,
1511
void *mc){
1512
if(r == NULL){
1513
return;
1514
}
1515
1516
/* Called whenever a service has been resolved successfully or
1517
timed out */
1518
1519
if(quit_now){
1520
avahi_s_service_resolver_free(r);
1521
return;
1522
}
1523
1524
switch(event){
1525
default:
1526
case AVAHI_RESOLVER_FAILURE:
1527
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1528
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1529
domain,
1530
avahi_strerror(avahi_server_errno
1531
(((mandos_context*)mc)->server)));
1532
break;
1533
1534
case AVAHI_RESOLVER_FOUND:
1535
{
1536
char ip[AVAHI_ADDRESS_STR_MAX];
1537
avahi_address_snprint(ip, sizeof(ip), address);
1538
if(debug){
1539
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1540
PRIdMAX ") on port %" PRIu16 "\n", name,
1541
host_name, ip, (intmax_t)interface, port);
1542
}
1543
int ret = start_mandos_communication(ip, (in_port_t)port,
1544
interface,
1545
avahi_proto_to_af(proto),
1546
mc);
1547
if(ret == 0){
1548
avahi_simple_poll_quit(simple_poll);
1549
} else {
1550
if(not add_server(ip, (in_port_t)port, interface,
1551
avahi_proto_to_af(proto),
1552
&((mandos_context*)mc)->current_server)){
1553
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1554
" list\n", name);
1555
}
1556
}
1557
}
1558
}
1559
avahi_s_service_resolver_free(r);
1560
}
1561
1562
static void browse_callback(AvahiSServiceBrowser *b,
1563
AvahiIfIndex interface,
1564
AvahiProtocol protocol,
1565
AvahiBrowserEvent event,
1566
const char *name,
1567
const char *type,
1568
const char *domain,
1569
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1570
flags,
1571
void *mc){
1572
if(b == NULL){
1573
return;
1574
}
1575
1576
/* Called whenever a new services becomes available on the LAN or
1577
is removed from the LAN */
1578
1579
if(quit_now){
1580
return;
1581
}
1582
1583
switch(event){
1584
default:
1585
case AVAHI_BROWSER_FAILURE:
1586
1587
fprintf_plus(stderr, "(Avahi browser) %s\n",
1588
avahi_strerror(avahi_server_errno
1589
(((mandos_context*)mc)->server)));
1590
avahi_simple_poll_quit(simple_poll);
1591
return;
1592
1593
case AVAHI_BROWSER_NEW:
1594
/* We ignore the returned Avahi resolver object. In the callback
1595
function we free it. If the Avahi server is terminated before
1596
the callback function is called the Avahi server will free the
1597
resolver for us. */
1598
1599
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1600
interface, protocol, name, type,
1601
domain, protocol, 0,
1602
resolve_callback, mc) == NULL)
1603
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1604
" %s\n", name,
1605
avahi_strerror(avahi_server_errno
1606
(((mandos_context*)mc)->server)));
1607
break;
1608
1609
case AVAHI_BROWSER_REMOVE:
1610
break;
1611
1612
case AVAHI_BROWSER_ALL_FOR_NOW:
1613
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1614
if(debug){
1615
fprintf_plus(stderr, "No Mandos server found, still"
1616
" searching...\n");
1617
}
1618
break;
1619
}
1620
}
1621
1622
/* Signal handler that stops main loop after SIGTERM */
1623
static void handle_sigterm(int sig){
1624
if(quit_now){
1625
return;
1626
}
1627
quit_now = 1;
1628
signal_received = sig;
1629
int old_errno = errno;
1630
/* set main loop to exit */
1631
if(simple_poll != NULL){
1632
avahi_simple_poll_quit(simple_poll);
1633
}
1634
errno = old_errno;
1635
}
1636
1637
__attribute__((nonnull, warn_unused_result))
1638
bool get_flags(const char *ifname, struct ifreq *ifr){
1639
int ret;
1640
int old_errno;
1641
1642
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1643
if(s < 0){
1644
old_errno = errno;
1645
perror_plus("socket");
1646
errno = old_errno;
1647
return false;
1648
}
1649
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1650
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1651
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1652
if(ret == -1){
1653
if(debug){
1654
old_errno = errno;
1655
perror_plus("ioctl SIOCGIFFLAGS");
1656
errno = old_errno;
1657
}
1658
return false;
1659
}
1660
return true;
1661
}
1662
1663
__attribute__((nonnull, warn_unused_result))
1664
bool good_flags(const char *ifname, const struct ifreq *ifr){
1665
1666
/* Reject the loopback device */
1667
if(ifr->ifr_flags & IFF_LOOPBACK){
1668
if(debug){
1669
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1670
ifname);
1671
}
1672
return false;
1673
}
1674
/* Accept point-to-point devices only if connect_to is specified */
1675
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1676
if(debug){
1677
fprintf_plus(stderr, "Accepting point-to-point interface"
1678
" \"%s\"\n", ifname);
1679
}
1680
return true;
1681
}
1682
/* Otherwise, reject non-broadcast-capable devices */
1683
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1684
if(debug){
1685
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1686
" \"%s\"\n", ifname);
1687
}
1688
return false;
1689
}
1690
/* Reject non-ARP interfaces (including dummy interfaces) */
1691
if(ifr->ifr_flags & IFF_NOARP){
1692
if(debug){
1693
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1694
ifname);
1695
}
1696
return false;
1697
}
1698
1699
/* Accept this device */
1700
if(debug){
1701
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1702
}
1703
return true;
1704
}
1705
1706
/*
1707
* This function determines if a directory entry in /sys/class/net
1708
* corresponds to an acceptable network device.
1709
* (This function is passed to scandir(3) as a filter function.)
