To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.8
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.8
- Committer: Björn Påhlsson
- Date: 2008-08-02 18:46:45 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 38.
- Revision ID: belorn@braxen-20080802184645-t5i3yboc53gdas7m
plugbasedclient
Parse a single argument as a plus-separated list of options
Parse a single argument as a plus-separated list of options
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files renamed:
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
3
* Mandos client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2022 Teddy Hogeborn
13
* Copyright © 2008-2022 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
23
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
22
* General Public License for more details.
26
23
*
27
24
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
29
27
*
30
* Contact the authors at <mandos@recompile.se>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
31
29
*/
32
30
33
31
/* Needed by GPGME, specifically gpgme_data_seek() */
34
#ifndef _LARGEFILE_SOURCE
35
32
#define _LARGEFILE_SOURCE
36
#endif /* not _LARGEFILE_SOURCE */
37
#ifndef _FILE_OFFSET_BITS
38
33
#define _FILE_OFFSET_BITS 64
39
#endif /* not _FILE_OFFSET_BITS */
40
41
#define _GNU_SOURCE /* program_invocation_short_name,
42
TEMP_FAILURE_RETRY(), O_CLOEXEC,
43
scandirat(), asprintf() */
44
#include <stdbool.h> /* bool, false, true */
45
#include <argp.h> /* argp_program_version,
46
argp_program_bug_address,
47
struct argp_option,
48
struct argp_state, argp_error(),
49
argp_state_help,
50
ARGP_HELP_STD_HELP,
51
ARGP_HELP_EXIT_ERR,
52
ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,
53
argp_err_exit_status,
54
ARGP_ERR_UNKNOWN, struct argp,
55
argp_parse(), ARGP_IN_ORDER,
56
ARGP_NO_HELP */
57
#include <stddef.h> /* NULL, size_t */
58
#include <sys/types.h> /* uid_t, gid_t, sig_atomic_t,
59
seteuid(), setuid(), pid_t,
60
setgid(), getuid(), getgid() */
61
#include <unistd.h> /* uid_t, gid_t, TEMP_FAILURE_RETRY(),
62
seteuid(), setuid(), close(),
63
ssize_t, read(), fork(), setgid(),
64
_exit(), dup2(), STDIN_FILENO,
65
STDERR_FILENO, STDOUT_FILENO,
66
fexecve(), write(), getuid(),
67
getgid(), fchown(), symlink(),
68
sleep(), unlinkat(), pause() */
69
#include <netinet/in.h> /* in_port_t, struct sockaddr_in6,
70
sa_family_t, struct sockaddr_in,
71
htons(), IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN,
73
ntohl(), IPPROTO_IP */
74
#include <time.h> /* struct timespec, clock_gettime(),
75
CLOCK_MONOTONIC, time_t, struct tm,
76
gmtime_r(), clock_settime(),
77
CLOCK_REALTIME, nanosleep() */
78
#include <errno.h> /* errno,
79
program_invocation_short_name,
80
EINTR, EINVAL, ENETUNREACH,
81
EHOSTUNREACH, ECONNREFUSED, EPROTO,
82
EIO, ENOENT, ENXIO, error_t,
83
ENOMEM, EISDIR, ENOTEMPTY */
84
#include <stdio.h> /* fprintf(), stderr, perror(), FILE,
85
vfprintf(), off_t, SEEK_SET,
86
stdout, fwrite(), ferror(),
87
fflush(), asprintf() */
88
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
89
#include <stdlib.h> /* realloc(), free(), malloc(),
90
getenv(), EXIT_FAILURE, setenv(),
91
EXIT_SUCCESS, strtof(), strtod(),
92
srand(), mkdtemp(), abort() */
93
#include <string.h> /* strdup(), strcmp(), strlen(),
94
strerror(), strncpy(), strspn(),
95
memcpy(), strrchr(), strchr(),
96
strsignal() */
97
#include <fcntl.h> /* open(), O_RDONLY, O_DIRECTORY,
98
O_PATH, O_CLOEXEC, openat(),
99
O_NOFOLLOW, AT_REMOVEDIR */
100
#include <iso646.h> /* or, and, not */
101
#include <sys/stat.h> /* struct stat, fstat(), fstatat(),
102
S_ISREG(), S_IXUSR, S_IXGRP,
103
S_IXOTH, lstat() */
104
#include <net/if.h> /* IF_NAMESIZE, if_indextoname(),
105
if_nametoindex(), SIOCGIFFLAGS,
106
IFF_LOOPBACK, IFF_POINTOPOINT,
107
IFF_BROADCAST, IFF_NOARP, IFF_UP,
108
IFF_RUNNING, SIOCSIFFLAGS */
109
#include <sysexits.h> /* EX_NOPERM, EX_OSERR,
110
EX_UNAVAILABLE, EX_USAGE */
111
#include <grp.h> /* setgroups() */
112
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
113
WEXITSTATUS(), WIFSIGNALED(),
114
WTERMSIG() */
115
#include <signal.h> /* kill(), SIGTERM, struct sigaction,
116
SIG_DFL, sigemptyset(),
117
sigaddset(), SIGINT, SIGHUP,
118
SIG_IGN, raise() */
119
#include <sys/socket.h> /* struct sockaddr_storage, AF_INET6,
120
PF_INET6, AF_INET, PF_INET,
121
socket(), SOCK_STREAM,
122
SOCK_CLOEXEC, struct sockaddr,
123
connect(), SOCK_DGRAM */
124
#include <argz.h> /* argz_next(), argz_add_sep(),
125
argz_delete(), argz_stringify(),
126
argz_add(), argz_count() */
127
#include <inttypes.h> /* PRIuMAX, uintmax_t, uint32_t,
128
PRIdMAX, PRIu16, intmax_t,
129
strtoimax() */
130
#include <arpa/inet.h> /* inet_pton() */
131
#include <stdint.h> /* uint32_t, intptr_t, uint16_t */
132
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
133
EAI_SYSTEM, gai_strerror() */
134
#include <sys/ioctl.h> /* ioctl() */
135
#include <dirent.h> /* struct dirent, scandirat(),
136
alphasort(), scandir() */
137
#include <limits.h> /* INT_MAX */
138
139
#ifdef __linux__
140
#include <sys/klog.h> /* klogctl() */
141
#endif /* __linux__ */
142
143
/* Avahi */
144
/* All Avahi types, constants and functions
145
Avahi*, avahi_*,
146
AVAHI_* */
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
147
43
#include <avahi-core/core.h>
148
44
#include <avahi-core/lookup.h>
149
45
#include <avahi-core/log.h>
151
47
#include <avahi-common/malloc.h>
152
48
#include <avahi-common/error.h>
153
49
154
/* GnuTLS */
155
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
156
functions: gnutls_*, GNUTLS_* */
157
#if GNUTLS_VERSION_NUMBER < 0x030600
158
#include <gnutls/openpgp.h>
159
/* gnutls_certificate_set_openpgp_key_file(),
160
GNUTLS_OPENPGP_FMT_BASE64 */
161
#elif GNUTLS_VERSION_NUMBER >= 0x030606
162
#include <gnutls/x509.h> /* GNUTLS_PKCS_PLAIN,
163
GNUTLS_PKCS_NULL_PASSWORD */
164
#endif
165
166
/* GPGME */
167
#include <gpgme.h> /* All GPGME types, constants and
168
functions:
169
gpgme_*, GPG_ERR_NO_*,
170
GPGME_IMPORT_*
171
GPGME_PROTOCOL_OpenPGP */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
172
70
173
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
174
73
175
#define PATHDIR "/conf/conf.d/mandos"
176
#define SECKEY "seckey.txt"
177
#define PUBKEY "pubkey.txt"
178
#define TLS_PRIVKEY "tls-privkey.pem"
179
#define TLS_PUBKEY "tls-pubkey.pem"
180
#define HOOKDIR "/lib/mandos/network-hooks.d"
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
181
77
182
78
bool debug = false;
183
static const char mandos_protocol_version[] = "1";
184
const char *argp_program_version = "mandos-client " VERSION;
185
const char *argp_program_bug_address = "<mandos@recompile.se>";
186
static const char sys_class_net[] = "/sys/class/net";
187
char *connect_to = NULL;
188
const char *hookdir = HOOKDIR;
189
int hookdir_fd = -1;
190
uid_t uid = 65534;
191
gid_t gid = 65534;
192
193
/* Doubly linked list that need to be circularly linked when used */
194
typedef struct server{
195
const char *ip;
196
in_port_t port;
197
AvahiIfIndex if_index;
198
int af;
199
struct timespec last_seen;
200
struct server *next;
201
struct server *prev;
202
} server;
203
204
/* Used for passing in values through the Avahi callback functions */
79
205
80
typedef struct {
206
AvahiServer *server;
81
gnutls_session_t session;
207
82
gnutls_certificate_credentials_t cred;
208
unsigned int dh_bits;
209
83
gnutls_dh_params_t dh_params;
210
const char *priority;
84
} encrypted_session;
85
86
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
89
const char *homedir){
90
gpgme_data_t dh_crypto, dh_plain;
211
91
gpgme_ctx_t ctx;
212
server *current_server;
213
char *interfaces;
214
size_t interfaces_size;
215
} mandos_context;
216
217
/* global so signal handler can reach it*/
218
AvahiSimplePoll *simple_poll;
219
220
sig_atomic_t quit_now = 0;
221
int signal_received = 0;
222
223
/* Function to use when printing errors */
224
void perror_plus(const char *print_text){
225
int e = errno;
226
fprintf(stderr, "Mandos plugin %s: ",
227
program_invocation_short_name);
228
errno = e;
229
perror(print_text);
230
}
231
232
__attribute__((format (gnu_printf, 2, 3), nonnull))
233
int fprintf_plus(FILE *stream, const char *format, ...){
234
va_list ap;
235
va_start (ap, format);
236
237
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
238
program_invocation_short_name));
239
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
240
}
241
242
/*
243
* Make additional room in "buffer" for at least BUFFER_SIZE more
244
* bytes. "buffer_capacity" is how much is currently allocated,
245
* "buffer_length" is how much is already used.
246
*/
247
__attribute__((nonnull, warn_unused_result))
248
size_t incbuffer(char **buffer, size_t buffer_length,
249
size_t buffer_capacity){
250
if(buffer_length + BUFFER_SIZE > buffer_capacity){
251
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
252
if(new_buf == NULL){
253
int old_errno = errno;
254
free(*buffer);
255
errno = old_errno;
256
*buffer = NULL;
257
return 0;
258
}
259
*buffer = new_buf;
260
buffer_capacity += BUFFER_SIZE;
261
}
262
return buffer_capacity;
263
}
264
265
/* Add server to set of servers to retry periodically */
266
__attribute__((nonnull, warn_unused_result))
267
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
268
int af, server **current_server){
269
int ret;
270
server *new_server = malloc(sizeof(server));
271
if(new_server == NULL){
272
perror_plus("malloc");
273
return false;
274
}
275
*new_server = (server){ .ip = strdup(ip),
276
.port = port,
277
.if_index = if_index,
278
.af = af };
279
if(new_server->ip == NULL){
280
perror_plus("strdup");
281
free(new_server);
282
return false;
283
}
284
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
285
if(ret == -1){
286
perror_plus("clock_gettime");
287
#ifdef __GNUC__
288
#pragma GCC diagnostic push
289
#pragma GCC diagnostic ignored "-Wcast-qual"
290
#endif
291
free((char *)(new_server->ip));
292
#ifdef __GNUC__
293
#pragma GCC diagnostic pop
294
#endif
295
free(new_server);
296
return false;
297
}
298
/* Special case of first server */
299
if(*current_server == NULL){
300
new_server->next = new_server;
301
new_server->prev = new_server;
302
*current_server = new_server;
303
} else {
304
/* Place the new server last in the list */
305
new_server->next = *current_server;
306
new_server->prev = (*current_server)->prev;
307
new_server->prev->next = new_server;
308
(*current_server)->prev = new_server;
309
}
310
return true;
311
}
312
313
/* Set effective uid to 0, return errno */
314
__attribute__((warn_unused_result))
315
int raise_privileges(void){
316
int old_errno = errno;
317
int ret = 0;
318
if(seteuid(0) == -1){
319
ret = errno;
320
}
321
errno = old_errno;
322
return ret;
323
}
324
325
/* Set effective and real user ID to 0. Return errno. */
326
__attribute__((warn_unused_result))
327
int raise_privileges_permanently(void){
328
int old_errno = errno;
329
int ret = raise_privileges();
330
if(ret != 0){
331
errno = old_errno;
332
return ret;
333
}
334
if(setuid(0) == -1){
335
ret = errno;
336
}
337
errno = old_errno;
338
return ret;
339
}
340
341
/* Set effective user ID to unprivileged saved user ID */
342
__attribute__((warn_unused_result))
343
int lower_privileges(void){
344
int old_errno = errno;
345
int ret = 0;
346
if(seteuid(uid) == -1){
347
ret = errno;
348
}
349
errno = old_errno;
350
return ret;
351
}
352
353
/* Lower privileges permanently */
354
__attribute__((warn_unused_result))
355
int lower_privileges_permanently(void){
356
int old_errno = errno;
357
int ret = 0;
358
if(setuid(uid) == -1){
359
ret = errno;
360
}
361
errno = old_errno;
362
return ret;
363
}
364
365
/*
366
* Initialize GPGME.
367
*/
368
__attribute__((nonnull, warn_unused_result))
369
static bool init_gpgme(const char * const seckey,
370
const char * const pubkey,
371
const char * const tempdir,
372
mandos_context *mc){
373
92
gpgme_error_t rc;
93
ssize_t ret;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
374
96
gpgme_engine_info_t engine_info;
375
376
/*
377
* Helper function to insert pub and seckey to the engine keyring.
