46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy(), strsignal()
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
52
51
#include <sys/ioctl.h> /* ioctl */
53
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
54
53
sockaddr_in6, PF_INET6,
58
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
59
58
inet_pton(), connect(),
61
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
62
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
67
EAI_SYSTEM, ENETUNREACH,
68
EHOSTUNREACH, ECONNREFUSED, EPROTO,
69
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
65
#include <errno.h> /* perror(), errno,
71
66
program_invocation_short_name */
72
67
#include <time.h> /* nanosleep(), time(), sleep() */
73
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
518
498
fprintf_plus(stderr, "GnuTLS: %s", string);
521
__attribute__((nonnull(1, 2, 4), warn_unused_result))
501
__attribute__((nonnull, warn_unused_result))
522
502
static int init_gnutls_global(const char *pubkeyfilename,
523
503
const char *seckeyfilename,
524
const char *dhparamsfilename,
525
504
mandos_context *mc){
530
508
fprintf_plus(stderr, "Initializing GnuTLS\n");
511
ret = gnutls_global_init();
512
if(ret != GNUTLS_E_SUCCESS){
513
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
514
safer_gnutls_strerror(ret));
534
519
/* "Use a log level over 10 to enable all debugging options."
535
520
* - GnuTLS manual
573
559
safer_gnutls_strerror(ret));
576
/* If a Diffie-Hellman parameters file was given, try to use it */
577
if(dhparamsfilename != NULL){
578
gnutls_datum_t params = { .data = NULL, .size = 0 };
580
int dhpfile = open(dhparamsfilename, O_RDONLY);
583
dhparamsfilename = NULL;
586
size_t params_capacity = 0;
588
params_capacity = incbuffer((char **)¶ms.data,
590
(size_t)params_capacity);
591
if(params_capacity == 0){
592
perror_plus("incbuffer");
595
dhparamsfilename = NULL;
598
ssize_t bytes_read = read(dhpfile,
599
params.data + params.size,
605
/* check bytes_read for failure */
610
dhparamsfilename = NULL;
613
params.size += (unsigned int)bytes_read;
615
if(params.data == NULL){
616
dhparamsfilename = NULL;
618
if(dhparamsfilename == NULL){
621
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
622
GNUTLS_X509_FMT_PEM);
623
if(ret != GNUTLS_E_SUCCESS){
624
fprintf_plus(stderr, "Failed to parse DH parameters in file"
625
" \"%s\": %s\n", dhparamsfilename,
626
safer_gnutls_strerror(ret));
627
dhparamsfilename = NULL;
631
if(dhparamsfilename == NULL){
632
if(mc->dh_bits == 0){
633
/* Find out the optimal number of DH bits */
634
/* Try to read the private key file */
635
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
637
int secfile = open(seckeyfilename, O_RDONLY);
642
size_t buffer_capacity = 0;
644
buffer_capacity = incbuffer((char **)&buffer.data,
646
(size_t)buffer_capacity);
647
if(buffer_capacity == 0){
648
perror_plus("incbuffer");
653
ssize_t bytes_read = read(secfile,
654
buffer.data + buffer.size,
660
/* check bytes_read for failure */
667
buffer.size += (unsigned int)bytes_read;
671
/* If successful, use buffer to parse private key */
672
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
673
if(buffer.data != NULL){
675
gnutls_openpgp_privkey_t privkey = NULL;
676
ret = gnutls_openpgp_privkey_init(&privkey);
677
if(ret != GNUTLS_E_SUCCESS){
678
fprintf_plus(stderr, "Error initializing OpenPGP key"
680
safer_gnutls_strerror(ret));
684
ret = gnutls_openpgp_privkey_import
685
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
686
if(ret != GNUTLS_E_SUCCESS){
687
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
688
safer_gnutls_strerror(ret));
694
/* Use private key to suggest an appropriate
696
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
697
gnutls_openpgp_privkey_deinit(privkey);
699
fprintf_plus(stderr, "This OpenPGP key implies using"
700
" a GnuTLS security parameter \"%s\".\n",
701
safe_string(gnutls_sec_param_get_name
707
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
708
/* Err on the side of caution */
709
sec_param = GNUTLS_SEC_PARAM_ULTRA;