1710
*/
1711
__attribute__((nonnull, warn_unused_result))
1712
int good_interface(const struct dirent *if_entry){
1713
if(if_entry->d_name[0] == '.'){
1714
return 0;
1715
}
1716
1717
struct ifreq ifr;
1718
if(not get_flags(if_entry->d_name, &ifr)){
1719
if(debug){
1720
fprintf_plus(stderr, "Failed to get flags for interface "
1721
"\"%s\"\n", if_entry->d_name);
1722
}
1723
return 0;
1724
}
1725
1726
if(not good_flags(if_entry->d_name, &ifr)){
1727
return 0;
1728
}
1729
return 1;
1730
}
1731
1732
/*
1733
* This function determines if a network interface is up.
1734
*/
1735
__attribute__((nonnull, warn_unused_result))
1736
bool interface_is_up(const char *interface){
1737
struct ifreq ifr;
1738
if(not get_flags(interface, &ifr)){
1739
if(debug){
1740
fprintf_plus(stderr, "Failed to get flags for interface "
1741
"\"%s\"\n", interface);
1742
}
1743
return false;
1744
}
1745
1746
return (bool)(ifr.ifr_flags & IFF_UP);
1747
}
1748
1749
/*
1750
* This function determines if a network interface is running
1751
*/
1752
__attribute__((nonnull, warn_unused_result))
1753
bool interface_is_running(const char *interface){
1754
struct ifreq ifr;
1755
if(not get_flags(interface, &ifr)){
1756
if(debug){
1757
fprintf_plus(stderr, "Failed to get flags for interface "
1758
"\"%s\"\n", interface);
1759
}
1760
return false;
1761
}
1762
1763
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1764
}
1765
1766
__attribute__((nonnull, pure, warn_unused_result))
1767
int notdotentries(const struct dirent *direntry){
1768
/* Skip "." and ".." */
1769
if(direntry->d_name[0] == '.'
1770
and (direntry->d_name[1] == '\0'
1771
or (direntry->d_name[1] == '.'
1772
and direntry->d_name[2] == '\0'))){
1773
return 0;
1774
}
1775
return 1;
1776
}
1777
1778
/* Is this directory entry a runnable program? */
1779
__attribute__((nonnull, warn_unused_result))
1780
int runnable_hook(const struct dirent *direntry){
1781
int ret;
1782
size_t sret;
1783
struct stat st;
1784
1785
if((direntry->d_name)[0] == '\0'){
1786
/* Empty name? */
1787
return 0;
1788
}
1789
1790
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1791
"abcdefghijklmnopqrstuvwxyz"
1792
"0123456789"
1793
"_.-");
1794
if((direntry->d_name)[sret] != '\0'){
1795
/* Contains non-allowed characters */
1796
if(debug){
1797
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1798
direntry->d_name);
1799
}
1800
return 0;
1801
}
1802
1803
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1804
if(ret == -1){
1805
if(debug){
1806
perror_plus("Could not stat hook");
1807
}
1808
return 0;
1809
}
1810
if(not (S_ISREG(st.st_mode))){
1811
/* Not a regular file */
1812
if(debug){
1813
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1814
direntry->d_name);
1815
}
1816
return 0;
1817
}
1818
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1819
/* Not executable */
1820
if(debug){
1821
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1822
direntry->d_name);
1823
}
1824
return 0;
1825
}
1826
if(debug){
1827
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1828
direntry->d_name);
1829
}
1830
return 1;
1831
}
1832
1833
__attribute__((nonnull, warn_unused_result))
1834
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1835
mandos_context *mc){
1836
int ret;
1837
struct timespec now;
1838
struct timespec waited_time;
1839
intmax_t block_time;
1840
1841
while(true){
1842
if(mc->current_server == NULL){
1843
if(debug){
1844
fprintf_plus(stderr, "Wait until first server is found."
1845
" No timeout!\n");
1846
}
1847
ret = avahi_simple_poll_iterate(s, -1);
1848
} else {
1849
if(debug){
1850
fprintf_plus(stderr, "Check current_server if we should run"
1851
" it, or wait\n");
1852
}
1853
/* the current time */
1854
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1855
if(ret == -1){
1856
perror_plus("clock_gettime");
1857
return -1;
1858
}
1859
/* Calculating in ms how long time between now and server
1860
who we visted longest time ago. Now - last seen. */
1861
waited_time.tv_sec = (now.tv_sec
1862
- mc->current_server->last_seen.tv_sec);
1863
waited_time.tv_nsec = (now.tv_nsec
1864
- mc->current_server->last_seen.tv_nsec);
1865
/* total time is 10s/10,000ms.