378
*/
379
bool import_key(const char * const filename){
380
int ret;
381
int fd;
382
gpgme_data_t pgp_data;
383
384
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
385
if(fd == -1){
386
perror_plus("open");
387
return false;
388
}
389
390
/* Workaround for systems without a real-time clock; see also
391
Debian bug #894495: <https://bugs.debian.org/894495> */
392
do {
393
{
394
time_t currtime = time(NULL);
395
if(currtime != (time_t)-1){
396
struct tm tm;
397
if(gmtime_r(&currtime, &tm) == NULL) {
398
perror_plus("gmtime_r");
399
break;
400
}
401
if(tm.tm_year != 70 or tm.tm_mon != 0){
402
break;
403
}
404
if(debug){
405
fprintf_plus(stderr, "System clock is January 1970");
406
}
407
} else {
408
if(debug){
409
fprintf_plus(stderr, "System clock is invalid");
410
}
411
}
412
}
413
struct stat keystat;
414
ret = fstat(fd, &keystat);
415
if(ret != 0){
416
perror_plus("fstat");
417
break;
418
}
419
ret = raise_privileges();
420
if(ret != 0){
421
errno = ret;
422
perror_plus("Failed to raise privileges");
423
break;
424
}
425
if(debug){
426
fprintf_plus(stderr,
427
"Setting system clock to key file mtime");
428
}
429
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
430
perror_plus("clock_settime");
431
}
432
ret = lower_privileges();
433
if(ret != 0){
434
errno = ret;
435
perror_plus("Failed to lower privileges");
436
}
437
} while(false);
438
97
439
rc = gpgme_data_new_from_fd(&pgp_data, fd);
440
if(rc != GPG_ERR_NO_ERROR){
441
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
442
gpgme_strsource(rc), gpgme_strerror(rc));
443
return false;
444
}
445
446
rc = gpgme_op_import(mc->ctx, pgp_data);
447
if(rc != GPG_ERR_NO_ERROR){
448
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
449
gpgme_strsource(rc), gpgme_strerror(rc));
450
return false;
451
}
452
{
453
gpgme_import_result_t import_result
454
= gpgme_op_import_result(mc->ctx);
455
if((import_result->imported < 1
456
or import_result->not_imported > 0)
457
and import_result->unchanged == 0){
458
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
459
fprintf_plus(stderr,
460
"The total number of considered keys: %d\n",
461
import_result->considered);
462
fprintf_plus(stderr,
463
"The number of keys without user ID: %d\n",
464
import_result->no_user_id);
465
fprintf_plus(stderr,
466
"The total number of imported keys: %d\n",
467
import_result->imported);
468
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
469
import_result->imported_rsa);
470
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
471
import_result->unchanged);
472
fprintf_plus(stderr, "The number of new user IDs: %d\n",
473
import_result->new_user_ids);
474
fprintf_plus(stderr, "The number of new sub keys: %d\n",
475
import_result->new_sub_keys);
476
fprintf_plus(stderr, "The number of new signatures: %d\n",
477
import_result->new_signatures);
478
fprintf_plus(stderr, "The number of new revocations: %d\n",
479
import_result->new_revocations);
480
fprintf_plus(stderr,
481
"The total number of secret keys read: %d\n",
482
import_result->secret_read);
483
fprintf_plus(stderr,
484
"The number of imported secret keys: %d\n",
485
import_result->secret_imported);
486
fprintf_plus(stderr,
487
"The number of unchanged secret keys: %d\n",
488
import_result->secret_unchanged);
489
fprintf_plus(stderr, "The number of keys not imported: %d\n",
490
import_result->not_imported);
491
for(gpgme_import_status_t import_status
492
= import_result->imports;
493
import_status != NULL;
494
import_status = import_status->next){
495
fprintf_plus(stderr, "Import status for key: %s\n",
496
import_status->fpr);
497
if(import_status->result != GPG_ERR_NO_ERROR){
498
fprintf_plus(stderr, "Import result: %s: %s\n",
499
gpgme_strsource(import_status->result),
500
gpgme_strerror(import_status->result));
501
}
502
fprintf_plus(stderr, "Key status:\n");
503
fprintf_plus(stderr,
504
import_status->status & GPGME_IMPORT_NEW
505
? "The key was new.\n"
506
: "The key was not new.\n");
507
fprintf_plus(stderr,
508
import_status->status & GPGME_IMPORT_UID
509
? "The key contained new user IDs.\n"
510
: "The key did not contain new user IDs.\n");
511
fprintf_plus(stderr,
512
import_status->status & GPGME_IMPORT_SIG
513
? "The key contained new signatures.\n"
514
: "The key did not contain new signatures.\n");
515
fprintf_plus(stderr,
516
import_status->status & GPGME_IMPORT_SUBKEY
517
? "The key contained new sub keys.\n"
518
: "The key did not contain new sub keys.\n");
519
fprintf_plus(stderr,
520
import_status->status & GPGME_IMPORT_SECRET
521
? "The key contained a secret key.\n"
522
: "The key did not contain a secret key.\n");
523
}
524
return false;
525
}
526
}
527
528
ret = close(fd);
529
if(ret == -1){
530
perror_plus("close");
531
}
532
gpgme_data_release(pgp_data);
533
return true;
534
}
535
536
if(debug){
537
fprintf_plus(stderr, "Initializing GPGME\n");
98
if (debug){
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
538
100
}
539
101
540
102
/* Init GPGME */
541
103
gpgme_check_version(NULL);
542
104
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
543
if(rc != GPG_ERR_NO_ERROR){
544
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
546
return false;
105
if (rc != GPG_ERR_NO_ERROR){
106
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
107
gpgme_strsource(rc), gpgme_strerror(rc));
108
return -1;
547
109
}
548
110
549
/* Set GPGME home directory for the OpenPGP engine only */
550
rc = gpgme_get_engine_info(&engine_info);
551
if(rc != GPG_ERR_NO_ERROR){
552
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
553
gpgme_strsource(rc), gpgme_strerror(rc));
554
return false;
111
/* Set GPGME home directory */
112
rc = gpgme_get_engine_info (&engine_info);
113
if (rc != GPG_ERR_NO_ERROR){
114
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
115
gpgme_strsource(rc), gpgme_strerror(rc));
116
return -1;
555
117
}
556
118
while(engine_info != NULL){
557
119
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
558
120
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
559
engine_info->file_name, tempdir);
121
engine_info->file_name, homedir);
560
122
break;
561
123
}
562
124
engine_info = engine_info->next;
563
125
}
564
126
if(engine_info == NULL){
565
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
566
tempdir);
567
return false;
568
}
569
570
/* Create new GPGME "context" */
571
rc = gpgme_new(&(mc->ctx));
572
if(rc != GPG_ERR_NO_ERROR){
573
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
574
gpgme_strsource(rc), gpgme_strerror(rc));
575
return false;
576
}
577
578
if(not import_key(pubkey) or not import_key(seckey)){
579
return false;
580
}
581
582
return true;
583
}
584
585
/*
586
* Decrypt OpenPGP data.
587
* Returns -1 on error
588
*/
589
__attribute__((nonnull, warn_unused_result))
590
static ssize_t pgp_packet_decrypt(const char *cryptotext,
591
size_t crypto_size,
592
char **plaintext,
593
mandos_context *mc){
594
gpgme_data_t dh_crypto, dh_plain;
595
gpgme_error_t rc;
596
ssize_t ret;
597
size_t plaintext_capacity = 0;
598
ssize_t plaintext_length = 0;
599
600
if(debug){
601
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
602
}
603
604
/* Create new GPGME data buffer from memory cryptotext */
605
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
606
0);
607
if(rc != GPG_ERR_NO_ERROR){
608
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
609
gpgme_strsource(rc), gpgme_strerror(rc));
127
fprintf(stderr, "Could not set home dir to %s\n", homedir);
128
return -1;
129
}
130
131
/* Create new GPGME data buffer from packet buffer */
132
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
133
if (rc != GPG_ERR_NO_ERROR){
134
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
135
gpgme_strsource(rc), gpgme_strerror(rc));
610
136
return -1;
611
137
}
612
138
613
139
/* Create new empty GPGME data buffer for the plaintext */
614
140
rc = gpgme_data_new(&dh_plain);
615
if(rc != GPG_ERR_NO_ERROR){
616
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
617
gpgme_strsource(rc), gpgme_strerror(rc));
618
gpgme_data_release(dh_crypto);
619
return -1;
620
}
621
622
/* Decrypt data from the cryptotext data buffer to the plaintext
623
data buffer */
624
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
625
if(rc != GPG_ERR_NO_ERROR){
626
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
627
gpgme_strsource(rc), gpgme_strerror(rc));
628
plaintext_length = -1;
629
if(debug){
630
gpgme_decrypt_result_t result;
631
result = gpgme_op_decrypt_result(mc->ctx);
632
if(result == NULL){
633
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
634
} else {
635
if(result->unsupported_algorithm != NULL) {
636
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
637
result->unsupported_algorithm);
638
}
639
fprintf_plus(stderr, "Wrong key usage: %s\n",
640
result->wrong_key_usage ? "Yes" : "No");
641
if(result->file_name != NULL){
642
fprintf_plus(stderr, "File name: %s\n", result->file_name);
643
}
644
645
for(gpgme_recipient_t r = result->recipients; r != NULL;
646
r = r->next){
647
fprintf_plus(stderr, "Public key algorithm: %s\n",
648
gpgme_pubkey_algo_name(r->pubkey_algo));
649
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
650
fprintf_plus(stderr, "Secret key available: %s\n",
651
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
141
if (rc != GPG_ERR_NO_ERROR){
142
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
143
gpgme_strsource(rc), gpgme_strerror(rc));
144
return -1;
145
}
146
147
/* Create new GPGME "context" */
148
rc = gpgme_new(&ctx);
149
if (rc != GPG_ERR_NO_ERROR){
150
fprintf(stderr, "bad gpgme_new: %s: %s\n",
151
gpgme_strsource(rc), gpgme_strerror(rc));
152
return -1;
153
}
154
155
/* Decrypt data from the FILE pointer to the plaintext data
156
buffer */
157
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
158
if (rc != GPG_ERR_NO_ERROR){
159
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
160
gpgme_strsource(rc), gpgme_strerror(rc));
161
return -1;
162
}
163
164
if(debug){
165
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
166
}
167
168
if (debug){
169
gpgme_decrypt_result_t result;
170
result = gpgme_op_decrypt_result(ctx);
171
if (result == NULL){
172
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
} else {
174
fprintf(stderr, "Unsupported algorithm: %s\n",
175
result->unsupported_algorithm);
176
fprintf(stderr, "Wrong key usage: %d\n",
177
result->wrong_key_usage);
178
if(result->file_name != NULL){
179
fprintf(stderr, "File name: %s\n", result->file_name);
180
}
181
gpgme_recipient_t recipient;
182
recipient = result->recipients;
183
if(recipient){
184
while(recipient != NULL){
185
fprintf(stderr, "Public key algorithm: %s\n",
186
gpgme_pubkey_algo_name(recipient->pubkey_algo));
187
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
188
fprintf(stderr, "Secret key available: %s\n",
189
recipient->status == GPG_ERR_NO_SECKEY
190
? "No" : "Yes");
191
recipient = recipient->next;
652
192
}
653
193
}
654
194
}
655
goto decrypt_end;
656
195
}
657
196
658
if(debug){
659
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
660
}
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
661
199
662
200
/* Seek back to the beginning of the GPGME plaintext data buffer */
663
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
664
perror_plus("gpgme_data_seek");
665
plaintext_length = -1;
666
goto decrypt_end;
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
perror("pgpme_data_seek");
667
203
}
668
204
669
*plaintext = NULL;
205
*new_packet = 0;
670
206
while(true){
671
plaintext_capacity = incbuffer(plaintext,
672
(size_t)plaintext_length,
673
plaintext_capacity);
674
if(plaintext_capacity == 0){
675
perror_plus("incbuffer");
676
plaintext_length = -1;
677
goto decrypt_end;
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
210
+ BUFFER_SIZE);
211
if (*new_packet == NULL){
212
perror("realloc");
213
return -1;
214
}
215
new_packet_capacity += BUFFER_SIZE;
678
216
}
679
217
680
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
681
219
BUFFER_SIZE);
682
220
/* Print the data, if any */
683
if(ret == 0){
684
/* EOF */
221
if (ret == 0){
685
222
break;
686
223
}
687
224
if(ret < 0){
688
perror_plus("gpgme_data_read");
689
plaintext_length = -1;
690
goto decrypt_end;
691
}
692
plaintext_length += ret;
693
}
694
695
if(debug){
696
fprintf_plus(stderr, "Decrypted password is: ");
697
for(ssize_t i = 0; i < plaintext_length; i++){
698
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
699
}
700
fprintf(stderr, "\n");
701
}
702
703
decrypt_end:
704
705
/* Delete the GPGME cryptotext data buffer */
706
gpgme_data_release(dh_crypto);
225
perror("gpgme_data_read");
226
return -1;
227
}
228
new_packet_length += ret;
229
}
230
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
233
/* if(debug){ */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
237
/* } */
707
238
708
239
/* Delete the GPGME plaintext data buffer */
709
240
gpgme_data_release(dh_plain);
710
return plaintext_length;
711
}
712
713
__attribute__((warn_unused_result, const))
714
static const char *safe_string(const char *str){
715
if(str == NULL)
716
return "(unknown)";
717
return str;
718
}
719
720
__attribute__((warn_unused_result))
721
static const char *safer_gnutls_strerror(int value){
722
const char *ret = gnutls_strerror(value);
723
return safe_string(ret);
724
}
725
726
/* GnuTLS log function callback */
727
__attribute__((nonnull))
241
return new_packet_length;
242
}
243
244
static const char * safer_gnutls_strerror (int value) {
245
const char *ret = gnutls_strerror (value);
246
if (ret == NULL)
247
ret = "(unknown)";
248
return ret;
249
}
250
728
251
static void debuggnutls(__attribute__((unused)) int level,
729
252
const char* string){
730
fprintf_plus(stderr, "GnuTLS: %s", string);
253
fprintf(stderr, "%s", string);
731
254
}
732
255
733
__attribute__((nonnull(1, 2, 4), warn_unused_result))
734
static int init_gnutls_global(const char *pubkeyfilename,
735
const char *seckeyfilename,
736
const char *dhparamsfilename,
737
mandos_context *mc){
256
static int initgnutls(encrypted_session *es){
257
const char *err;
738
258
int ret;
739
259
740
260
if(debug){
741
fprintf_plus(stderr, "Initializing GnuTLS\n");
742
}
743
744
if(debug){
745
/* "Use a log level over 10 to enable all debugging options."