711
fprintf_plus(stderr, "Falling back to security parameter"
713
safe_string(gnutls_sec_param_get_name
718
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
723
" implies %u DH bits; using that.\n",
724
safe_string(gnutls_sec_param_get_name
729
fprintf_plus(stderr, "Failed to get implied number of DH"
730
" bits for security parameter \"%s\"): %s\n",
731
safe_string(gnutls_sec_param_get_name
733
safer_gnutls_strerror(ret));
737
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
740
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
741
if(ret != GNUTLS_E_SUCCESS){
742
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
743
" bits): %s\n", mc->dh_bits,
744
safer_gnutls_strerror(ret));
562
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
563
if(ret != GNUTLS_E_SUCCESS){
564
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
565
safer_gnutls_strerror(ret));
748
569
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
816
640
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
817
641
__attribute__((unused)) const char *txt){}
819
/* Set effective uid to 0, return errno */
820
__attribute__((warn_unused_result))
821
int raise_privileges(void){
822
int old_errno = errno;
824
if(seteuid(0) == -1){
831
/* Set effective and real user ID to 0. Return errno. */
832
__attribute__((warn_unused_result))
833
int raise_privileges_permanently(void){
834
int old_errno = errno;
835
int ret = raise_privileges();
847
/* Set effective user ID to unprivileged saved user ID */
848
__attribute__((warn_unused_result))
849
int lower_privileges(void){
850
int old_errno = errno;
852
if(seteuid(uid) == -1){
859
/* Lower privileges permanently */
860
__attribute__((warn_unused_result))
861
int lower_privileges_permanently(void){
862
int old_errno = errno;
864
if(setuid(uid) == -1){
871
/* Helper function to add_local_route() and delete_local_route() */
872
__attribute__((nonnull, warn_unused_result))
873
static bool add_delete_local_route(const bool add,
875
AvahiIfIndex if_index){
877
char helper[] = "mandos-client-iprouteadddel";
878
char add_arg[] = "add";
879
char delete_arg[] = "delete";
880
char debug_flag[] = "--debug";
881
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
882
if(pluginhelperdir == NULL){
884
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
885
" variable not set; cannot run helper\n");
890
char interface[IF_NAMESIZE];
891
if(if_indextoname((unsigned int)if_index, interface) == NULL){
892
perror_plus("if_indextoname");
896
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
898
perror_plus("open(\"/dev/null\", O_RDONLY)");
904
/* Raise privileges */
905
errno = raise_privileges_permanently();
907
perror_plus("Failed to raise privileges");
908
/* _exit(EX_NOPERM); */
914
perror_plus("setgid");
917
/* Reset supplementary groups */
919
ret = setgroups(0, NULL);
921
perror_plus("setgroups");
925
ret = dup2(devnull, STDIN_FILENO);
927
perror_plus("dup2(devnull, STDIN_FILENO)");
930
ret = close(devnull);
932
perror_plus("close");
935
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
937
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
940
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
if(helperdir_fd == -1){
947
_exit(EX_UNAVAILABLE);
949
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
952
perror_plus("openat");
954
_exit(EX_UNAVAILABLE);
958
#pragma GCC diagnostic push
959
#pragma GCC diagnostic ignored "-Wcast-qual"
961
if(fexecve(helper_fd, (char *const [])
962
{ helper, add ? add_arg : delete_arg, (char *)address,
963
interface, debug ? debug_flag : NULL, NULL },
966
#pragma GCC diagnostic pop
968
perror_plus("fexecve");
980
pret = waitpid(pid, &status, 0);
981
if(pret == -1 and errno == EINTR and quit_now){
982
int errno_raising = 0;
983
if((errno = raise_privileges()) != 0){
984
errno_raising = errno;
985
perror_plus("Failed to raise privileges in order to"
986
" kill helper program");
988
if(kill(pid, SIGTERM) == -1){
991
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
992