1866
Converting to s from ms by dividing by 1,000,
1867
and ns to ms by dividing by 1,000,000. */
1868
block_time = ((retry_interval
1869
- ((intmax_t)waited_time.tv_sec * 1000))
1870
- ((intmax_t)waited_time.tv_nsec / 1000000));
1871
1872
if(debug){
1873
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1874
block_time);
1875
}
1876
1877
if(block_time <= 0){
1878
ret = start_mandos_communication(mc->current_server->ip,
1879
mc->current_server->port,
1880
mc->current_server->if_index,
1881
mc->current_server->af, mc);
1882
if(ret == 0){
1883
avahi_simple_poll_quit(s);
1884
return 0;
1885
}
1886
ret = clock_gettime(CLOCK_MONOTONIC,
1887
&mc->current_server->last_seen);
1888
if(ret == -1){
1889
perror_plus("clock_gettime");
1890
return -1;
1891
}
1892
mc->current_server = mc->current_server->next;
1893
block_time = 0; /* Call avahi to find new Mandos
1894
servers, but don't block */
1895
}
1896
1897
ret = avahi_simple_poll_iterate(s, (int)block_time);
1898
}
1899
if(ret != 0){
1900
if(ret > 0 or errno != EINTR){
1901
return (ret != 1) ? ret : 0;
1902
}
1903
}
1904
}
1905
}
1906
1907
__attribute__((nonnull))
1908
void run_network_hooks(const char *mode, const char *interface,
1909
const float delay){
1910
struct dirent **direntries = NULL;
1911
if(hookdir_fd == -1){
1912
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1913
| O_CLOEXEC);
1914
if(hookdir_fd == -1){
1915
if(errno == ENOENT){
1916
if(debug){
1917
fprintf_plus(stderr, "Network hook directory \"%s\" not"
1918
" found\n", hookdir);
1919
}
1920
} else {
1921
perror_plus("open");
1922
}
1923
return;
1924
}
1925
}
1926
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1927
runnable_hook, alphasort);
1928
if(numhooks == -1){
1929
perror_plus("scandir");
1930
return;
1931
}
1932
struct dirent *direntry;
1933
int ret;
1934
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
if(devnull == -1){
1936
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
return;
1938
}
1939
for(int i = 0; i < numhooks; i++){
1940
direntry = direntries[i];
1941
if(debug){
1942
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1943
direntry->d_name);
1944
}
1945
pid_t hook_pid = fork();
1946
if(hook_pid == 0){
1947
/* Child */
1948
/* Raise privileges */
1949
errno = raise_privileges_permanently();
1950
if(errno != 0){
1951
perror_plus("Failed to raise privileges");
1952
_exit(EX_NOPERM);
1953
}
1954
/* Set group */
1955
errno = 0;
1956
ret = setgid(0);
1957
if(ret == -1){
1958
perror_plus("setgid");
1959
_exit(EX_NOPERM);
1960
}
1961
/* Reset supplementary groups */
1962
errno = 0;
1963
ret = setgroups(0, NULL);
1964
if(ret == -1){
1965
perror_plus("setgroups");
1966
_exit(EX_NOPERM);
1967
}
1968
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1969
if(ret == -1){
1970
perror_plus("setenv");
1971
_exit(EX_OSERR);
1972
}
1973
ret = setenv("DEVICE", interface, 1);
1974
if(ret == -1){
1975
perror_plus("setenv");
1976
_exit(EX_OSERR);
1977
}
1978
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1979
if(ret == -1){
1980
perror_plus("setenv");
1981
_exit(EX_OSERR);
1982
}
1983
ret = setenv("MODE", mode, 1);
1984
if(ret == -1){
1985
perror_plus("setenv");
1986
_exit(EX_OSERR);
1987
}
1988
char *delaystring;
1989
ret = asprintf(&delaystring, "%f", (double)delay);
1990
if(ret == -1){
1991
perror_plus("asprintf");
1992
_exit(EX_OSERR);
1993
}
1994
ret = setenv("DELAY", delaystring, 1);
1995
if(ret == -1){
1996
free(delaystring);
1997
perror_plus("setenv");
1998
_exit(EX_OSERR);
1999
}
2000
free(delaystring);
2001
if(connect_to != NULL){
2002
ret = setenv("CONNECT", connect_to, 1);
2003
if(ret == -1){
2004
perror_plus("setenv");
2005
_exit(EX_OSERR);
2006
}
2007
}
2008
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2009
direntry->d_name,
2010
O_RDONLY));
2011
if(hook_fd == -1){
2012
perror_plus("openat");
2013
_exit(EXIT_FAILURE);
2014
}
2015
if(close(hookdir_fd) == -1){
2016
perror_plus("close");
2017
_exit(EXIT_FAILURE);
2018
}
2019
ret = dup2(devnull, STDIN_FILENO);
2020
if(ret == -1){
2021
perror_plus("dup2(devnull, STDIN_FILENO)");
2022
_exit(EX_OSERR);
2023
}
2024
ret = close(devnull);
2025
if(ret == -1){
2026
perror_plus("close");
2027
_exit(EX_OSERR);
2028
}
2029
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2030
if(ret == -1){
2031
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2032
_exit(EX_OSERR);
2033
}
2034
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2035
environ) == -1){
2036
perror_plus("fexecve");
2037
_exit(EXIT_FAILURE);
2038
}
2039
} else {
2040
if(hook_pid == -1){
2041
perror_plus("fork");
2042
free(direntry);
2043
continue;
2044
}
2045
int status;
2046
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2047
perror_plus("waitpid");
2048
free(direntry);
2049
continue;
2050
}
2051
if(WIFEXITED(status)){
2052
if(WEXITSTATUS(status) != 0){
2053
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2054
" with status %d\n", direntry->d_name,
2055
WEXITSTATUS(status));
2056
free(direntry);
2057
continue;
2058
}
2059
} else if(WIFSIGNALED(status)){
2060
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2061
" signal %d\n", direntry->d_name,
2062
WTERMSIG(status));
2063
free(direntry);
2064
continue;
2065
} else {
2066
fprintf_plus(stderr, "Warning: network hook \"%s\""
2067
" crashed\n", direntry->d_name);
2068
free(direntry);
2069
continue;
2070
}
2071
}
2072
if(debug){
2073
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2074
direntry->d_name);
2075
}
2076
free(direntry);
2077
}
2078
free(direntries);
2079
if(close(hookdir_fd) == -1){
2080
perror_plus("close");
2081
} else {
2082
hookdir_fd = -1;
2083
}
2084
close(devnull);
2085
}
2086
2087
__attribute__((nonnull, warn_unused_result))
2088
int bring_up_interface(const char *const interface,
2089
const float delay){
2090
int old_errno = errno;
2091
int ret;
2092
struct ifreq network;
2093