746
* - GnuTLS manual
747
*/
261
fprintf(stderr, "Initializing GnuTLS\n");
262
}
263
264
if ((ret = gnutls_global_init ())
265
!= GNUTLS_E_SUCCESS) {
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
267
return -1;
268
}
269
270
if (debug){
748
271
gnutls_global_set_log_level(11);
749
272
gnutls_global_set_log_function(debuggnutls);
750
273
}
751
274
752
/* OpenPGP credentials */
753
ret = gnutls_certificate_allocate_credentials(&mc->cred);
754
if(ret != GNUTLS_E_SUCCESS){
755
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
756
safer_gnutls_strerror(ret));
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
279
safer_gnutls_strerror(ret));
757
280
return -1;
758
281
}
759
282
760
283
if(debug){
761
fprintf_plus(stderr, "Attempting to use public key %s and"
762
" private key %s as GnuTLS credentials\n",
763
pubkeyfilename,
764
seckeyfilename);
284
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", certfile,
286
certkey);
765
287
}
766
288
767
#if GNUTLS_VERSION_NUMBER >= 0x030606
768
ret = gnutls_certificate_set_rawpk_key_file
769
(mc->cred, pubkeyfilename, seckeyfilename,
770
GNUTLS_X509_FMT_PEM, /* format */
771
NULL, /* pass */
772
/* key_usage */
773
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
774
NULL, /* names */
775
0, /* names_length */
776
/* privkey_flags */
777
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
778
0); /* pkcs11_flags */
779
#elif GNUTLS_VERSION_NUMBER < 0x030600
780
289
ret = gnutls_certificate_set_openpgp_key_file
781
(mc->cred, pubkeyfilename, seckeyfilename,
782
GNUTLS_OPENPGP_FMT_BASE64);
783
#else
784
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
785
#endif
786
if(ret != GNUTLS_E_SUCCESS){
787
fprintf_plus(stderr,
788
"Error[%d] while reading the key pair ('%s',"
789
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
790
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
791
safer_gnutls_strerror(ret));
792
goto globalfail;
793
}
794
795
/* GnuTLS server initialization */
796
ret = gnutls_dh_params_init(&mc->dh_params);
797
if(ret != GNUTLS_E_SUCCESS){
798
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
799
" initialization: %s\n",
800
safer_gnutls_strerror(ret));
801
goto globalfail;
802
}
803
/* If a Diffie-Hellman parameters file was given, try to use it */
804
if(dhparamsfilename != NULL){
805
gnutls_datum_t params = { .data = NULL, .size = 0 };
806
do {
807
int dhpfile = open(dhparamsfilename, O_RDONLY);
808
if(dhpfile == -1){
809
perror_plus("open");
810
dhparamsfilename = NULL;
811
break;
812
}
813
size_t params_capacity = 0;
814
while(true){
815
params_capacity = incbuffer((char **)¶ms.data,
816
(size_t)params.size,
817
(size_t)params_capacity);
818
if(params_capacity == 0){
819
perror_plus("incbuffer");
820
free(params.data);
821
params.data = NULL;
822
dhparamsfilename = NULL;
823
break;
824
}
825
ssize_t bytes_read = read(dhpfile,
826
params.data + params.size,
827
BUFFER_SIZE);
828
/* EOF */
829
if(bytes_read == 0){
830
break;
831
}
832
/* check bytes_read for failure */
833
if(bytes_read < 0){
834
perror_plus("read");
835
free(params.data);
836
params.data = NULL;
837
dhparamsfilename = NULL;
838
break;
839
}
840
params.size += (unsigned int)bytes_read;
841
}
842
ret = close(dhpfile);
843
if(ret == -1){
844
perror_plus("close");
845
}
846
if(params.data == NULL){
847
dhparamsfilename = NULL;
848
}
849
if(dhparamsfilename == NULL){
850
break;
851
}
852
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
853
GNUTLS_X509_FMT_PEM);
854
if(ret != GNUTLS_E_SUCCESS){
855
fprintf_plus(stderr, "Failed to parse DH parameters in file"
856
" \"%s\": %s\n", dhparamsfilename,
857
safer_gnutls_strerror(ret));
858
dhparamsfilename = NULL;
859
}
860
free(params.data);
861
} while(false);
862
}
863
if(dhparamsfilename == NULL){
864
if(mc->dh_bits == 0){
865
#if GNUTLS_VERSION_NUMBER < 0x030600
866
/* Find out the optimal number of DH bits */
867
/* Try to read the private key file */
868
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
869
do {
870
int secfile = open(seckeyfilename, O_RDONLY);
871
if(secfile == -1){
872
perror_plus("open");
873
break;
874
}
875
size_t buffer_capacity = 0;
876
while(true){
877
buffer_capacity = incbuffer((char **)&buffer.data,
878
(size_t)buffer.size,
879
(size_t)buffer_capacity);
880
if(buffer_capacity == 0){
881
perror_plus("incbuffer");
882
free(buffer.data);
883
buffer.data = NULL;
884
break;
885
}
886
ssize_t bytes_read = read(secfile,
887
buffer.data + buffer.size,
888
BUFFER_SIZE);
889
/* EOF */
890
if(bytes_read == 0){
891
break;
892
}
893
/* check bytes_read for failure */
894
if(bytes_read < 0){
895
perror_plus("read");
896
free(buffer.data);
897
buffer.data = NULL;
898
break;
899
}
900
buffer.size += (unsigned int)bytes_read;
901
}
902
close(secfile);
903
} while(false);
904
/* If successful, use buffer to parse private key */
905
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
906
if(buffer.data != NULL){
907
{
908
gnutls_openpgp_privkey_t privkey = NULL;
909
ret = gnutls_openpgp_privkey_init(&privkey);
910
if(ret != GNUTLS_E_SUCCESS){
911
fprintf_plus(stderr, "Error initializing OpenPGP key"
912
" structure: %s",
913
safer_gnutls_strerror(ret));
914
free(buffer.data);
915
buffer.data = NULL;
916
} else {
917
ret = gnutls_openpgp_privkey_import
918
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
919
if(ret != GNUTLS_E_SUCCESS){
920
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
921
safer_gnutls_strerror(ret));
922
privkey = NULL;
923
}
924
free(buffer.data);
925
buffer.data = NULL;
926
if(privkey != NULL){
927
/* Use private key to suggest an appropriate
928
sec_param */
929
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
930
gnutls_openpgp_privkey_deinit(privkey);
931
if(debug){
932
fprintf_plus(stderr, "This OpenPGP key implies using"
933
" a GnuTLS security parameter \"%s\".\n",
934
safe_string(gnutls_sec_param_get_name
935
(sec_param)));
936
}
937
}
938
}
939
}
940
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
941
/* Err on the side of caution */
942
sec_param = GNUTLS_SEC_PARAM_ULTRA;
943
if(debug){
944
fprintf_plus(stderr, "Falling back to security parameter"
945
" \"%s\"\n",
946
safe_string(gnutls_sec_param_get_name
947
(sec_param)));
948
}
949
}
950
}
951
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
952
if(uret != 0){
953
mc->dh_bits = uret;
954
if(debug){
955
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
956
" implies %u DH bits; using that.\n",
957
safe_string(gnutls_sec_param_get_name
958
(sec_param)),
959
mc->dh_bits);
960
}
961
} else {
962
fprintf_plus(stderr, "Failed to get implied number of DH"
963
" bits for security parameter \"%s\"): %s\n",
964
safe_string(gnutls_sec_param_get_name
965
(sec_param)),
966
safer_gnutls_strerror(ret));
967
goto globalfail;
968
}
969
#endif
970
} else { /* dh_bits != 0 */
971
if(debug){
972
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
973
mc->dh_bits);
974
}
975
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
976
if(ret != GNUTLS_E_SUCCESS){
977
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
978
" bits): %s\n", mc->dh_bits,
979
safer_gnutls_strerror(ret));
980
goto globalfail;
981
}
982
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
983
}
984
}
985
986
return 0;
987
988
globalfail:
989
990
gnutls_certificate_free_credentials(mc->cred);
991
gnutls_dh_params_deinit(mc->dh_params);
992
return -1;
993
}
994
995
__attribute__((nonnull, warn_unused_result))
996
static int init_gnutls_session(gnutls_session_t *session,
997
mandos_context *mc){
998
int ret;
999
/* GnuTLS session creation */
1000
do {
1001
ret = gnutls_init(session, (GNUTLS_SERVER
1002
#if GNUTLS_VERSION_NUMBER >= 0x030506
1003
| GNUTLS_NO_TICKETS
1004
#endif
1005
#if GNUTLS_VERSION_NUMBER >= 0x030606
1006
| GNUTLS_ENABLE_RAWPK
1007
#endif
1008
));
1009
if(quit_now){
1010
return -1;
1011
}
1012
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1013
if(ret != GNUTLS_E_SUCCESS){
1014
fprintf_plus(stderr,
1015
"Error in GnuTLS session initialization: %s\n",
1016
safer_gnutls_strerror(ret));
1017
}
1018
1019
{
1020
const char *err;
1021
do {
1022
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
1023
if(quit_now){
1024
gnutls_deinit(*session);
1025
return -1;
1026
}
1027
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1028
if(ret != GNUTLS_E_SUCCESS){
1029
fprintf_plus(stderr, "Syntax error at: %s\n", err);
1030
fprintf_plus(stderr, "GnuTLS error: %s\n",
1031
safer_gnutls_strerror(ret));
1032
gnutls_deinit(*session);
1033
return -1;
1034
}
1035
}
1036
1037
do {
1038
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
1039
mc->cred);
1040
if(quit_now){
1041
gnutls_deinit(*session);
1042
return -1;
1043
}
1044
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1045
if(ret != GNUTLS_E_SUCCESS){
1046
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
1047
safer_gnutls_strerror(ret));
1048
gnutls_deinit(*session);
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
291
if (ret != GNUTLS_E_SUCCESS) {
292
fprintf
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
" '%s')\n",
295
ret, certfile, certkey);
296
fprintf(stdout, "The Error is: %s\n",
297
safer_gnutls_strerror(ret));
298
return -1;
299
}
300
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
317
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
322
safer_gnutls_strerror(ret));
323
}
324
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
330
return -1;
331
}
332
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
337
safer_gnutls_strerror(ret));
1049
338
return -1;
1050
339
}
1051
340
1052
341
/* ignore client certificate if any. */
1053
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
342
gnutls_certificate_server_set_request (es->session,
343
GNUTLS_CERT_IGNORE);
344
345
gnutls_dh_set_prime_bits (es->session, DH_BITS);
1054
346
1055
347
return 0;
1056
348
}
1057
349
1058
/* Avahi log function callback */
1059
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1060
351
__attribute__((unused)) const char *txt){}
1061
352
1062
/* Helper function to add_local_route() and delete_local_route() */
1063
__attribute__((nonnull, warn_unused_result))
1064
static bool add_delete_local_route(const bool add,
1065
const char *address,
1066
AvahiIfIndex if_index){
1067
int ret;
1068
char helper[] = "mandos-client-iprouteadddel";
1069
char add_arg[] = "add";
1070
char delete_arg[] = "delete";
1071
char debug_flag[] = "--debug";
1072
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1073
if(pluginhelperdir == NULL){
1074
if(debug){
1075
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1076
" variable not set; cannot run helper\n");
1077
}
1078
return false;
1079
}
1080
1081
char interface[IF_NAMESIZE];
1082
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1083
perror_plus("if_indextoname");
1084
return false;
1085
}
1086
1087
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1088
if(devnull == -1){
1089
perror_plus("open(\"/dev/null\", O_RDONLY)");
1090
return false;
1091
}
1092
pid_t pid = fork();
1093
if(pid == 0){
1094
/* Child */
1095
/* Raise privileges */
1096
errno = raise_privileges_permanently();
1097
if(errno != 0){
1098
perror_plus("Failed to raise privileges");
1099
/* _exit(EX_NOPERM); */
1100
} else {
1101
/* Set group */
1102
errno = 0;
1103
ret = setgid(0);
1104
if(ret == -1){
1105
perror_plus("setgid");
1106
close(devnull);
1107
_exit(EX_NOPERM);
1108
}
1109
/* Reset supplementary groups */
1110
errno = 0;
1111
ret = setgroups(0, NULL);
1112
if(ret == -1){
1113
perror_plus("setgroups");
1114
close(devnull);
1115
_exit(EX_NOPERM);
1116
}
1117
}
1118
ret = dup2(devnull, STDIN_FILENO);
1119
if(ret == -1){
1120
perror_plus("dup2(devnull, STDIN_FILENO)");
1121
close(devnull);
1122
_exit(EX_OSERR);
1123
}
1124
ret = close(devnull);
1125
if(ret == -1){
1126
perror_plus("close");
1127
}
1128
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1129
if(ret == -1){
1130
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1131
_exit(EX_OSERR);
1132
}
1133
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1134
O_RDONLY
1135
| O_DIRECTORY
1136
| O_PATH
1137
| O_CLOEXEC));
1138
if(helperdir_fd == -1){
1139
perror_plus("open");
1140
_exit(EX_UNAVAILABLE);
1141
}
1142
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1143
helper, O_RDONLY));
1144
if(helper_fd == -1){
1145
perror_plus("openat");
1146
close(helperdir_fd);
1147
_exit(EX_UNAVAILABLE);
1148
}
1149
close(helperdir_fd);
1150
#ifdef __GNUC__
1151
#pragma GCC diagnostic push
1152
#pragma GCC diagnostic ignored "-Wcast-qual"
1153
#endif
1154
if(fexecve(helper_fd, (char *const [])
1155
{ helper, add ? add_arg : delete_arg, (char *)address,
1156
interface, debug ? debug_flag : NULL, NULL },
1157
environ) == -1){
1158
#ifdef __GNUC__
1159
#pragma GCC diagnostic pop
1160
#endif
1161
perror_plus("fexecve");
1162
_exit(EXIT_FAILURE);
1163
}
1164
}
1165
if(pid == -1){
1166
perror_plus("fork");
1167
close(devnull);
1168
return false;
1169
}
1170
ret = close(devnull);
1171
if(ret == -1){
1172
perror_plus("close");
1173
}
1174
int status;
1175
pid_t pret = -1;
1176
errno = 0;
1177
do {
1178
pret = waitpid(pid, &status, 0);
1179
if(pret == -1 and errno == EINTR and quit_now){
1180
int errno_raising = 0;
1181
if((errno = raise_privileges()) != 0){
1182
errno_raising = errno;
1183
perror_plus("Failed to raise privileges in order to"
1184
" kill helper program");
1185
}
1186
if(kill(pid, SIGTERM) == -1){
1187
perror_plus("kill");
1188
}
1189
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1190
perror_plus("Failed to lower privileges after killing"
1191
" helper program");
1192
}
1193
return false;
1194
}
1195
} while(pret == -1 and errno == EINTR);
1196
if(pret == -1){