perror_plus("Failed to lower privileges after killing"
997
} while(pret == -1 and errno == EINTR);
999
perror_plus("waitpid");
1002
if(WIFEXITED(status)){
1003
if(WEXITSTATUS(status) != 0){
1004
fprintf_plus(stderr, "Error: iprouteadddel exited"
1005
" with status %d\n", WEXITSTATUS(status));
1010
if(WIFSIGNALED(status)){
1011
fprintf_plus(stderr, "Error: iprouteadddel died by"
1012
" signal %d\n", WTERMSIG(status));
1015
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1019
__attribute__((nonnull, warn_unused_result))
1020
static bool add_local_route(const char *address,
1021
AvahiIfIndex if_index){
1023
fprintf_plus(stderr, "Adding route to %s\n", address);
1025
return add_delete_local_route(true, address, if_index);
1028
__attribute__((nonnull, warn_unused_result))
1029
static bool delete_local_route(const char *address,
1030
AvahiIfIndex if_index){
1032
fprintf_plus(stderr, "Removing route to %s\n", address);
1034
return add_delete_local_route(false, address, if_index);
1037
643
/* Called when a Mandos server is found */
1038
644
__attribute__((nonnull, warn_unused_result))
1039
645
static int start_mandos_communication(const char *ip, in_port_t port,
1127
732
goto mandos_end;
735
memset(&to, 0, sizeof(to));
1130
736
if(af == AF_INET6){
1131
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1132
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1133
ret = inet_pton(af, ip, &to6->sin6_addr);
737
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
738
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1134
739
} else { /* IPv4 */
1135
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1136
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1137
ret = inet_pton(af, ip, &to4->sin_addr);
740
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
741
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1210
814
goto mandos_end;
1215
ret = connect(tcp_sd, (struct sockaddr *)&to,
1216
sizeof(struct sockaddr_in6));
1218
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1219
sizeof(struct sockaddr_in));
1222
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1223
and if_index != AVAHI_IF_UNSPEC
1224
and connect_to == NULL
1225
and not route_added and
1226
((af == AF_INET6 and not
1227
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1229
or (af == AF_INET and
1230
/* Not a a IPv4LL address */
1231
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1232
& 0xFFFF0000L) != 0xA9FE0000L))){
1233
/* Work around Avahi bug - Avahi does not announce link-local
1234
addresses if it has a global address, so local hosts with
1235
*only* a link-local address (e.g. Mandos clients) cannot
1236
connect to a Mandos server announced by Avahi on a server
1237
host with a global address. Work around this by retrying
1238
with an explicit route added with the server's address.
1240
Avahi bug reference:
1241
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1242
https://bugs.debian.org/587961
1245
fprintf_plus(stderr, "Mandos server unreachable, trying"
1249
route_added = add_local_route(ip, if_index);
1255
if(errno != ECONNREFUSED or debug){
1257
perror_plus("connect");
818
ret = connect(tcp_sd, (struct sockaddr *)&to,
819
sizeof(struct sockaddr_in6));
821
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
822
sizeof(struct sockaddr_in));
825
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
827
perror_plus("connect");
1270
838
const char *out = mandos_protocol_version;
1454
/* Set effective uid to 0, return errno */
1455
__attribute__((warn_unused_result))
1456
error_t raise_privileges(void){
1457
error_t old_errno = errno;
1458
error_t ret_errno = 0;
1459
if(seteuid(0) == -1){
1461
perror_plus("seteuid");
1467
/* Set effective and real user ID to 0. Return errno. */
1468
__attribute__((warn_unused_result))
1469
error_t raise_privileges_permanently(void){
1470
error_t old_errno = errno;
1471
error_t ret_errno = raise_privileges();
1476
if(setuid(0) == -1){
1478
perror_plus("seteuid");
1484
/* Set effective user ID to unprivileged saved user ID */
1485
__attribute__((warn_unused_result))
1486