unsigned int if_index = if_nametoindex(interface);
2094
if(if_index == 0){
2095
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2096
errno = old_errno;
2097
return ENXIO;
2098
}
2099
2100
if(quit_now){
2101
errno = old_errno;
2102
return EINTR;
2103
}
2104
2105
if(not interface_is_up(interface)){
2106
int ret_errno = 0;
2107
int ioctl_errno = 0;
2108
if(not get_flags(interface, &network)){
2109
ret_errno = errno;
2110
fprintf_plus(stderr, "Failed to get flags for interface "
2111
"\"%s\"\n", interface);
2112
errno = old_errno;
2113
return ret_errno;
2114
}
2115
network.ifr_flags |= IFF_UP; /* set flag */
2116
2117
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2118
if(sd == -1){
2119
ret_errno = errno;
2120
perror_plus("socket");
2121
errno = old_errno;
2122
return ret_errno;
2123
}
2124
2125
if(quit_now){
2126
ret = close(sd);
2127
if(ret == -1){
2128
perror_plus("close");
2129
}
2130
errno = old_errno;
2131
return EINTR;
2132
}
2133
2134
if(debug){
2135
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2136
interface);
2137
}
2138
2139
/* Raise privileges */
2140
ret_errno = raise_privileges();
2141
if(ret_errno != 0){
2142
errno = ret_errno;
2143
perror_plus("Failed to raise privileges");
2144
}
2145
2146
#ifdef __linux__
2147
int ret_linux;
2148
bool restore_loglevel = false;
2149
if(ret_errno == 0){
2150
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2151
messages about the network interface to mess up the prompt */
2152
ret_linux = klogctl(8, NULL, 5);
2153
if(ret_linux == -1){
2154
perror_plus("klogctl");
2155
} else {
2156
restore_loglevel = true;
2157
}
2158
}
2159
#endif /* __linux__ */
2160
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2161
ioctl_errno = errno;
2162
#ifdef __linux__
2163
if(restore_loglevel){
2164
ret_linux = klogctl(7, NULL, 0);
2165
if(ret_linux == -1){
2166
perror_plus("klogctl");
2167
}
2168
}
2169
#endif /* __linux__ */
2170
2171
/* If raise_privileges() succeeded above */
2172
if(ret_errno == 0){
2173
/* Lower privileges */
2174
ret_errno = lower_privileges();
2175
if(ret_errno != 0){
2176
errno = ret_errno;
2177
perror_plus("Failed to lower privileges");
2178
}
2179
}
2180
2181
/* Close the socket */
2182
ret = close(sd);
2183
if(ret == -1){
2184
perror_plus("close");
2185
}
2186
2187
if(ret_setflags == -1){
2188
errno = ioctl_errno;
2189
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2190
errno = old_errno;
2191
return ioctl_errno;
2192
}
2193
} else if(debug){
2194
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2195
interface);
2196
}
2197
2198
/* Sleep checking until interface is running.
2199
Check every 0.25s, up to total time of delay */
2200
for(int i = 0; i < delay * 4; i++){
2201
if(interface_is_running(interface)){
2202
break;
2203
}
2204
struct timespec sleeptime = { .tv_nsec = 250000000 };
2205
ret = nanosleep(&sleeptime, NULL);
2206
if(ret == -1 and errno != EINTR){
2207
perror_plus("nanosleep");
2208
}
2209
}
2210
2211
errno = old_errno;
2212
return 0;
2213
}
2214
2215
__attribute__((nonnull, warn_unused_result))
2216
int take_down_interface(const char *const interface){
2217
int old_errno = errno;
2218
struct ifreq network;
2219
unsigned int if_index = if_nametoindex(interface);
2220
if(if_index == 0){
2221
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2222
errno = old_errno;
2223
return ENXIO;
2224
}
2225
if(interface_is_up(interface)){
2226
int ret_errno = 0;
2227
int ioctl_errno = 0;
2228
if(not get_flags(interface, &network) and debug){
2229
ret_errno = errno;
2230
fprintf_plus(stderr, "Failed to get flags for interface "
2231
"\"%s\"\n", interface);
2232
errno = old_errno;
2233
return ret_errno;
2234
}
2235
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2236
2237
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2238
if(sd == -1){
2239
ret_errno = errno;
2240
perror_plus("socket");
2241
errno = old_errno;
2242
return ret_errno;
2243
}
2244
2245
if(debug){
2246
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2247
interface);
2248
}
2249
2250
/* Raise privileges */
2251
ret_errno = raise_privileges();
2252
if(ret_errno != 0){
2253
errno = ret_errno;
2254
perror_plus("Failed to raise privileges");
2255
}
2256
2257
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2258
ioctl_errno = errno;
2259
2260
/* If raise_privileges() succeeded above */
2261
if(ret_errno == 0){
2262
/* Lower privileges */
2263
ret_errno = lower_privileges();
2264
if(ret_errno != 0){
2265
errno = ret_errno;
2266
perror_plus("Failed to lower privileges");
2267
}
2268
}
2269
2270
/* Close the socket */
2271
int ret = close(sd);
2272
if(ret == -1){
2273
perror_plus("close");
2274
}
2275
2276
if(ret_setflags == -1){
2277
errno = ioctl_errno;
2278
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2279
errno = old_errno;
2280
return ioctl_errno;
2281
}
2282
} else if(debug){
2283
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2284
interface);
2285
}
2286
2287
errno = old_errno;
2288
return 0;
2289
}
2290
2291
int main(int argc, char *argv[]){
2292
mandos_context mc = { .server = NULL, .dh_bits = 0,
2293
.priority = "SECURE256:!CTYPE-X.509"
2294
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2295
.current_server = NULL, .interfaces = NULL,
2296
.interfaces_size = 0 };
2297
AvahiSServiceBrowser *sb = NULL;
2298
error_t ret_errno;
2299
int ret;
2300
intmax_t tmpmax;
2301
char *tmp;
2302
int exitcode = EXIT_SUCCESS;
2303
char *interfaces_to_take_down = NULL;
2304
size_t interfaces_to_take_down_size = 0;
2305
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2306
char old_tempdir[] = "/tmp/mandosXXXXXX";
2307
char *tempdir = NULL;
2308
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2309
const char *seckey = PATHDIR "/" SECKEY;
2310
const char *pubkey = PATHDIR "/" PUBKEY;
2311
const char *dh_params_file = NULL;
2312
char *interfaces_hooks = NULL;
2313
2314
bool gnutls_initialized = false;