1197
perror_plus("waitpid");
1198
return false;
1199
}
1200
if(WIFEXITED(status)){
1201
if(WEXITSTATUS(status) != 0){
1202
fprintf_plus(stderr, "Error: iprouteadddel exited"
1203
" with status %d\n", WEXITSTATUS(status));
1204
return false;
1205
}
1206
return true;
1207
}
1208
if(WIFSIGNALED(status)){
1209
fprintf_plus(stderr, "Error: iprouteadddel died by"
1210
" signal %d\n", WTERMSIG(status));
1211
return false;
1212
}
1213
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1214
return false;
1215
}
1216
1217
__attribute__((nonnull, warn_unused_result))
1218
static bool add_local_route(const char *address,
1219
AvahiIfIndex if_index){
1220
if(debug){
1221
fprintf_plus(stderr, "Adding route to %s\n", address);
1222
}
1223
return add_delete_local_route(true, address, if_index);
1224
}
1225
1226
__attribute__((nonnull, warn_unused_result))
1227
static bool delete_local_route(const char *address,
1228
AvahiIfIndex if_index){
1229
if(debug){
1230
fprintf_plus(stderr, "Removing route to %s\n", address);
1231
}
1232
return add_delete_local_route(false, address, if_index);
1233
}
1234
1235
/* Called when a Mandos server is found */
1236
__attribute__((nonnull, warn_unused_result))
1237
static int start_mandos_communication(const char *ip, in_port_t port,
1238
AvahiIfIndex if_index,
1239
int af, mandos_context *mc){
1240
int ret, tcp_sd = -1;
1241
ssize_t sret;
1242
struct sockaddr_storage to;
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
355
int ret, tcp_sd;
356
struct sockaddr_in6 to;
357
encrypted_session es;
1243
358
char *buffer = NULL;
1244
char *decrypted_buffer = NULL;
359
char *decrypted_buffer;
1245
360
size_t buffer_length = 0;
1246
361
size_t buffer_capacity = 0;
1247
size_t written;
1248
int retval = -1;
1249
gnutls_session_t session;
1250
int pf; /* Protocol family */
1251
bool route_added = false;
1252
1253
errno = 0;
1254
1255
if(quit_now){
1256
errno = EINTR;
1257
return -1;
1258
}
1259
1260
switch(af){
1261
case AF_INET6:
1262
pf = PF_INET6;
1263
break;
1264
case AF_INET:
1265
pf = PF_INET;
1266
break;
1267
default:
1268
fprintf_plus(stderr, "Bad address family: %d\n", af);
1269
errno = EINVAL;
1270
return -1;
1271
}
1272
1273
/* If the interface is specified and we have a list of interfaces */
1274
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1275
/* Check if the interface is one of the interfaces we are using */
1276
bool match = false;
1277
{
1278
char *interface = NULL;
1279
while((interface = argz_next(mc->interfaces,
1280
mc->interfaces_size,
1281
interface))){
1282
if(if_nametoindex(interface) == (unsigned int)if_index){
1283
match = true;
1284
break;
1285
}
1286
}
1287
}
1288
if(not match){
1289
/* This interface does not match any in the list, so we don't
1290
connect to the server */
362
ssize_t decrypted_buffer_size;
363
size_t written = 0;
364
int retval = 0;
365
char interface[IF_NAMESIZE];
366
367
if(debug){
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
369
ip, port);
370
}
371
372
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
373
if(tcp_sd < 0) {
374
perror("socket");
375
return -1;
376
}
377
378
if(debug){
379
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1291
380
if(debug){
1292
char interface[IF_NAMESIZE];
1293
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1294
perror_plus("if_indextoname");
1295
} else {
1296
fprintf_plus(stderr, "Skipping server on non-used interface"
1297
" \"%s\"\n",
1298
if_indextoname((unsigned int)if_index,
1299
interface));
1300
}
381
perror("if_indextoname");
1301
382
}
1302
383
return -1;
1303
384
}
385
386
fprintf(stderr, "Binding to interface %s\n", interface);
1304
387
}
1305
388
1306
ret = init_gnutls_session(&session, mc);
1307
if(ret != 0){
389
memset(&to,0,sizeof(to)); /* Spurious warning */
390
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
392
if (ret < 0 ){
393
perror("inet_pton");
1308
394
return -1;
1309
}
1310
1311
if(debug){
1312
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1313
PRIuMAX "\n", ip, (uintmax_t)port);
1314
}
1315
1316
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1317
if(tcp_sd < 0){
1318
int e = errno;
1319
perror_plus("socket");
1320
errno = e;
1321
goto mandos_end;
1322
}
1323
1324
if(quit_now){
1325
errno = EINTR;
1326
goto mandos_end;
1327
}
1328
1329
if(af == AF_INET6){
1330
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1331
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1332
ret = inet_pton(af, ip, &to6->sin6_addr);
1333
} else { /* IPv4 */
1334
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1335
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1336
ret = inet_pton(af, ip, &to4->sin_addr);
1337
}
1338
if(ret < 0 ){
1339
int e = errno;
1340
perror_plus("inet_pton");
1341
errno = e;
1342
goto mandos_end;
1343
}
395
}
1344
396
if(ret == 0){
1345
int e = errno;
1346
fprintf_plus(stderr, "Bad address: %s\n", ip);
1347
errno = e;
1348
goto mandos_end;
1349
}
1350
if(af == AF_INET6){
1351
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1352
if(IN6_IS_ADDR_LINKLOCAL
1353
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1354
if(if_index == AVAHI_IF_UNSPEC){
1355
fprintf_plus(stderr, "An IPv6 link-local address is"
1356
" incomplete without a network interface\n");
1357
errno = EINVAL;
1358
goto mandos_end;
1359
}
1360
/* Set the network interface number as scope */
1361
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1362
}
1363
} else {
1364
((struct sockaddr_in *)&to)->sin_port = htons(port);
1365
}
1366
1367
if(quit_now){
1368
errno = EINTR;
1369
goto mandos_end;
1370
}
1371
1372
if(debug){
1373
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1374
char interface[IF_NAMESIZE];
1375
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1376
perror_plus("if_indextoname");
1377
} else {
1378
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1379
"\n", ip, interface, (uintmax_t)port);
1380
}
1381
} else {
1382
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1383
ip, (uintmax_t)port);
1384
}
1385
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1386
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1387
if(af == AF_INET6){
1388
ret = getnameinfo((struct sockaddr *)&to,
1389
sizeof(struct sockaddr_in6),
1390
addrstr, sizeof(addrstr), NULL, 0,
1391
NI_NUMERICHOST);
1392
} else {
1393
ret = getnameinfo((struct sockaddr *)&to,
1394
sizeof(struct sockaddr_in),
1395
addrstr, sizeof(addrstr), NULL, 0,
1396
NI_NUMERICHOST);
1397
}
1398
if(ret == EAI_SYSTEM){
1399
perror_plus("getnameinfo");
1400
} else if(ret != 0) {
1401
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1402
} else if(strcmp(addrstr, ip) != 0){
1403
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1404
}
1405
}
1406
1407
if(quit_now){
1408
errno = EINTR;
1409
goto mandos_end;
1410
}
1411
1412
while(true){
1413
if(af == AF_INET6){
1414
ret = connect(tcp_sd, (struct sockaddr *)&to,
1415
sizeof(struct sockaddr_in6));
1416
} else {
1417
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1418
sizeof(struct sockaddr_in));
1419
}
1420
if(ret < 0){
1421
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1422
and if_index != AVAHI_IF_UNSPEC
1423
and connect_to == NULL
1424
and not route_added and
1425
((af == AF_INET6 and not
1426
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1427
&to)->sin6_addr)))
1428
or (af == AF_INET and
1429
/* Not a a IPv4LL address */
1430
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1431
& 0xFFFF0000L) != 0xA9FE0000L))){
1432
/* Work around Avahi bug - Avahi does not announce link-local
1433
addresses if it has a global address, so local hosts with
1434
*only* a link-local address (e.g. Mandos clients) cannot
1435
connect to a Mandos server announced by Avahi on a server
1436
host with a global address. Work around this by retrying
1437
with an explicit route added with the server's address.
1438
1439
Avahi bug reference:
1440
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1441
https://bugs.debian.org/587961
1442
*/
1443
if(debug){
1444
fprintf_plus(stderr, "Mandos server unreachable, trying"
1445
" direct route\n");
1446
}
1447
int e = errno;
1448
route_added = add_local_route(ip, if_index);
1449
if(route_added){
1450
continue;
1451
}
1452
errno = e;
1453
}
1454
if(errno != ECONNREFUSED or debug){
1455
int e = errno;
1456
perror_plus("connect");
1457
errno = e;
1458
}
1459
goto mandos_end;
1460
}
1461
1462
if(quit_now){
1463
errno = EINTR;
1464
goto mandos_end;
1465
}
1466
break;
1467
}
1468
1469
const char *out = mandos_protocol_version;
1470
written = 0;
1471
while(true){
1472
size_t out_size = strlen(out);
1473
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1474
out_size - written));
1475
if(ret == -1){
1476
int e = errno;
1477
perror_plus("write");
1478
errno = e;
1479
goto mandos_end;
1480
}
1481
written += (size_t)ret;
1482
if(written < out_size){
1483
continue;
1484
} else {
1485
if(out == mandos_protocol_version){
1486
written = 0;
1487
out = "\r\n";
1488
} else {
1489
break;
1490
}
1491
}
1492
1493
if(quit_now){
1494
errno = EINTR;
1495
goto mandos_end;
1496
}
1497
}
1498
1499
if(debug){
1500
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1501
}
1502
1503
if(quit_now){
1504
errno = EINTR;
1505
goto mandos_end;
1506
}
1507
1508
/* This casting via intptr_t is to eliminate warning about casting
1509
an int to a pointer type. This is exactly how the GnuTLS Guile
1510
function "set-session-transport-fd!" does it. */
1511
gnutls_transport_set_ptr(session,
1512
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1513
1514
if(quit_now){
1515
errno = EINTR;
1516
goto mandos_end;
1517
}
1518
1519
do {
1520
ret = gnutls_handshake(session);
1521
if(quit_now){
1522
errno = EINTR;
1523
goto mandos_end;
1524
}
1525
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1526
1527
if(ret != GNUTLS_E_SUCCESS){
397
fprintf(stderr, "Bad address: %s\n", ip);
398
return -1;
399
}
400
to.sin6_port = htons(port); /* Spurious warning */
401
402
to.sin6_scope_id = (uint32_t)if_index;
403
404
if(debug){
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
410
/* } else { */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
413
/* } */
414
}
415
416
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
417
if (ret < 0){
418
perror("connect");
419
return -1;
420
}
421
422
ret = initgnutls (&es);
423
if (ret != 0){
424
retval = -1;
425
return -1;
426
}
427
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
430
431
if(debug){
432
fprintf(stderr, "Establishing TLS session with %s\n", ip);
433
}
434
435
ret = gnutls_handshake (es.session);
436
437
if (ret != GNUTLS_E_SUCCESS){
1528
438
if(debug){
1529
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1530
gnutls_perror(ret);
439
fprintf(stderr, "\n*** Handshake failed ***\n");
440
gnutls_perror (ret);
1531
441
}
1532
errno = EPROTO;
1533
goto mandos_end;
442
retval = -1;
443
goto exit;
1534
444
}
1535
445
1536
/* Read OpenPGP packet that contains the wanted password */
446
//Retrieve OpenPGP packet that contains the wanted password
1537
447
1538
448
if(debug){
1539
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1540
" %s\n", ip);
449
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
450
ip);
1541
451
}
1542
452
1543
453
while(true){
1544
1545
if(quit_now){
1546
errno = EINTR;
1547
goto mandos_end;
1548
}
1549
1550
buffer_capacity = incbuffer(&buffer, buffer_length,
1551
buffer_capacity);
1552
if(buffer_capacity == 0){
1553
int e = errno;
1554
perror_plus("incbuffer");
1555
errno = e;
1556
goto mandos_end;
1557
}
1558
1559
if(quit_now){
1560
errno = EINTR;
1561
goto mandos_end;
1562
}
1563
1564
sret = gnutls_record_recv(session, buffer+buffer_length,
1565
BUFFER_SIZE);
1566
if(sret == 0){
454
if (buffer_length + BUFFER_SIZE > buffer_capacity){
455
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
456
if (buffer == NULL){
457
perror("realloc");
458
goto exit;
459
}
460
buffer_capacity += BUFFER_SIZE;
461
}
462
463
ret = gnutls_record_recv
464
(es.session, buffer+buffer_length, BUFFER_SIZE);
465
if (ret == 0){
1567
466
break;
1568
467
}
1569
if(sret < 0){
1570
switch(sret){
468
if (ret < 0){
469
switch(ret){
1571
470
case GNUTLS_E_INTERRUPTED:
1572
471
case GNUTLS_E_AGAIN:
1573
472
break;
1574
473
case GNUTLS_E_REHANDSHAKE:
1575
do {
1576
ret = gnutls_handshake(session);
1577
1578
if(quit_now){
1579
errno = EINTR;
1580
goto mandos_end;
1581
}
1582
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1583
if(ret < 0){
1584
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1585
"***\n");
1586
gnutls_perror(ret);
1587
errno = EPROTO;
1588
goto mandos_end;
474
ret = gnutls_handshake (es.session);
475
if (ret < 0){
476
fprintf(stderr, "\n*** Handshake failed ***\n");
477
gnutls_perror (ret);
478
retval = -1;
479
goto exit;
1589
480
}
1590
481
break;
1591
482
default:
1592
fprintf_plus(stderr, "Unknown error while reading data from"
1593
" encrypted session with Mandos server\n");
1594
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1595
errno = EIO;
1596
goto mandos_end;
483
fprintf(stderr, "Unknown error while reading data from"
484
" encrypted session with mandos server\n");
485
retval = -1;
486
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
487
goto exit;
1597
488
}
1598
489
} else {
1599
buffer_length += (size_t) sret;
1600
}
1601
}
1602
1603
if(debug){
1604
fprintf_plus(stderr, "Closing TLS session\n");
1605
}
1606
1607
if(quit_now){
1608
errno = EINTR;
1609
goto mandos_end;
1610
}
1611
1612
do {
1613
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1614
if(quit_now){
1615
errno = EINTR;
1616
goto mandos_end;
1617
}
1618
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1619
1620
if(buffer_length > 0){
1621
ssize_t decrypted_buffer_size;