error_t lower_privileges(void){
1487
error_t old_errno = errno;
1488
error_t ret_errno = 0;
1489
if(seteuid(uid) == -1){
1491
perror_plus("seteuid");
1497
/* Lower privileges permanently */
1498
__attribute__((warn_unused_result))
1499
error_t lower_privileges_permanently(void){
1500
error_t old_errno = errno;
1501
error_t ret_errno = 0;
1502
if(setuid(uid) == -1){
1504
perror_plus("setuid");
1905
1510
__attribute__((nonnull))
1906
1511
void run_network_hooks(const char *mode, const char *interface,
1907
1512
const float delay){
1908
struct dirent **direntries = NULL;
1513
struct dirent **direntries;
1909
1514
if(hookdir_fd == -1){
1910
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1515
hookdir_fd = open(hookdir, O_RDONLY);
1912
1516
if(hookdir_fd == -1){
1913
1517
if(errno == ENOENT){
1529
#if __GLIBC_PREREQ(2, 15)
1924
1530
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1925
1531
runnable_hook, alphasort);
1532
#else /* not __GLIBC_PREREQ(2, 15) */
1533
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1535
#endif /* not __GLIBC_PREREQ(2, 15) */
1536
#else /* not __GLIBC__ */
1537
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1539
#endif /* not __GLIBC__ */
1926
1540
if(numhooks == -1){
1927
1541
perror_plus("scandir");
1930
1544
struct dirent *direntry;
1932
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1934
perror_plus("open(\"/dev/null\", O_RDONLY)");
1546
int devnull = open("/dev/null", O_RDONLY);
1937
1547
for(int i = 0; i < numhooks; i++){
1938
1548
direntry = direntries[i];
3048
2588
free(interfaces_to_take_down);
3049
2589
free(interfaces_hooks);
3051
void clean_dir_at(int base, const char * const dirname,
3053
struct dirent **direntries = NULL;
3055
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3061
perror_plus("open");
3063
int numentries = scandirat(dir_fd, ".", &direntries,
3064
notdotentries, alphasort);
3065
if(numentries >= 0){
3066
for(int i = 0; i < numentries; i++){
3068
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3069
dirname, direntries[i]->d_name);
3071
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3073
if(errno == EISDIR){
3074
dret = unlinkat(dir_fd, direntries[i]->d_name,
3077
if((dret == -1) and (errno == ENOTEMPTY)
3078
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3079
== 0) and (level == 0)){
3080
/* Recurse only in this special case */
3081
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3085
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3086
direntries[i]->d_name, strerror(errno));
3089
free(direntries[i]);
3092
/* need to clean even if 0 because man page doesn't specify */
3094
if(numentries == -1){
3095
perror_plus("scandirat");
3097
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3098
if(dret == -1 and errno != ENOENT){
3099
perror_plus("rmdir");
3102
perror_plus("scandirat");
3107
2591
/* Removes the GPGME temp directory and all files inside */
3108
2592
if(tempdir != NULL){
3109
clean_dir_at(-1, tempdir, 0);
2593
struct dirent **direntries = NULL;
2594
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2596
if(tempdir_fd == -1){
2597
perror_plus("open");
2600
#if __GLIBC_PREREQ(2, 15)
2601
int numentries = scandirat(tempdir_fd, ".", &direntries,
2602
notdotentries, alphasort);
2603
#else /* not __GLIBC_PREREQ(2, 15) */
2604
int numentries = scandir(tempdir, &direntries, notdotentries,
2606
#endif /* not __GLIBC_PREREQ(2, 15) */
2607
#else /* not __GLIBC__ */
2608
int numentries = scandir(tempdir, &direntries, notdotentries,
2610
#endif /* not __GLIBC__ */
2612
for(int i = 0; i < numentries; i++){
2613
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2615
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2616
" \"%s\", 0): %s\n", tempdir,
2617
direntries[i]->d_name, strerror(errno));
2621
/* need to clean even if 0 because man page doesn't specify */
2623
if(numentries == -1){
2624
perror_plus("scandir");
2626
ret = rmdir(tempdir);
2627
if(ret == -1 and errno != ENOENT){
2628
perror_plus("rmdir");
2631
TEMP_FAILURE_RETRY(close(tempdir_fd));