2315
bool gpgme_initialized = false;
2316
float delay = 2.5f;
2317
double retry_interval = 10; /* 10s between trying a server and
2318
retrying the same server again */
2319
2320
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2321
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2322
2323
uid = getuid();
2324
gid = getgid();
2325
2326
/* Lower any group privileges we might have, just to be safe */
2327
errno = 0;
2328
ret = setgid(gid);
2329
if(ret == -1){
2330
perror_plus("setgid");
2331
}
2332
2333
/* Lower user privileges (temporarily) */
2334
errno = 0;
2335
ret = seteuid(uid);
2336
if(ret == -1){
2337
perror_plus("seteuid");
2338
}
2339
2340
if(quit_now){
2341
goto end;
2342
}
2343
2344
{
2345
struct argp_option options[] = {
2346
{ .name = "debug", .key = 128,
2347
.doc = "Debug mode", .group = 3 },
2348
{ .name = "connect", .key = 'c',
2349
.arg = "ADDRESS:PORT",
2350
.doc = "Connect directly to a specific Mandos server",
2351
.group = 1 },
2352
{ .name = "interface", .key = 'i',
2353
.arg = "NAME",
2354
.doc = "Network interface that will be used to search for"
2355
" Mandos servers",
2356
.group = 1 },
2357
{ .name = "seckey", .key = 's',
2358
.arg = "FILE",
2359
.doc = "OpenPGP secret key file base name",
2360
.group = 1 },
2361
{ .name = "pubkey", .key = 'p',
2362
.arg = "FILE",
2363
.doc = "OpenPGP public key file base name",
2364
.group = 2 },
2365
{ .name = "dh-bits", .key = 129,
2366
.arg = "BITS",
2367
.doc = "Bit length of the prime number used in the"
2368
" Diffie-Hellman key exchange",
2369
.group = 2 },
2370
{ .name = "dh-params", .key = 134,
2371
.arg = "FILE",
2372
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2373
" for the Diffie-Hellman key exchange",
2374
.group = 2 },
2375
{ .name = "priority", .key = 130,
2376
.arg = "STRING",
2377
.doc = "GnuTLS priority string for the TLS handshake",
2378
.group = 1 },
2379
{ .name = "delay", .key = 131,
2380
.arg = "SECONDS",
2381
.doc = "Maximum delay to wait for interface startup",
2382
.group = 2 },
2383
{ .name = "retry", .key = 132,
2384
.arg = "SECONDS",
2385
.doc = "Retry interval used when denied by the Mandos server",
2386
.group = 2 },
2387
{ .name = "network-hook-dir", .key = 133,
2388
.arg = "DIR",
2389
.doc = "Directory where network hooks are located",
2390
.group = 2 },
2391
/*
2392
* These reproduce what we would get without ARGP_NO_HELP
2393
*/
2394
{ .name = "help", .key = '?',
2395
.doc = "Give this help list", .group = -1 },
2396
{ .name = "usage", .key = -3,
2397
.doc = "Give a short usage message", .group = -1 },
2398
{ .name = "version", .key = 'V',
2399
.doc = "Print program version", .group = -1 },
2400
{ .name = NULL }
2401
};
2402
2403
error_t parse_opt(int key, char *arg,
2404
struct argp_state *state){
2405
errno = 0;
2406
switch(key){
2407
case 128: /* --debug */
2408
debug = true;
2409
break;
2410
case 'c': /* --connect */
2411
connect_to = arg;
2412
break;
2413
case 'i': /* --interface */
2414
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2415
arg, (int)',');
2416
if(ret_errno != 0){
2417
argp_error(state, "%s", strerror(ret_errno));
2418
}
2419
break;
2420
case 's': /* --seckey */
2421
seckey = arg;
2422
break;
2423
case 'p': /* --pubkey */
2424
pubkey = arg;
2425
break;
2426
case 129: /* --dh-bits */
2427
errno = 0;
2428
tmpmax = strtoimax(arg, &tmp, 10);
2429
if(errno != 0 or tmp == arg or *tmp != '\0'
2430
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2431
argp_error(state, "Bad number of DH bits");
2432
}
2433
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2434
break;
2435
case 134: /* --dh-params */
2436
dh_params_file = arg;
2437
break;
2438
case 130: /* --priority */
2439
mc.priority = arg;
2440
break;
2441
case 131: /* --delay */
2442
errno = 0;
2443
delay = strtof(arg, &tmp);
2444
if(errno != 0 or tmp == arg or *tmp != '\0'){
2445
argp_error(state, "Bad delay");
2446
}
2447
case 132: /* --retry */
2448
errno = 0;
2449
retry_interval = strtod(arg, &tmp);
2450
if(errno != 0 or tmp == arg or *tmp != '\0'
2451
or (retry_interval * 1000) > INT_MAX
2452
or retry_interval < 0){
2453
argp_error(state, "Bad retry interval");
2454
}
2455
break;
2456
case 133: /* --network-hook-dir */
2457
hookdir = arg;
2458
break;
2459
/*
2460
* These reproduce what we would get without ARGP_NO_HELP
2461
*/
2462
case '?': /* --help */
2463
argp_state_help(state, state->out_stream,
2464
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2465
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2466
case -3: /* --usage */
2467
argp_state_help(state, state->out_stream,
2468
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2469
case 'V': /* --version */
2470
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2471
exit(argp_err_exit_status);
2472
break;
2473
default:
2474
return ARGP_ERR_UNKNOWN;
2475
}
2476
return errno;
2477
}
2478
2479
struct argp argp = { .options = options, .parser = parse_opt,
2480
.args_doc = "",
2481
.doc = "Mandos client -- Get and decrypt"
2482
" passwords from a Mandos server" };
2483
ret_errno = argp_parse(&argp, argc, argv,
2484
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2485
switch(ret_errno){
2486
case 0:
2487
break;
2488
case ENOMEM:
2489
default:
2490
errno = ret_errno;
2491
perror_plus("argp_parse");
2492
exitcode = EX_OSERR;
2493
goto end;
2494
case EINVAL:
2495
exitcode = EX_USAGE;
2496
goto end;
2497
}
2498
}
2499
2500
{
2501
/* Work around Debian bug #633582:
2502
<https://bugs.debian.org/633582> */
2503
2504
/* Re-raise privileges */
2505
ret = raise_privileges();
2506
if(ret != 0){
2507
errno = ret;
2508
perror_plus("Failed to raise privileges");
2509
} else {
2510
struct stat st;
2511
2512
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2513
int seckey_fd = open(seckey, O_RDONLY);
2514
if(seckey_fd == -1){
2515
perror_plus("open");
2516
} else {
2517