1622
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1623
&decrypted_buffer, mc);
1624
if(decrypted_buffer_size >= 0){
1625
1626
clearerr(stdout);
1627
written = 0;
490
buffer_length += (size_t) ret;
491
}
492
}
493
494
if (buffer_length > 0){
495
decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
buffer_length,
497
&decrypted_buffer,
498
certdir);
499
if (decrypted_buffer_size >= 0){
1628
500
while(written < (size_t) decrypted_buffer_size){
1629
if(quit_now){
1630
errno = EINTR;
1631
goto mandos_end;
1632
}
1633
1634
ret = (int)fwrite(decrypted_buffer + written, 1,
1635
(size_t)decrypted_buffer_size - written,
1636
stdout);
501
ret = (int)fwrite (decrypted_buffer + written, 1,
502
(size_t)decrypted_buffer_size - written,
503
stdout);
1637
504
if(ret == 0 and ferror(stdout)){
1638
int e = errno;
1639
505
if(debug){
1640
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1641
strerror(errno));
506
fprintf(stderr, "Error writing encrypted data: %s\n",
507
strerror(errno));
1642
508
}
1643
errno = e;
1644
goto mandos_end;
509
retval = -1;
510
break;
1645
511
}
1646
512
written += (size_t)ret;
1647
513
}
1648
ret = fflush(stdout);
1649
if(ret != 0){
1650
int e = errno;
1651
if(debug){
1652
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1653
strerror(errno));
1654
}
1655
errno = e;
1656
goto mandos_end;
1657
}
1658
retval = 0;
1659
}
1660
}
1661
1662
/* Shutdown procedure */
1663
1664
mandos_end:
1665
{
1666
if(route_added){
1667
if(not delete_local_route(ip, if_index)){
1668
fprintf_plus(stderr, "Failed to delete local route to %s on"
1669
" interface %d", ip, if_index);
1670
}
1671
}
1672
int e = errno;
1673
free(decrypted_buffer);
1674
free(buffer);
1675
if(tcp_sd >= 0){
1676
ret = close(tcp_sd);
1677
}
1678
if(ret == -1){
1679
if(e == 0){
1680
e = errno;
1681
}
1682
perror_plus("close");
1683
}
1684
gnutls_deinit(session);
1685
errno = e;
1686
if(quit_now){
1687
errno = EINTR;
514
free(decrypted_buffer);
515
} else {
1688
516
retval = -1;
1689
517
}
1690
518
}
519
520
//shutdown procedure
521
522
if(debug){
523
fprintf(stderr, "Closing TLS session\n");
524
}
525
526
free(buffer);
527
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
528
exit:
529
close(tcp_sd);
530
gnutls_deinit (es.session);
531
gnutls_certificate_free_credentials (es.cred);
532
gnutls_global_deinit ();
1691
533
return retval;
1692
534
}
1693
535
1694
static void resolve_callback(AvahiSServiceResolver *r,
1695
AvahiIfIndex interface,
1696
AvahiProtocol proto,
1697
AvahiResolverEvent event,
1698
const char *name,
1699
const char *type,
1700
const char *domain,
1701
const char *host_name,
1702
const AvahiAddress *address,
1703
uint16_t port,
1704
AVAHI_GCC_UNUSED AvahiStringList *txt,
1705
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1706
flags,
1707
void *mc){
1708
if(r == NULL){
1709
return;
1710
}
536
static AvahiSimplePoll *simple_poll = NULL;
537
static AvahiServer *server = NULL;
538
539
static void resolve_callback(
540
AvahiSServiceResolver *r,
541
AvahiIfIndex interface,
542
AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
AvahiResolverEvent event,
544
const char *name,
545
const char *type,
546
const char *domain,
547
const char *host_name,
548
const AvahiAddress *address,
549
uint16_t port,
550
AVAHI_GCC_UNUSED AvahiStringList *txt,
551
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
552
AVAHI_GCC_UNUSED void* userdata) {
553
554
assert(r); /* Spurious warning */
1711
555
1712
556
/* Called whenever a service has been resolved successfully or
1713
557
timed out */
1714
558
1715
if(quit_now){
1716
avahi_s_service_resolver_free(r);
1717
return;
1718
}
1719
1720
switch(event){
559
switch (event) {
1721
560
default:
1722
561
case AVAHI_RESOLVER_FAILURE:
1723
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1724
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1725
domain,
1726
avahi_strerror(avahi_server_errno
1727
(((mandos_context*)mc)->server)));
562
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
563
" type '%s' in domain '%s': %s\n", name, type, domain,
564
avahi_strerror(avahi_server_errno(server)));
1728
565
break;
1729
566
1730
567
case AVAHI_RESOLVER_FOUND:
1732
569
char ip[AVAHI_ADDRESS_STR_MAX];
1733
570
avahi_address_snprint(ip, sizeof(ip), address);
1734
571
if(debug){
1735
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1736
PRIdMAX ") on port %" PRIu16 "\n", name,
1737
host_name, ip, (intmax_t)interface, port);
572
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
" port %d\n", name, host_name, ip, port);
1738
574
}
1739
int ret = start_mandos_communication(ip, (in_port_t)port,
1740
interface,
1741
avahi_proto_to_af(proto),
1742
mc);
1743
if(ret == 0){
1744
avahi_simple_poll_quit(simple_poll);
1745
} else {
1746
if(not add_server(ip, (in_port_t)port, interface,
1747
avahi_proto_to_af(proto),
1748
&((mandos_context*)mc)->current_server)){
1749
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1750
" list\n", name);
1751
}
575
int ret = start_mandos_communication(ip, port, interface);
576
if (ret == 0){
577
exit(EXIT_SUCCESS);
1752
578
}
1753
579
}
1754
580
}
1755
581
avahi_s_service_resolver_free(r);
1756
582
}
1757
583
1758
static void browse_callback(AvahiSServiceBrowser *b,
1759
AvahiIfIndex interface,
1760
AvahiProtocol protocol,
1761
AvahiBrowserEvent event,
1762
const char *name,
1763
const char *type,
1764
const char *domain,
1765
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1766
flags,
1767
void *mc){
1768
if(b == NULL){
1769
return;
1770
}
1771
1772
/* Called whenever a new services becomes available on the LAN or
1773
is removed from the LAN */
1774
1775
if(quit_now){
1776
return;
1777
}
1778
1779
switch(event){
1780
default:
1781
case AVAHI_BROWSER_FAILURE:
1782
1783
fprintf_plus(stderr, "(Avahi browser) %s\n",
1784
avahi_strerror(avahi_server_errno
1785
(((mandos_context*)mc)->server)));
1786
avahi_simple_poll_quit(simple_poll);
1787
return;
1788
1789
case AVAHI_BROWSER_NEW:
1790
/* We ignore the returned Avahi resolver object. In the callback
1791
function we free it. If the Avahi server is terminated before
1792
the callback function is called the Avahi server will free the
1793
resolver for us. */
1794
1795
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1796
interface, protocol, name, type,
1797
domain, protocol, 0,
1798
resolve_callback, mc) == NULL)
1799
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1800
" %s\n", name,
1801
avahi_strerror(avahi_server_errno
1802
(((mandos_context*)mc)->server)));
1803
break;
1804
1805
case AVAHI_BROWSER_REMOVE:
1806
break;
1807
1808
case AVAHI_BROWSER_ALL_FOR_NOW:
1809
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1810
if(debug){
1811
fprintf_plus(stderr, "No Mandos server found, still"
1812
" searching...\n");
1813
}
1814
break;
1815
}
1816
}
1817
1818
/* Signal handler that stops main loop after SIGTERM */
1819
static void handle_sigterm(int sig){
1820
if(quit_now){
1821
return;
1822
}
1823
quit_now = 1;
1824
signal_received = sig;
1825
int old_errno = errno;
1826
/* set main loop to exit */
1827
if(simple_poll != NULL){
1828
avahi_simple_poll_quit(simple_poll);
1829
}
1830
errno = old_errno;
1831
}
1832
1833
__attribute__((nonnull, warn_unused_result))
1834
bool get_flags(const char *ifname, struct ifreq *ifr){
1835
int ret;
1836
int old_errno;
1837
1838
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1839
if(s < 0){
1840
old_errno = errno;
1841
perror_plus("socket");
1842
errno = old_errno;
1843
return false;
1844
}
1845
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1846
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1847
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1848
if(ret == -1){
1849
if(debug){
1850
old_errno = errno;
1851
perror_plus("ioctl SIOCGIFFLAGS");
1852
errno = old_errno;
1853
}
1854
if((close(s) == -1) and debug){
1855
old_errno = errno;
1856
perror_plus("close");
1857
errno = old_errno;
1858
}
1859
return false;
1860
}
1861
if((close(s) == -1) and debug){
1862
old_errno = errno;
1863
perror_plus("close");
1864
errno = old_errno;
1865
}
1866
return true;
1867
}
1868
1869
__attribute__((nonnull, warn_unused_result))
1870
bool good_flags(const char *ifname, const struct ifreq *ifr){
1871
1872
/* Reject the loopback device */
1873
if(ifr->ifr_flags & IFF_LOOPBACK){
1874
if(debug){
1875
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1876
ifname);
1877
}
1878
return false;
1879
}
1880
/* Accept point-to-point devices only if connect_to is specified */
1881
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1882
if(debug){
1883
fprintf_plus(stderr, "Accepting point-to-point interface"
1884
" \"%s\"\n", ifname);
1885
}
1886
return true;
1887
}
1888
/* Otherwise, reject non-broadcast-capable devices */
1889
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1890
if(debug){
1891
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1892
" \"%s\"\n", ifname);
1893
}
1894
return false;
1895
}
1896
/* Reject non-ARP interfaces (including dummy interfaces) */
1897
if(ifr->ifr_flags & IFF_NOARP){
1898
if(debug){
1899
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1900
ifname);
1901
}
1902
return false;
1903
}
1904
1905
/* Accept this device */
1906
if(debug){
1907
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1908
}
1909
return true;
1910
}
1911
1912
/*
1913
* This function determines if a directory entry in /sys/class/net
1914
* corresponds to an acceptable network device.
1915
* (This function is passed to scandir(3) as a filter function.)
1916
*/
1917
__attribute__((nonnull, warn_unused_result))
1918
int good_interface(const struct dirent *if_entry){
1919
if(if_entry->d_name[0] == '.'){
1920
return 0;
1921
}
1922
1923
struct ifreq ifr;
1924
if(not get_flags(if_entry->d_name, &ifr)){
1925
if(debug){
1926
fprintf_plus(stderr, "Failed to get flags for interface "
1927
"\"%s\"\n", if_entry->d_name);
1928
}
1929
return 0;
1930
}
1931
1932
if(not good_flags(if_entry->d_name, &ifr)){
1933
return 0;
1934
}
1935
return 1;
1936
}
1937
1938
/*
1939
* This function determines if a network interface is up.
1940
*/
1941
__attribute__((nonnull, warn_unused_result))
1942
bool interface_is_up(const char *interface){
1943
struct ifreq ifr;
1944
if(not get_flags(interface, &ifr)){
1945
if(debug){
1946
fprintf_plus(stderr, "Failed to get flags for interface "
1947
"\"%s\"\n", interface);
1948
}
1949
return false;
1950
}
1951
1952
return (bool)(ifr.ifr_flags & IFF_UP);
1953
}
1954
1955
/*
1956
* This function determines if a network interface is running
1957
*/
1958
__attribute__((nonnull, warn_unused_result))
1959
bool interface_is_running(const char *interface){
1960
struct ifreq ifr;
1961
if(not get_flags(interface, &ifr)){
1962
if(debug){
1963
fprintf_plus(stderr, "Failed to get flags for interface "
1964
"\"%s\"\n", interface);
1965
}
1966
return false;
1967
}
1968
1969
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1970
}
1971
1972
__attribute__((nonnull, pure, warn_unused_result))
1973
int notdotentries(const struct dirent *direntry){
1974
/* Skip "." and ".." */
1975
if(direntry->d_name[0] == '.'
1976
and (direntry->d_name[1] == '\0'
1977
or (direntry->d_name[1] == '.'
1978
and direntry->d_name[2] == '\0'))){
1979
return 0;
1980
}
1981
return 1;
1982
}
1983
1984
/* Is this directory entry a runnable program? */
1985
__attribute__((nonnull, warn_unused_result))
1986
int runnable_hook(const struct dirent *direntry){
1987
int ret;
1988
size_t sret;
1989
struct stat st;
1990
1991
if((direntry->d_name)[0] == '\0'){
1992
/* Empty name? */
1993
return 0;
1994
}
1995
1996
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1997
"abcdefghijklmnopqrstuvwxyz"
1998
"0123456789"
1999
"_.-");
2000
if((direntry->d_name)[sret] != '\0'){
2001
/* Contains non-allowed characters */
2002
if(debug){
2003
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
2004
direntry->d_name);
2005
}
2006
return 0;
2007
}
2008
2009
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
2010
if(ret == -1){
2011
if(debug){
2012
perror_plus("Could not stat hook");
2013
}
2014
return 0;
2015
}
2016
if(not (S_ISREG(st.st_mode))){
2017
/* Not a regular file */
2018
if(debug){
2019
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
2020
direntry->d_name);
2021
}
2022
return 0;
2023
}
2024
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
2025
/* Not executable */
2026
if(debug){
2027
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
2028
direntry->d_name);
2029
}
2030
return 0;
2031
}
2032
if(debug){
2033
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
2034
direntry->d_name);
2035
}
2036
return 1;
2037
}
2038
2039
__attribute__((nonnull, warn_unused_result))
2040
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
2041
mandos_context *mc){
2042
int ret;
2043
struct timespec now;
2044
struct timespec waited_time;
2045
intmax_t block_time;
2046
2047
while(true){
2048
if(mc->current_server == NULL){
2049
if(debug){
2050
fprintf_plus(stderr, "Wait until first server is found."
2051
" No timeout!\n");
2052
}
2053
ret = avahi_simple_poll_iterate(s, -1);
2054
} else {
2055
if(debug){
2056
fprintf_plus(stderr, "Check current_server if we should run"
2057
" it, or wait\n");
2058
}
2059
/* the current time */
2060
ret = clock_gettime(CLOCK_MONOTONIC, &now);
2061
if(ret == -1){
2062
perror_plus("clock_gettime");
2063
return -1;
2064
}
2065
/* Calculating in ms how long time between now and server
2066
who we visted longest time ago. Now - last seen. */
2067
waited_time.tv_sec = (now.tv_sec
2068
- mc->current_server->last_seen.tv_sec);
2069
waited_time.tv_nsec = (now.tv_nsec
2070
- mc->current_server->last_seen.tv_nsec);
2071
/* total time is 10s/10,000ms.
2072
Converting to s from ms by dividing by 1,000,
2073
and ns to ms by dividing by 1,000,000. */
2074
block_time = ((retry_interval
2075
- ((intmax_t)waited_time.tv_sec * 1000))
2076
- ((intmax_t)waited_time.tv_nsec / 1000000));
2077
2078
if(debug){
2079
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
2080
block_time);
2081
}
2082
2083
if(block_time <= 0){
2084
ret = start_mandos_communication(mc->current_server->ip,
2085
mc->current_server->port,
2086
mc->current_server->if_index,
2087
mc->current_server->af, mc);
2088
if(ret == 0){
2089
avahi_simple_poll_quit(s);
2090
return 0;
2091
}
2092
ret = clock_gettime(CLOCK_MONOTONIC,
2093
&mc->current_server->last_seen);
2094
if(ret == -1){
2095
perror_plus("clock_gettime");
2096
return -1;
2097
}
2098
mc->current_server = mc->current_server->next;
2099
block_time = 0; /* Call avahi to find new Mandos
2100
servers, but don't block */
2101
}
2102
2103
ret = avahi_simple_poll_iterate(s, (int)block_time);
2104
}
2105
if(ret != 0){
2106
if(ret > 0 or errno != EINTR){
2107
return (ret != 1) ? ret : 0;
2108
}
2109
}
2110
}
2111
}
2112
2113
__attribute__((nonnull))
2114
void run_network_hooks(const char *mode, const char *interface,
2115
const float delay){
2116
struct dirent **direntries = NULL;
2117
if(hookdir_fd == -1){
2118
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2119
| O_CLOEXEC);
2120
if(hookdir_fd == -1){
2121
if(errno == ENOENT){
2122
if(debug){
2123
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2124
" found\n", hookdir);
2125
}
2126
} else {
2127
perror_plus("open");
2128
}
2129
return;
2130
}
2131
}
2132
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2133
if(devnull == -1){
2134
perror_plus("open(\"/dev/null\", O_RDONLY)");
2135
return;
2136
}
2137
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2138
runnable_hook, alphasort);
2139
if(numhooks == -1){
2140
perror_plus("scandir");
2141
close(devnull);
2142
return;
2143
}
2144
struct dirent *direntry;
2145
int ret;
2146
for(int i = 0; i < numhooks; i++){
2147
direntry = direntries[i];
2148
if(debug){
2149
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2150
direntry->d_name);
2151
}
2152
pid_t hook_pid = fork();
2153
if(hook_pid == 0){
2154
/* Child */
2155
/* Raise privileges */
2156
errno = raise_privileges_permanently();
2157
if(errno != 0){
2158
perror_plus("Failed to raise privileges");
2159
_exit(EX_NOPERM);
2160
}
2161
/* Set group */
2162
errno = 0;
2163
ret = setgid(0);
2164
if(ret == -1){
2165
perror_plus("setgid");
2166
_exit(EX_NOPERM);
2167
}
2168
/* Reset supplementary groups */
2169
errno = 0;
2170
ret = setgroups(0, NULL);
2171
if(ret == -1){
2172
perror_plus("setgroups");
2173
_exit(EX_NOPERM);
2174
}
2175
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2176
if(ret == -1){
2177
perror_plus("setenv");
2178
_exit(EX_OSERR);
2179
}
2180
ret = setenv("DEVICE", interface, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2186
if(ret == -1){
2187
perror_plus("setenv");
2188
_exit(EX_OSERR);
2189
}
2190
ret = setenv("MODE", mode, 1);
2191
if(ret == -1){
2192
perror_plus("setenv");
2193
_exit(EX_OSERR);
2194
}
2195
char *delaystring;
2196
ret = asprintf(&delaystring, "%f", (double)delay);
2197
if(ret == -1){
2198
perror_plus("asprintf");
2199
_exit(EX_OSERR);
2200
}
2201
ret = setenv("DELAY", delaystring, 1);
2202
if(ret == -1){
2203
free(delaystring);
2204
perror_plus("setenv");
2205
_exit(EX_OSERR);
2206
}
2207
free(delaystring);
2208
if(connect_to != NULL){
2209
ret = setenv("CONNECT", connect_to, 1);
2210
if(ret == -1){
2211
perror_plus("setenv");
2212
_exit(EX_OSERR);
2213
}
2214
}
2215
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2216
direntry->d_name,
2217
O_RDONLY));
2218
if(hook_fd == -1){
2219
perror_plus("openat");
2220
_exit(EXIT_FAILURE);
2221
}
2222
if(close(hookdir_fd) == -1){
2223
perror_plus("close");
2224
_exit(EXIT_FAILURE);
2225
}
2226
ret = dup2(devnull, STDIN_FILENO);
2227
if(ret == -1){
2228
perror_plus("dup2(devnull, STDIN_FILENO)");
2229
_exit(EX_OSERR);
2230
}
2231
ret = close(devnull);
2232
if(ret == -1){
2233
perror_plus("close");
2234
_exit(EX_OSERR);
2235
}
2236
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2237
if(ret == -1){
2238
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2239
_exit(EX_OSERR);
2240
}
2241
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2242
environ) == -1){
2243
perror_plus("fexecve");
2244
_exit(EXIT_FAILURE);
2245
}
2246
} else {
2247
if(hook_pid == -1){
2248
perror_plus("fork");
2249
free(direntry);
2250
continue;
2251
}
2252
int status;
2253
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2254
perror_plus("waitpid");
2255
free(direntry);
2256
continue;
2257
}
2258
if(WIFEXITED(status)){
2259
if(WEXITSTATUS(status) != 0){
2260
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2261
" with status %d\n", direntry->d_name,
2262
WEXITSTATUS(status));
2263
free(direntry);
2264
continue;
2265
}
2266
} else if(WIFSIGNALED(status)){
2267
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2268
" signal %d\n", direntry->d_name,
2269
WTERMSIG(status));
2270
free(direntry);
2271
continue;
2272
} else {
2273
fprintf_plus(stderr, "Warning: network hook \"%s\""
2274
" crashed\n", direntry->d_name);
2275
free(direntry);
2276
continue;
2277
}
2278
}
2279
if(debug){
2280
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2281
direntry->d_name);
2282
}
2283
free(direntry);
2284
}
2285
free(direntries);
2286
if(close(hookdir_fd) == -1){
2287
perror_plus("close");
2288
} else {
2289
hookdir_fd = -1;
2290
}
2291
close(devnull);
2292
}
2293
2294
__attribute__((nonnull, warn_unused_result))
2295
int bring_up_interface(const char *const interface,
2296
const float delay){
2297
int old_errno = errno;
2298
int ret;
2299
struct ifreq network;
2300
unsigned int if_index = if_nametoindex(interface);
2301
if(if_index == 0){
2302
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2303
errno = old_errno;
2304
return ENXIO;
2305
}
2306
2307
if(quit_now){
2308
errno = old_errno;
2309
return EINTR;
2310
}
2311
2312
if(not interface_is_up(interface)){
2313
int ret_errno = 0;
2314
int ioctl_errno = 0;
2315
if(not get_flags(interface, &network)){
2316
ret_errno = errno;
2317
fprintf_plus(stderr, "Failed to get flags for interface "
2318
"\"%s\"\n", interface);
2319
errno = old_errno;
2320
return ret_errno;
2321
}
2322
network.ifr_flags |= IFF_UP; /* set flag */
2323
2324
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2325
if(sd == -1){
2326
ret_errno = errno;
2327
perror_plus("socket");
2328
errno = old_errno;
2329
return ret_errno;
2330
}
2331
2332
if(quit_now){
2333
ret = close(sd);
2334
if(ret == -1){
2335
perror_plus("close");
2336
}
2337
errno = old_errno;
2338
return EINTR;
2339
}
2340
2341
if(debug){
2342
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2343
interface);
2344
}
2345
2346
/* Raise privileges */
2347
ret_errno = raise_privileges();
2348
if(ret_errno != 0){
2349
errno = ret_errno;
2350
perror_plus("Failed to raise privileges");
2351
}
2352
2353
#ifdef __linux__
2354
int ret_linux;
2355
bool restore_loglevel = false;
2356
if(ret_errno == 0){
2357
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2358
messages about the network interface to mess up the prompt */
2359
ret_linux = klogctl(8, NULL, 5);
2360
if(ret_linux == -1){
2361
perror_plus("klogctl");
2362
} else {
2363
restore_loglevel = true;
2364
}
2365
}
2366
#endif /* __linux__ */
2367
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2368
ioctl_errno = errno;
2369
#ifdef __linux__
2370
if(restore_loglevel){
2371
ret_linux = klogctl(7, NULL, 0);
2372
if(ret_linux == -1){
2373
perror_plus("klogctl");
2374
}
2375
}
2376
#endif /* __linux__ */
2377
2378
/* If raise_privileges() succeeded above */
2379
if(ret_errno == 0){
2380
/* Lower privileges */
2381
ret_errno = lower_privileges();
2382
if(ret_errno != 0){
2383
errno = ret_errno;
2384
perror_plus("Failed to lower privileges");
2385
}
2386
}
2387
2388
/* Close the socket */
2389
ret = close(sd);
2390
if(ret == -1){
2391
perror_plus("close");
2392
}
2393
2394
if(ret_setflags == -1){
2395
errno = ioctl_errno;
2396
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2397
errno = old_errno;
2398
return ioctl_errno;
2399
}
2400
} else if(debug){
2401
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2402
interface);
2403
}
2404
2405
/* Sleep checking until interface is running.
2406
Check every 0.25s, up to total time of delay */
2407
for(int i = 0; i < delay * 4; i++){
2408
if(interface_is_running(interface)){
2409
break;
2410
}
2411
struct timespec sleeptime = { .tv_nsec = 250000000 };
2412
ret = nanosleep(&sleeptime, NULL);
2413
if(ret == -1 and errno != EINTR){
2414
perror_plus("nanosleep");
2415
}
2416
}
2417
2418
errno = old_errno;
2419
return 0;
2420
}
2421
2422
__attribute__((nonnull, warn_unused_result))
2423
int take_down_interface(const char *const interface){
2424
int old_errno = errno;
2425
struct ifreq network;
2426
unsigned int if_index = if_nametoindex(interface);
2427
if(if_index == 0){
2428
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2429
errno = old_errno;
2430
return ENXIO;
2431
}
2432
if(interface_is_up(interface)){
2433
int ret_errno = 0;
2434
int ioctl_errno = 0;
2435
if(not get_flags(interface, &network) and debug){
2436
ret_errno = errno;
2437
fprintf_plus(stderr, "Failed to get flags for interface "
2438
"\"%s\"\n", interface);
2439
errno = old_errno;
2440
return ret_errno;
2441
}
2442
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2443
2444
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2445
if(sd == -1){
2446
ret_errno = errno;
2447
perror_plus("socket");
2448
errno = old_errno;
2449
return ret_errno;
2450
}
2451
2452
if(debug){
2453
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2454
interface);
2455
}
2456
2457
/* Raise privileges */
2458
ret_errno = raise_privileges();
2459
if(ret_errno != 0){
2460
errno = ret_errno;
2461
perror_plus("Failed to raise privileges");
2462
}
2463
2464
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2465
ioctl_errno = errno;
2466
2467
/* If raise_privileges() succeeded above */
2468
if(ret_errno == 0){
2469
/* Lower privileges */
2470
ret_errno = lower_privileges();
2471
if(ret_errno != 0){
2472
errno = ret_errno;
2473
perror_plus("Failed to lower privileges");
2474
}
2475
}
2476
2477
/* Close the socket */
2478
int ret = close(sd);
2479
if(ret == -1){
2480
perror_plus("close");
2481
}
2482
2483
if(ret_setflags == -1){
2484
errno = ioctl_errno;
2485
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2486
errno = old_errno;
2487
return ioctl_errno;
2488
}
2489
} else if(debug){
2490
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2491
interface);
2492
}
2493
2494
errno = old_errno;
2495
return 0;
2496
}
2497
2498
int main(int argc, char *argv[]){
2499
mandos_context mc = { .server = NULL, .dh_bits = 0,
2500
#if GNUTLS_VERSION_NUMBER >= 0x030606
2501
.priority = "SECURE128:!CTYPE-X.509"
2502
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2503
":%PROFILE_ULTRA",
2504
#elif GNUTLS_VERSION_NUMBER < 0x030600
2505
.priority = "SECURE256:!CTYPE-X.509"
2506
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2507
#else
2508
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2509
#endif
2510
.current_server = NULL, .interfaces = NULL,
2511
.interfaces_size = 0 };
2512
AvahiSServiceBrowser *sb = NULL;
2513
error_t ret_errno;
2514
int ret;
2515
intmax_t tmpmax;
2516
char *tmp;
2517
int exitcode = EXIT_SUCCESS;
2518
char *interfaces_to_take_down = NULL;
2519
size_t interfaces_to_take_down_size = 0;
2520
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2521
char old_tempdir[] = "/tmp/mandosXXXXXX";
2522
char *tempdir = NULL;
2523
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2524
const char *seckey = PATHDIR "/" SECKEY;
2525
const char *pubkey = PATHDIR "/" PUBKEY;
2526
#if GNUTLS_VERSION_NUMBER >= 0x030606
2527
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2528
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2529
#endif
2530
const char *dh_params_file = NULL;
2531
char *interfaces_hooks = NULL;
2532
2533
bool gnutls_initialized = false;
2534
bool gpgme_initialized = false;
2535
float delay = 2.5f;
2536
double retry_interval = 10; /* 10s between trying a server and
2537
retrying the same server again */
2538
2539
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2540
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2541
2542
uid = getuid();
2543
gid = getgid();
2544
2545
/* Lower any group privileges we might have, just to be safe */
2546
errno = 0;
2547
ret = setgid(gid);
2548
if(ret == -1){
2549
perror_plus("setgid");
2550
}
2551
2552
/* Lower user privileges (temporarily) */