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2518
if(ret == -1){
2519
perror_plus("fstat");
2520
} else {
2521
if(S_ISREG(st.st_mode)
2522
and st.st_uid == 0 and st.st_gid == 0){
2523
ret = fchown(seckey_fd, uid, gid);
2524
if(ret == -1){
2525
perror_plus("fchown");
2526
}
2527
}
2528
}
2529
close(seckey_fd);
2530
}
2531
}
2532
2533
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2534
int pubkey_fd = open(pubkey, O_RDONLY);
2535
if(pubkey_fd == -1){
2536
perror_plus("open");
2537
} else {
2538
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2539
if(ret == -1){
2540
perror_plus("fstat");
2541
} else {
2542
if(S_ISREG(st.st_mode)
2543
and st.st_uid == 0 and st.st_gid == 0){
2544
ret = fchown(pubkey_fd, uid, gid);
2545
if(ret == -1){
2546
perror_plus("fchown");
2547
}
2548
}
2549
}
2550
close(pubkey_fd);
2551
}
2552
}
2553
2554
if(dh_params_file != NULL
2555
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2556
int dhparams_fd = open(dh_params_file, O_RDONLY);
2557
if(dhparams_fd == -1){
2558
perror_plus("open");
2559
} else {
2560
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2561
if(ret == -1){
2562
perror_plus("fstat");
2563
} else {
2564
if(S_ISREG(st.st_mode)
2565
and st.st_uid == 0 and st.st_gid == 0){
2566
ret = fchown(dhparams_fd, uid, gid);
2567
if(ret == -1){
2568
perror_plus("fchown");
2569
}
2570
}
2571
}
2572
close(dhparams_fd);
2573
}
2574
}
2575
2576
/* Lower privileges */
2577
ret = lower_privileges();
2578
if(ret != 0){
2579
errno = ret;
2580
perror_plus("Failed to lower privileges");
2581
}
2582
}
2583
}
2584
2585
/* Remove invalid interface names (except "none") */
2586
{
2587
char *interface = NULL;
2588
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2589
interface))){
2590
if(strcmp(interface, "none") != 0
2591
and if_nametoindex(interface) == 0){
2592
if(interface[0] != '\0'){
2593
fprintf_plus(stderr, "Not using nonexisting interface"
2594
" \"%s\"\n", interface);
2595
}
2596
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2597
interface = NULL;
2598
}
2599
}
2600
}
2601
2602
/* Run network hooks */
2603
{
2604
if(mc.interfaces != NULL){
2605
interfaces_hooks = malloc(mc.interfaces_size);
2606
if(interfaces_hooks == NULL){
2607
perror_plus("malloc");
2608
goto end;
2609
}
2610
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2611
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2612
}
2613
run_network_hooks("start", interfaces_hooks != NULL ?
2614
interfaces_hooks : "", delay);
2615
}
2616
2617
if(not debug){
2618
avahi_set_log_function(empty_log);
2619
}
2620
2621
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2622
from the signal handler */
2623
/* Initialize the pseudo-RNG for Avahi */
2624
srand((unsigned int) time(NULL));
2625
simple_poll = avahi_simple_poll_new();
2626
if(simple_poll == NULL){
2627
fprintf_plus(stderr,
2628
"Avahi: Failed to create simple poll object.\n");
2629
exitcode = EX_UNAVAILABLE;
2630
goto end;
2631
}
2632
2633
sigemptyset(&sigterm_action.sa_mask);
2634
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2635
if(ret == -1){
2636
perror_plus("sigaddset");
2637
exitcode = EX_OSERR;
2638
goto end;
2639
}
2640
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2641
if(ret == -1){
2642
perror_plus("sigaddset");
2643
exitcode = EX_OSERR;
2644
goto end;
2645
}
2646
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2647
if(ret == -1){
2648
perror_plus("sigaddset");
2649
exitcode = EX_OSERR;
2650
goto end;
2651
}
2652
/* Need to check if the handler is SIG_IGN before handling:
2653
| [[info:libc:Initial Signal Actions]] |
2654
| [[info:libc:Basic Signal Handling]] |
2655
*/
2656
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2657
if(ret == -1){
2658
perror_plus("sigaction");
2659
return EX_OSERR;
2660
}
2661
if(old_sigterm_action.sa_handler != SIG_IGN){
2662
ret = sigaction(SIGINT, &sigterm_action, NULL);
2663
if(ret == -1){
2664
perror_plus("sigaction");
2665
exitcode = EX_OSERR;
2666
goto end;
2667
}
2668
}
2669
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2670
if(ret == -1){
2671
perror_plus("sigaction");
2672
return EX_OSERR;
2673
}
2674
if(old_sigterm_action.sa_handler != SIG_IGN){
2675
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2676
if(ret == -1){
2677
perror_plus("sigaction");
2678
exitcode = EX_OSERR;
2679
goto end;
2680
}
2681
}
2682
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2683
if(ret == -1){
2684
perror_plus("sigaction");
2685
return EX_OSERR;
2686
}
2687
if(old_sigterm_action.sa_handler != SIG_IGN){
2688
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2689
if(ret == -1){
2690
perror_plus("sigaction");
2691
exitcode = EX_OSERR;
2692
goto end;
2693
}
2694
}
2695
2696
/* If no interfaces were specified, make a list */
2697
if(mc.interfaces == NULL){
2698
struct dirent **direntries = NULL;
2699
/* Look for any good interfaces */
2700
ret = scandir(sys_class_net, &direntries, good_interface,
2701
alphasort);
2702
if(ret >= 1){
2703
/* Add all found interfaces to interfaces list */
2704
for(int i = 0; i < ret; ++i){
2705
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2706
direntries[i]->d_name);
2707
if(ret_errno != 0){
2708
errno = ret_errno;
2709
perror_plus("argz_add");
2710
free(direntries[i]);
2711
continue;
2712
}
2713
if(debug){
2714
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2715
direntries[i]->d_name);
2716
}
2717
free(direntries[i]);
2718
}
2719
free(direntries);
2720
} else {
2721
if(ret == 0){
2722
free(direntries);
2723
}
2724
fprintf_plus(stderr, "Could not find a network interface\n");
2725
exitcode = EXIT_FAILURE;
2726
goto end;
2727
}
2728
}
2729
2730
/* Bring up interfaces which are down, and remove any "none"s */
2731
{
2732
char *interface = NULL;
2733
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2734
interface))){
2735
/* If interface name is "none", stop bringing up interfaces.