2553
errno = 0;
2554
ret = seteuid(uid);
2555
if(ret == -1){
2556
perror_plus("seteuid");
2557
}
2558
2559
if(quit_now){
2560
goto end;
2561
}
2562
2563
{
2564
struct argp_option options[] = {
2565
{ .name = "debug", .key = 128,
2566
.doc = "Debug mode", .group = 3 },
2567
{ .name = "connect", .key = 'c',
2568
.arg = "ADDRESS:PORT",
2569
.doc = "Connect directly to a specific Mandos server",
2570
.group = 1 },
2571
{ .name = "interface", .key = 'i',
2572
.arg = "NAME",
2573
.doc = "Network interface that will be used to search for"
2574
" Mandos servers",
2575
.group = 1 },
2576
{ .name = "seckey", .key = 's',
2577
.arg = "FILE",
2578
.doc = "OpenPGP secret key file base name",
2579
.group = 1 },
2580
{ .name = "pubkey", .key = 'p',
2581
.arg = "FILE",
2582
.doc = "OpenPGP public key file base name",
2583
.group = 1 },
2584
{ .name = "tls-privkey", .key = 't',
2585
.arg = "FILE",
2586
#if GNUTLS_VERSION_NUMBER >= 0x030606
2587
.doc = "TLS private key file base name",
2588
#else
2589
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2590
#endif
2591
.group = 1 },
2592
{ .name = "tls-pubkey", .key = 'T',
2593
.arg = "FILE",
2594
#if GNUTLS_VERSION_NUMBER >= 0x030606
2595
.doc = "TLS public key file base name",
2596
#else
2597
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2598
#endif
2599
.group = 1 },
2600
{ .name = "dh-bits", .key = 129,
2601
.arg = "BITS",
2602
.doc = "Bit length of the prime number used in the"
2603
" Diffie-Hellman key exchange",
2604
.group = 2 },
2605
{ .name = "dh-params", .key = 134,
2606
.arg = "FILE",
2607
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2608
" for the Diffie-Hellman key exchange",
2609
.group = 2 },
2610
{ .name = "priority", .key = 130,
2611
.arg = "STRING",
2612
.doc = "GnuTLS priority string for the TLS handshake",
2613
.group = 1 },
2614
{ .name = "delay", .key = 131,
2615
.arg = "SECONDS",
2616
.doc = "Maximum delay to wait for interface startup",
2617
.group = 2 },
2618
{ .name = "retry", .key = 132,
2619
.arg = "SECONDS",
2620
.doc = "Retry interval used when denied by the Mandos server",
2621
.group = 2 },
2622
{ .name = "network-hook-dir", .key = 133,
2623
.arg = "DIR",
2624
.doc = "Directory where network hooks are located",
2625
.group = 2 },
2626
/*
2627
* These reproduce what we would get without ARGP_NO_HELP
2628
*/
2629
{ .name = "help", .key = '?',
2630
.doc = "Give this help list", .group = -1 },
2631
{ .name = "usage", .key = -3,
2632
.doc = "Give a short usage message", .group = -1 },
2633
{ .name = "version", .key = 'V',
2634
.doc = "Print program version", .group = -1 },
2635
{ .name = NULL }
2636
};
2637
2638
error_t parse_opt(int key, char *arg,
2639
struct argp_state *state){
2640
errno = 0;
2641
switch(key){
2642
case 128: /* --debug */
2643
debug = true;
2644
break;
2645
case 'c': /* --connect */
2646
connect_to = arg;
2647
break;
2648
case 'i': /* --interface */
2649
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2650
arg, (int)',');
2651
if(ret_errno != 0){
2652
argp_error(state, "%s", strerror(ret_errno));
2653
}
2654
break;
2655
case 's': /* --seckey */
2656
seckey = arg;
2657
break;
2658
case 'p': /* --pubkey */
2659
pubkey = arg;
2660
break;
2661
case 't': /* --tls-privkey */
2662
#if GNUTLS_VERSION_NUMBER >= 0x030606
2663
tls_privkey = arg;
2664
#endif
2665
break;
2666
case 'T': /* --tls-pubkey */
2667
#if GNUTLS_VERSION_NUMBER >= 0x030606
2668
tls_pubkey = arg;
2669
#endif
2670
break;
2671
case 129: /* --dh-bits */
2672
errno = 0;
2673
tmpmax = strtoimax(arg, &tmp, 10);
2674
if(errno != 0 or tmp == arg or *tmp != '\0'
2675
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2676
argp_error(state, "Bad number of DH bits");
2677
}
2678
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2679
break;
2680
case 134: /* --dh-params */
2681
dh_params_file = arg;
2682
break;
2683
case 130: /* --priority */
2684
mc.priority = arg;
2685
break;
2686
case 131: /* --delay */
2687
errno = 0;
2688
delay = strtof(arg, &tmp);
2689
if(errno != 0 or tmp == arg or *tmp != '\0'){
2690
argp_error(state, "Bad delay");
2691
}
2692
case 132: /* --retry */
2693
errno = 0;
2694
retry_interval = strtod(arg, &tmp);
2695
if(errno != 0 or tmp == arg or *tmp != '\0'
2696
or (retry_interval * 1000) > INT_MAX
2697
or retry_interval < 0){
2698
argp_error(state, "Bad retry interval");
2699
}
2700
break;
2701
case 133: /* --network-hook-dir */
2702
hookdir = arg;
2703
break;
2704
/*
2705
* These reproduce what we would get without ARGP_NO_HELP
2706
*/
2707
case '?': /* --help */
2708
argp_state_help(state, state->out_stream,
2709
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2710
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2711
__builtin_unreachable();
2712
case -3: /* --usage */
2713
argp_state_help(state, state->out_stream,
2714
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2715
__builtin_unreachable();
2716
case 'V': /* --version */
2717
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2718
exit(argp_err_exit_status);
2719
break;
2720
default:
2721
return ARGP_ERR_UNKNOWN;
2722
}
2723
return errno;
2724
}
2725
2726
struct argp argp = { .options = options, .parser = parse_opt,
2727
.args_doc = "",
2728
.doc = "Mandos client -- Get and decrypt"
2729
" passwords from a Mandos server" };
2730
ret_errno = argp_parse(&argp, argc, argv,
2731
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2732
switch(ret_errno){
2733
case 0:
2734
break;
2735
case ENOMEM:
584
static void browse_callback(
585
AvahiSServiceBrowser *b,
586
AvahiIfIndex interface,
587
AvahiProtocol protocol,
588
AvahiBrowserEvent event,
589
const char *name,
590
const char *type,
591
const char *domain,
592
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
593
void* userdata) {
594
595
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
597
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
600
601
switch (event) {
2736
602
default:
2737
errno = ret_errno;
2738
perror_plus("argp_parse");
2739
exitcode = EX_OSERR;
2740
goto end;
2741
case EINVAL:
2742
exitcode = EX_USAGE;
2743
goto end;
2744
}
2745
}
2746
2747
{
2748
/* Re-raise privileges */
2749
ret = raise_privileges();
2750
if(ret != 0){
2751
errno = ret;
2752
perror_plus("Failed to raise privileges");
2753
} else {
2754
struct stat st;
2755
2756
/* Work around Debian bug #633582:
2757
<https://bugs.debian.org/633582> */
2758
2759
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2760
int seckey_fd = open(seckey, O_RDONLY);
2761
if(seckey_fd == -1){
2762
perror_plus("open");
2763
} else {
2764
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2765
if(ret == -1){
2766
perror_plus("fstat");
2767
} else {
2768
if(S_ISREG(st.st_mode)
2769
and st.st_uid == 0 and st.st_gid == 0){
2770
ret = fchown(seckey_fd, uid, gid);
2771
if(ret == -1){
2772
perror_plus("fchown");
2773
}
2774
}
2775
}
2776
close(seckey_fd);
2777
}
2778
}
2779
2780
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2781
int pubkey_fd = open(pubkey, O_RDONLY);
2782
if(pubkey_fd == -1){
2783
perror_plus("open");
2784
} else {
2785
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2786
if(ret == -1){
2787
perror_plus("fstat");
2788
} else {
2789
if(S_ISREG(st.st_mode)
2790
and st.st_uid == 0 and st.st_gid == 0){
2791
ret = fchown(pubkey_fd, uid, gid);
2792
if(ret == -1){
2793
perror_plus("fchown");
2794
}
2795
}
2796
}
2797
close(pubkey_fd);
2798
}
2799
}
2800
2801
if(dh_params_file != NULL
2802
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2803
int dhparams_fd = open(dh_params_file, O_RDONLY);
2804
if(dhparams_fd == -1){
2805
perror_plus("open");
2806
} else {
2807
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2808
if(ret == -1){
2809
perror_plus("fstat");
2810
} else {
2811
if(S_ISREG(st.st_mode)
2812
and st.st_uid == 0 and st.st_gid == 0){
2813
ret = fchown(dhparams_fd, uid, gid);
2814
if(ret == -1){
2815
perror_plus("fchown");
2816
}
2817
}
2818
}
2819
close(dhparams_fd);
2820
}
2821
}
2822
2823
/* Work around Debian bug #981302
2824
<https://bugs.debian.org/981302> */
2825
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2826
ret = symlink("/proc/self/fd", "/dev/fd");
2827
if(ret == -1){
2828
perror_plus("Failed to create /dev/fd symlink");
2829
}
2830
}
2831
2832
/* Lower privileges */
2833
ret = lower_privileges();
2834
if(ret != 0){
2835
errno = ret;
2836
perror_plus("Failed to lower privileges");
2837
}
2838
}
2839
}
2840
2841
/* Remove invalid interface names (except "none") */
2842
{
2843
char *interface = NULL;
2844
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2845
interface))){
2846
if(strcmp(interface, "none") != 0
2847
and if_nametoindex(interface) == 0){
2848
if(interface[0] != '\0'){
2849
fprintf_plus(stderr, "Not using nonexisting interface"
2850
" \"%s\"\n", interface);
2851
}
2852
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2853
interface = NULL;
2854
}
2855
}
2856
}
2857
2858
/* Run network hooks */
2859
{
2860
if(mc.interfaces != NULL){
2861
interfaces_hooks = malloc(mc.interfaces_size);
2862
if(interfaces_hooks == NULL){
2863
perror_plus("malloc");
2864
goto end;
2865
}
2866
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2867
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2868
}
2869
run_network_hooks("start", interfaces_hooks != NULL ?
2870
interfaces_hooks : "", delay);
2871
}
2872
2873
if(not debug){
2874
avahi_set_log_function(empty_log);
2875
}
2876
2877
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2878
from the signal handler */
2879
/* Initialize the pseudo-RNG for Avahi */
2880
srand((unsigned int) time(NULL));
2881
simple_poll = avahi_simple_poll_new();
2882
if(simple_poll == NULL){
2883
fprintf_plus(stderr,
2884
"Avahi: Failed to create simple poll object.\n");
2885
exitcode = EX_UNAVAILABLE;
2886
goto end;
2887
}
2888
2889
sigemptyset(&sigterm_action.sa_mask);
2890
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2891
if(ret == -1){
2892
perror_plus("sigaddset");
2893
exitcode = EX_OSERR;
2894
goto end;
2895
}
2896
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2897
if(ret == -1){
2898
perror_plus("sigaddset");
2899
exitcode = EX_OSERR;
2900
goto end;
2901
}
2902
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2903
if(ret == -1){
2904
perror_plus("sigaddset");
2905
exitcode = EX_OSERR;
2906
goto end;
2907
}
2908
/* Need to check if the handler is SIG_IGN before handling:
2909
| [[info:libc:Initial Signal Actions]] |
2910
| [[info:libc:Basic Signal Handling]] |
2911
*/
2912
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2913
if(ret == -1){
2914
perror_plus("sigaction");
2915
return EX_OSERR;
2916
}
2917
if(old_sigterm_action.sa_handler != SIG_IGN){
2918
ret = sigaction(SIGINT, &sigterm_action, NULL);
2919
if(ret == -1){
2920
perror_plus("sigaction");
2921
exitcode = EX_OSERR;
2922
goto end;
2923
}
2924
}
2925
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2926
if(ret == -1){
2927
perror_plus("sigaction");
2928
return EX_OSERR;
2929
}
2930
if(old_sigterm_action.sa_handler != SIG_IGN){
2931
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2932
if(ret == -1){
2933
perror_plus("sigaction");
2934
exitcode = EX_OSERR;
2935
goto end;
2936
}
2937
}
2938
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2939
if(ret == -1){
2940
perror_plus("sigaction");
2941
return EX_OSERR;
2942
}
2943
if(old_sigterm_action.sa_handler != SIG_IGN){
2944
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2945
if(ret == -1){
2946
perror_plus("sigaction");
2947
exitcode = EX_OSERR;
2948
goto end;
2949
}
2950
}
2951
2952
/* If no interfaces were specified, make a list */
2953
if(mc.interfaces == NULL){
2954
struct dirent **direntries = NULL;
2955
/* Look for any good interfaces */
2956
ret = scandir(sys_class_net, &direntries, good_interface,
2957
alphasort);
2958
if(ret >= 1){
2959
/* Add all found interfaces to interfaces list */
2960
for(int i = 0; i < ret; ++i){
2961
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2962
direntries[i]->d_name);
2963
if(ret_errno != 0){
2964
errno = ret_errno;
2965
perror_plus("argz_add");
2966
free(direntries[i]);
2967
continue;
2968
}
2969
if(debug){
2970
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2971
direntries[i]->d_name);
2972
}
2973
free(direntries[i]);
2974
}
2975
free(direntries);
2976
} else {
2977
if(ret == 0){
2978
free(direntries);
2979
}
2980
fprintf_plus(stderr, "Could not find a network interface\n");
2981
exitcode = EXIT_FAILURE;
2982
goto end;
2983
}
2984
}
2985
2986
/* Bring up interfaces which are down, and remove any "none"s */
2987
{
2988
char *interface = NULL;
2989
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2990
interface))){
2991
/* If interface name is "none", stop bringing up interfaces.