2736
Also remove all instances of "none" from the list */
2737
if(strcmp(interface, "none") == 0){
2738
argz_delete(&mc.interfaces, &mc.interfaces_size,
2739
interface);
2740
interface = NULL;
2741
while((interface = argz_next(mc.interfaces,
2742
mc.interfaces_size, interface))){
2743
if(strcmp(interface, "none") == 0){
2744
argz_delete(&mc.interfaces, &mc.interfaces_size,
2745
interface);
2746
interface = NULL;
2747
}
2748
}
2749
break;
2750
}
2751
bool interface_was_up = interface_is_up(interface);
2752
errno = bring_up_interface(interface, delay);
2753
if(not interface_was_up){
2754
if(errno != 0){
2755
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2756
" %s\n", interface, strerror(errno));
2757
} else {
2758
errno = argz_add(&interfaces_to_take_down,
2759
&interfaces_to_take_down_size,
2760
interface);
2761
if(errno != 0){
2762
perror_plus("argz_add");
2763
}
2764
}
2765
}
2766
}
2767
if(debug and (interfaces_to_take_down == NULL)){
2768
fprintf_plus(stderr, "No interfaces were brought up\n");
2769
}
2770
}
2771
2772
/* If we only got one interface, explicitly use only that one */
2773
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2774
if(debug){
2775
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2776
mc.interfaces);
2777
}
2778
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2779
}
2780
2781
if(quit_now){
2782
goto end;
2783
}
2784
2785
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2786
if(ret == -1){
2787
fprintf_plus(stderr, "init_gnutls_global failed\n");
2788
exitcode = EX_UNAVAILABLE;
2789
goto end;
2790
} else {
2791
gnutls_initialized = true;
2792
}
2793
2794
if(quit_now){
2795
goto end;
2796
}
2797
2798
/* Try /run/tmp before /tmp */
2799
tempdir = mkdtemp(run_tempdir);
2800
if(tempdir == NULL and errno == ENOENT){
2801
if(debug){
2802
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2803
run_tempdir, old_tempdir);
2804
}
2805
tempdir = mkdtemp(old_tempdir);
2806
}
2807
if(tempdir == NULL){
2808
perror_plus("mkdtemp");
2809
goto end;
2810
}
2811
2812
if(quit_now){
2813
goto end;
2814
}
2815
2816
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2817
fprintf_plus(stderr, "init_gpgme failed\n");
2818
exitcode = EX_UNAVAILABLE;
2819
goto end;
2820
} else {
2821
gpgme_initialized = true;
2822
}
2823
2824
if(quit_now){
2825
goto end;
2826
}
2827
2828
if(connect_to != NULL){
2829
/* Connect directly, do not use Zeroconf */
2830
/* (Mainly meant for debugging) */
2831
char *address = strrchr(connect_to, ':');
2832
2833
if(address == NULL){
2834
fprintf_plus(stderr, "No colon in address\n");
2835
exitcode = EX_USAGE;
2836
goto end;
2837
}
2838
2839
if(quit_now){
2840
goto end;
2841
}
2842
2843
in_port_t port;
2844
errno = 0;
2845
tmpmax = strtoimax(address+1, &tmp, 10);
2846
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2847
or tmpmax != (in_port_t)tmpmax){
2848
fprintf_plus(stderr, "Bad port number\n");
2849
exitcode = EX_USAGE;
2850
goto end;
2851
}
2852
2853
if(quit_now){
2854
goto end;
2855
}
2856
2857
port = (in_port_t)tmpmax;
2858
*address = '\0';
2859
/* Colon in address indicates IPv6 */
2860
int af;
2861
if(strchr(connect_to, ':') != NULL){
2862
af = AF_INET6;
2863
/* Accept [] around IPv6 address - see RFC 5952 */
2864
if(connect_to[0] == '[' and address[-1] == ']')
2865
{
2866
connect_to++;
2867
address[-1] = '\0';
2868
}
2869
} else {
2870
af = AF_INET;
2871
}
2872
address = connect_to;
2873
2874
if(quit_now){
2875
goto end;
2876
}
2877
2878
while(not quit_now){
2879
ret = start_mandos_communication(address, port, if_index, af,
2880
&mc);
2881
if(quit_now or ret == 0){
2882
break;
2883
}
2884
if(debug){
2885
fprintf_plus(stderr, "Retrying in %d seconds\n",
2886
(int)retry_interval);
2887
}
2888
sleep((unsigned int)retry_interval);
2889
}
2890
2891
if(not quit_now){
2892
exitcode = EXIT_SUCCESS;
2893
}
2894
2895
goto end;
2896
}
2897
2898
if(quit_now){
2899
goto end;
2900
}
2901
2902
{
2903
AvahiServerConfig config;
2904
/* Do not publish any local Zeroconf records */
2905
avahi_server_config_init(&config);
2906
config.publish_hinfo = 0;
2907
config.publish_addresses = 0;
2908
config.publish_workstation = 0;
2909
config.publish_domain = 0;
2910
2911
/* Allocate a new server */
2912
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2913
&config, NULL, NULL, &ret);
2914
2915
/* Free the Avahi configuration data */
2916
avahi_server_config_free(&config);
2917
}
2918
2919
/* Check if creating the Avahi server object succeeded */
2920
if(mc.server == NULL){
2921
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2922
avahi_strerror(ret));
2923
exitcode = EX_UNAVAILABLE;
2924
goto end;
2925
}
2926
2927
if(quit_now){
2928
goto end;
2929
}
2930
2931
/* Create the Avahi service browser */
2932
sb = avahi_s_service_browser_new(mc.server, if_index,
2933
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2934
NULL, 0, browse_callback,
2935
(void *)&mc);
2936
if(sb == NULL){
2937
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2938
avahi_strerror(avahi_server_errno(mc.server)));
2939
exitcode = EX_UNAVAILABLE;