2992
Also remove all instances of "none" from the list */
2993
if(strcmp(interface, "none") == 0){
2994
argz_delete(&mc.interfaces, &mc.interfaces_size,
2995
interface);
2996
interface = NULL;
2997
while((interface = argz_next(mc.interfaces,
2998
mc.interfaces_size, interface))){
2999
if(strcmp(interface, "none") == 0){
3000
argz_delete(&mc.interfaces, &mc.interfaces_size,
3001
interface);
3002
interface = NULL;
3003
}
3004
}
3005
break;
3006
}
3007
bool interface_was_up = interface_is_up(interface);
3008
errno = bring_up_interface(interface, delay);
3009
if(not interface_was_up){
3010
if(errno != 0){
3011
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
3012
" %s\n", interface, strerror(errno));
3013
} else {
3014
errno = argz_add(&interfaces_to_take_down,
3015
&interfaces_to_take_down_size,
3016
interface);
3017
if(errno != 0){
3018
perror_plus("argz_add");
3019
}
3020
}
3021
}
3022
}
3023
if(debug and (interfaces_to_take_down == NULL)){
3024
fprintf_plus(stderr, "No interfaces were brought up\n");
3025
}
3026
}
3027
3028
/* If we only got one interface, explicitly use only that one */
3029
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
3030
if(debug){
3031
fprintf_plus(stderr, "Using only interface \"%s\"\n",
3032
mc.interfaces);
3033
}
3034
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
3035
}
3036
3037
if(quit_now){
3038
goto end;
3039
}
3040
3041
#if GNUTLS_VERSION_NUMBER >= 0x030606
3042
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3043
#elif GNUTLS_VERSION_NUMBER < 0x030600
3044
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3045
#else
3046
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3047
#endif
3048
if(ret == -1){
3049
fprintf_plus(stderr, "init_gnutls_global failed\n");
3050
exitcode = EX_UNAVAILABLE;
3051
goto end;
3052
} else {
3053
gnutls_initialized = true;
3054
}
3055
3056
if(quit_now){
3057
goto end;
3058
}
3059
3060
/* Try /run/tmp before /tmp */
3061
tempdir = mkdtemp(run_tempdir);
3062
if(tempdir == NULL and errno == ENOENT){
3063
if(debug){
3064
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3065
run_tempdir, old_tempdir);
3066
}
3067
tempdir = mkdtemp(old_tempdir);
3068
}
3069
if(tempdir == NULL){
3070
perror_plus("mkdtemp");
3071
goto end;
3072
}
3073
3074
if(quit_now){
3075
goto end;
3076
}
3077
3078
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
3079
fprintf_plus(stderr, "init_gpgme failed\n");
3080
exitcode = EX_UNAVAILABLE;
3081
goto end;
3082
} else {
3083
gpgme_initialized = true;
3084
}
3085
3086
if(quit_now){
3087
goto end;
3088
}
3089
3090
if(connect_to != NULL){
3091
/* Connect directly, do not use Zeroconf */
3092
/* (Mainly meant for debugging) */
3093
char *address = strrchr(connect_to, ':');
3094
3095
if(address == NULL){
3096
fprintf_plus(stderr, "No colon in address\n");
3097
exitcode = EX_USAGE;
3098
goto end;
3099
}
3100
3101
if(quit_now){
3102
goto end;
3103
}
3104
3105
in_port_t port;
3106
errno = 0;
3107
tmpmax = strtoimax(address+1, &tmp, 10);
3108
if(errno != 0 or tmp == address+1 or *tmp != '\0'
3109
or tmpmax != (in_port_t)tmpmax){
3110
fprintf_plus(stderr, "Bad port number\n");
3111
exitcode = EX_USAGE;
3112
goto end;
3113
}
3114
3115
if(quit_now){
3116
goto end;
3117
}
3118
3119
port = (in_port_t)tmpmax;
3120
*address = '\0';
3121
/* Colon in address indicates IPv6 */
3122
int af;
3123
if(strchr(connect_to, ':') != NULL){
3124
af = AF_INET6;
3125
/* Accept [] around IPv6 address - see RFC 5952 */
3126
if(connect_to[0] == '[' and address[-1] == ']')
3127
{
3128
connect_to++;
3129
address[-1] = '\0';
3130
}
3131
} else {
3132
af = AF_INET;
3133
}
3134
address = connect_to;
3135
3136
if(quit_now){
3137
goto end;
3138
}
3139
3140
while(not quit_now){
3141
ret = start_mandos_communication(address, port, if_index, af,
3142
&mc);
3143
if(quit_now or ret == 0){
3144
break;
3145
}
3146
if(debug){
3147
fprintf_plus(stderr, "Retrying in %d seconds\n",
3148
(int)retry_interval);
3149
}
3150
sleep((unsigned int)retry_interval);
3151
}
3152
3153
if(not quit_now){
3154
exitcode = EXIT_SUCCESS;
3155
}
3156
3157
goto end;
3158
}
3159
3160
if(quit_now){
3161
goto end;
3162
}
3163
3164
{
603
case AVAHI_BROWSER_FAILURE:
604
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
608
return;
609
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
615
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
617
type, domain,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
622
break;
623
624
case AVAHI_BROWSER_REMOVE:
625
break;
626
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
629
break;
630
}
631
}
632
633
/* Combines file name and path and returns the malloced new
634
string. some sane checks could/should be added */
635
static const char *combinepath(const char *first, const char *second){
636
size_t f_len = strlen(first);
637
size_t s_len = strlen(second);
638
char *tmp = malloc(f_len + s_len + 2);
639
if (tmp == NULL){
640
return NULL;
641
}
642
if(f_len > 0){
643
memcpy(tmp, first, f_len);
644
}
645
tmp[f_len] = '/';
646
if(s_len > 0){
647
memcpy(tmp + f_len + 1, second, s_len);
648
}
649
tmp[f_len + 1 + s_len] = '\0';
650
return tmp;
651
}
652
653
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
3165
655
AvahiServerConfig config;
3166
/* Do not publish any local Zeroconf records */
656
AvahiSServiceBrowser *sb = NULL;
657
int error;
658
int ret;
659
int returncode = EXIT_SUCCESS;
660
const char *interface = "eth0";
661
struct ifreq network;
662
int sd;
663
char *connect_to = NULL;
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
665
666
while (true){
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
default:
703
exit(EXIT_FAILURE);
704
}
705
}
706
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
711
goto exit;
712
}
713
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
718
goto exit;
719
}
720
721
if_index = (AvahiIfIndex) if_nametoindex(interface);
722
if(if_index == 0){
723
fprintf(stderr, "No such interface: \"%s\"\n", interface);
724
exit(EXIT_FAILURE);
725
}
726
727
if(connect_to != NULL){
728
/* Connect directly, do not use Zeroconf */
729
/* (Mainly meant for debugging) */
730
char *address = strrchr(connect_to, ':');
731
if(address == NULL){
732
fprintf(stderr, "No colon in address\n");
733
exit(EXIT_FAILURE);
734
}
735
errno = 0;
736
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
737
if(errno){
738
perror("Bad port number");
739
exit(EXIT_FAILURE);
740
}
741
*address = '\0';
742
address = connect_to;
743
ret = start_mandos_communication(address, port, if_index);
744
if(ret < 0){
745
exit(EXIT_FAILURE);
746
} else {
747
exit(EXIT_SUCCESS);
748
}
749
}
750
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
752
if(sd < 0) {
753
perror("socket");
754
returncode = EXIT_FAILURE;
755
goto exit;
756
}
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
759
if(ret == -1){
760
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
768
if(ret == -1){
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
771
goto exit;
772
}
773
}
774
close(sd);
775
776
if (not debug){
777
avahi_set_log_function(empty_log);
778
}
779
780
/* Initialize the psuedo-RNG */
781
srand((unsigned int) time(NULL));
782
783
/* Allocate main loop object */
784
if (!(simple_poll = avahi_simple_poll_new())) {
785
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
787
goto exit;
788
}
789
790
/* Do not publish any local records */
3167
791
avahi_server_config_init(&config);
3168
792
config.publish_hinfo = 0;
3169
793
config.publish_addresses = 0;
3170
794
config.publish_workstation = 0;
3171
795
config.publish_domain = 0;
3172
796
3173
797
/* Allocate a new server */
3174
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3175
&config, NULL, NULL, &ret);
3176
3177
/* Free the Avahi configuration data */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
800
801
/* Free the configuration data */
3178
802
avahi_server_config_free(&config);
3179
}
3180
3181
/* Check if creating the Avahi server object succeeded */
3182
if(mc.server == NULL){
3183
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3184
avahi_strerror(ret));
3185
exitcode = EX_UNAVAILABLE;
3186
goto end;
3187
}
3188
3189
if(quit_now){
3190
goto end;
3191
}
3192
3193
/* Create the Avahi service browser */
3194
sb = avahi_s_service_browser_new(mc.server, if_index,
3195
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
3196
NULL, 0, browse_callback,
3197
(void *)&mc);
3198
if(sb == NULL){
3199
fprintf_plus(stderr, "Failed to create service browser: %s\n",
3200
avahi_strerror(avahi_server_errno(mc.server)));
3201
exitcode = EX_UNAVAILABLE;
3202
goto end;
3203
}
3204
3205
if(quit_now){
3206
goto end;
3207
}
3208
3209
/* Run the main loop */
3210
3211
if(debug){
3212
fprintf_plus(stderr, "Starting Avahi loop search\n");
3213
}
3214
3215
ret = avahi_loop_with_timeout(simple_poll,
3216
(int)(retry_interval * 1000), &mc);
3217
if(debug){
3218
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
3219
(ret == 0) ? "successfully" : "with error");
3220
}
3221
3222
end:
3223
3224
if(debug){
3225
if(signal_received){
3226
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3227
argv[0], signal_received,
3228
strsignal(signal_received));
3229
} else {
3230
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3231
}
3232
}
3233
3234
/* Cleanup things */
3235
free(mc.interfaces);
3236
3237
if(sb != NULL)
3238
avahi_s_service_browser_free(sb);
3239
3240
if(mc.server != NULL)
3241
avahi_server_free(mc.server);
3242
3243
if(simple_poll != NULL)
3244
avahi_simple_poll_free(simple_poll);
3245
3246
if(gnutls_initialized){
3247
gnutls_certificate_free_credentials(mc.cred);
3248
gnutls_dh_params_deinit(mc.dh_params);
3249
}
3250
3251
if(gpgme_initialized){
3252
gpgme_release(mc.ctx);
3253
}
3254
3255
/* Cleans up the circular linked list of Mandos servers the client
3256
has seen */
3257
if(mc.current_server != NULL){
3258
mc.current_server->prev->next = NULL;
3259
while(mc.current_server != NULL){
3260
server *next = mc.current_server->next;
3261
#ifdef __GNUC__
3262
#pragma GCC diagnostic push
3263
#pragma GCC diagnostic ignored "-Wcast-qual"
3264
#endif
3265
free((char *)(mc.current_server->ip));
3266
#ifdef __GNUC__
3267
#pragma GCC diagnostic pop
3268
#endif
3269
free(mc.current_server);
3270
mc.current_server = next;
3271
}
3272
}
3273
3274
/* Re-raise privileges */
3275
{
3276
ret = raise_privileges();
3277
if(ret != 0){
3278
errno = ret;
3279
perror_plus("Failed to raise privileges");
3280
} else {
3281
3282
/* Run network hooks */
3283
run_network_hooks("stop", interfaces_hooks != NULL ?
3284
interfaces_hooks : "", delay);
3285
3286
/* Take down the network interfaces which were brought up */
3287
{
3288
char *interface = NULL;
3289
while((interface = argz_next(interfaces_to_take_down,
3290
interfaces_to_take_down_size,
3291
interface))){
3292
ret = take_down_interface(interface);
3293
if(ret != 0){
3294
errno = ret;
3295
perror_plus("Failed to take down interface");
3296
}
3297
}
3298
if(debug and (interfaces_to_take_down == NULL)){
3299
fprintf_plus(stderr, "No interfaces needed to be taken"
3300
" down\n");
3301
}
3302
}
3303
}
3304
3305
ret = lower_privileges_permanently();
3306
if(ret != 0){
3307
errno = ret;
3308
perror_plus("Failed to lower privileges permanently");
3309
}
3310
}
3311
3312
free(interfaces_to_take_down);
3313
free(interfaces_hooks);
3314
3315
void clean_dir_at(int base, const char * const dirname,
3316
uintmax_t level){
3317
struct dirent **direntries = NULL;
3318
int dret;
3319
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3320
O_RDONLY
3321
| O_NOFOLLOW
3322
| O_DIRECTORY
3323
| O_PATH));
3324
if(dir_fd == -1){
3325
perror_plus("open");
3326
return;
3327
}
3328
int numentries = scandirat(dir_fd, ".", &direntries,
3329
notdotentries, alphasort);
3330
if(numentries >= 0){
3331
for(int i = 0; i < numentries; i++){
3332
if(debug){
3333
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3334
dirname, direntries[i]->d_name);
3335
}
3336
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3337
if(dret == -1){
3338
if(errno == EISDIR){
3339
dret = unlinkat(dir_fd, direntries[i]->d_name,
3340
AT_REMOVEDIR);
3341
}
3342
if((dret == -1) and (errno == ENOTEMPTY)
3343
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3344
== 0) and (level == 0)){
3345
/* Recurse only in this special case */
3346
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3347
dret = 0;
3348
}
3349
if((dret == -1) and (errno != ENOENT)){
3350
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3351
direntries[i]->d_name, strerror(errno));
3352
}
3353
}
3354
free(direntries[i]);
3355
}
3356
3357
/* need to clean even if 0 because man page doesn't specify */
3358
free(direntries);
3359
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3360
if(dret == -1 and errno != ENOENT){
3361
perror_plus("rmdir");
3362
}
3363
} else {
3364
perror_plus("scandirat");
3365
}
3366
close(dir_fd);
3367
}
3368
3369
/* Removes the GPGME temp directory and all files inside */
3370
if(tempdir != NULL){
3371
clean_dir_at(-1, tempdir, 0);
3372
}
3373
3374
if(quit_now){
3375
sigemptyset(&old_sigterm_action.sa_mask);
3376
old_sigterm_action.sa_handler = SIG_DFL;
3377
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3378
&old_sigterm_action,
3379
NULL));
3380
if(ret == -1){
3381
perror_plus("sigaction");
3382
}
3383
do {
3384
ret = raise(signal_received);
3385
} while(ret != 0 and errno == EINTR);
3386
if(ret != 0){
3387
perror_plus("raise");
3388
abort();
3389
}
3390
TEMP_FAILURE_RETRY(pause());
3391
}
3392
3393
return exitcode;
803
804
/* Check if creating the server object succeeded */
805
if (!server) {
806
fprintf(stderr, "Failed to create server: %s\n",
807
avahi_strerror(error));
808
returncode = EXIT_FAILURE;
809
goto exit;
810
}
811
812
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
814
AVAHI_PROTO_INET6,
815
"_mandos._tcp", NULL, 0,
816
browse_callback, server);
817
if (!sb) {
818
fprintf(stderr, "Failed to create service browser: %s\n",
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
821
goto exit;
822
}
823
824
/* Run the main loop */
825
826
if (debug){
827
fprintf(stderr, "Starting avahi loop search\n");
828
}
829
830
avahi_simple_poll_loop(simple_poll);
831
832
exit:
833
834
if (debug){
835
fprintf(stderr, "%s exiting\n", argv[0]);
836
}
837
838
/* Cleanup things */
839
if (sb)
840
avahi_s_service_browser_free(sb);
841
842
if (server)
843
avahi_server_free(server);
844
845
if (simple_poll)
846
avahi_simple_poll_free(simple_poll);
847
free(certfile);
848
free(certkey);
849
850
return returncode;
3394
851
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0