2940
goto end;
2941
}
2942
2943
if(quit_now){
2944
goto end;
2945
}
2946
2947
/* Run the main loop */
2948
2949
if(debug){
2950
fprintf_plus(stderr, "Starting Avahi loop search\n");
2951
}
2952
2953
ret = avahi_loop_with_timeout(simple_poll,
2954
(int)(retry_interval * 1000), &mc);
2955
if(debug){
2956
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2957
(ret == 0) ? "successfully" : "with error");
2958
}
2959
2960
end:
2961
2962
if(debug){
2963
if(signal_received){
2964
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2965
argv[0], signal_received,
2966
strsignal(signal_received));
2967
} else {
2968
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2969
}
2970
}
2971
2972
/* Cleanup things */
2973
free(mc.interfaces);
2974
2975
if(sb != NULL)
2976
avahi_s_service_browser_free(sb);
2977
2978
if(mc.server != NULL)
2979
avahi_server_free(mc.server);
2980
2981
if(simple_poll != NULL)
2982
avahi_simple_poll_free(simple_poll);
2983
2984
if(gnutls_initialized){
2985
gnutls_certificate_free_credentials(mc.cred);
2986
gnutls_dh_params_deinit(mc.dh_params);
2987
}
2988
2989
if(gpgme_initialized){
2990
gpgme_release(mc.ctx);
2991
}
2992
2993
/* Cleans up the circular linked list of Mandos servers the client
2994
has seen */
2995
if(mc.current_server != NULL){
2996
mc.current_server->prev->next = NULL;
2997
while(mc.current_server != NULL){
2998
server *next = mc.current_server->next;
2999
#ifdef __GNUC__
3000
#pragma GCC diagnostic push
3001
#pragma GCC diagnostic ignored "-Wcast-qual"
3002
#endif
3003
free((char *)(mc.current_server->ip));
3004
#ifdef __GNUC__
3005
#pragma GCC diagnostic pop
3006
#endif
3007
free(mc.current_server);
3008
mc.current_server = next;
3009
}
3010
}
3011
3012
/* Re-raise privileges */
3013
{
3014
ret = raise_privileges();
3015
if(ret != 0){
3016
errno = ret;
3017
perror_plus("Failed to raise privileges");
3018
} else {
3019
3020
/* Run network hooks */
3021
run_network_hooks("stop", interfaces_hooks != NULL ?
3022
interfaces_hooks : "", delay);
3023
3024
/* Take down the network interfaces which were brought up */
3025
{
3026
char *interface = NULL;
3027
while((interface = argz_next(interfaces_to_take_down,
3028
interfaces_to_take_down_size,
3029
interface))){
3030
ret = take_down_interface(interface);
3031
if(ret != 0){
3032
errno = ret;
3033
perror_plus("Failed to take down interface");
3034
}
3035
}
3036
if(debug and (interfaces_to_take_down == NULL)){
3037
fprintf_plus(stderr, "No interfaces needed to be taken"
3038
" down\n");
3039
}
3040
}
3041
}
3042
3043
ret = lower_privileges_permanently();
3044
if(ret != 0){
3045
errno = ret;
3046
perror_plus("Failed to lower privileges permanently");
3047
}
3048
}
3049
3050
free(interfaces_to_take_down);
3051
free(interfaces_hooks);
3052
3053
void clean_dir_at(int base, const char * const dirname,
3054
uintmax_t level){
3055
struct dirent **direntries = NULL;
3056
int dret;
3057
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3058
O_RDONLY
3059
| O_NOFOLLOW
3060
| O_DIRECTORY
3061
| O_PATH));
3062
if(dir_fd == -1){
3063
perror_plus("open");
3064
}
3065
int numentries = scandirat(dir_fd, ".", &direntries,
3066
notdotentries, alphasort);
3067
if(numentries >= 0){
3068
for(int i = 0; i < numentries; i++){
3069
if(debug){
3070
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3071
dirname, direntries[i]->d_name);
3072
}
3073
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3074
if(dret == -1){
3075
if(errno == EISDIR){
3076
dret = unlinkat(dir_fd, direntries[i]->d_name,
3077
AT_REMOVEDIR);
3078
}
3079
if((dret == -1) and (errno == ENOTEMPTY)
3080
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3081
== 0) and (level == 0)){
3082
/* Recurse only in this special case */
3083
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3084
dret = 0;
3085
}
3086
if(dret == -1){
3087
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3088
direntries[i]->d_name, strerror(errno));
3089
}
3090
}
3091
free(direntries[i]);
3092
}
3093
3094
/* need to clean even if 0 because man page doesn't specify */
3095
free(direntries);
3096
if(numentries == -1){
3097
perror_plus("scandirat");
3098
}
3099
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3100
if(dret == -1 and errno != ENOENT){
3101
perror_plus("rmdir");
3102
}
3103
} else {
3104
perror_plus("scandirat");
3105
}
3106
close(dir_fd);
3107
}
3108
3109
/* Removes the GPGME temp directory and all files inside */
3110
if(tempdir != NULL){
3111
clean_dir_at(-1, tempdir, 0);
3112
}
3113
3114
if(quit_now){
3115
sigemptyset(&old_sigterm_action.sa_mask);
3116
old_sigterm_action.sa_handler = SIG_DFL;
3117
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3118
&old_sigterm_action,
3119
NULL));
3120
if(ret == -1){
3121
perror_plus("sigaction");
3122
}
3123
do {
3124
ret = raise(signal_received);
3125
} while(ret != 0 and errno == EINTR);
3126
if(ret != 0){
3127
perror_plus("raise");
3128
abort();
3129
}
3130
TEMP_FAILURE_RETRY(pause());
3131
}
3132
3133
return exitcode;
3134
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0