To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 723.1.4
- compare with another revision
- download diff
- download tarball
- view history from revision 723.1.4
- Committer: Teddy Hogeborn
- Date: 2014-07-25 23:16:04 UTC
- mto: This revision was merged to the branch mainline in revision 724.
- Revision ID: teddy@recompile.se-20140725231604-f5c4f82rn2o5ll1k
Use the .items() method instead of .iteritems().
This is strictly not a Python 2.7 change, but Python 2.7 backported
the new .viewitems() from Python 3, and instead of changing .items()
to .viewitems() and later having to change them all into .items()
again in Python 3, I opted to just change all .iteritems() to .items()
so the code will work both now and with Python 3. The slowdown with
Python 2 is not significant, and with Python 3 it will again be fast.
* mandos (Client.__init__): Use .items() instead of .iteritems().
(DBusObjectWithProperties.Introspect): - '' -
(alternate_dbus_interfaces/wrapper): - '' -
(main): - '' -
* mandos-ctl (main): - '' -
This is strictly not a Python 2.7 change, but Python 2.7 backported
the new .viewitems() from Python 3, and instead of changing .items()
to .viewitems() and later having to change them all into .items()
again in Python 3, I opted to just change all .iteritems() to .items()
so the code will work both now and with Python 3. The slowdown with
Python 2 is not significant, and with Python 3 it will again be fast.
* mandos (Client.__init__): Use .items() instead of .iteritems().
(DBusObjectWithProperties.Introspect): - '' -
(alternate_dbus_interfaces/wrapper): - '' -
(main): - '' -
* mandos-ctl (main): - '' -
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
23
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
23
* General Public License for more details.
26
24
*
27
25
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
29
28
*
30
29
* Contact the authors at <mandos@recompile.se>.
31
30
*/
47
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
47
strtof(), abort() */
49
48
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
53
51
#include <sys/ioctl.h> /* ioctl */
54
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
53
sockaddr_in6, PF_INET6,
59
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
58
inet_pton(), connect(),
61
59
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
63
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
62
*/
65
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
64
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
65
#include <errno.h> /* perror(), errno,
72
66
program_invocation_short_name */
73
67
#include <time.h> /* nanosleep(), time(), sleep() */
74
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
123
117
gnutls_*
124
118
init_gnutls_session(),
125
119
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
120
#include <gnutls/openpgp.h>
128
121
/* gnutls_certificate_set_openpgp_key_file(),
129
122
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
135
123
136
124
/* GPGME */
137
125
#include <gpgme.h> /* All GPGME types, constants and
145
133
#define PATHDIR "/conf/conf.d/mandos"
146
134
#define SECKEY "seckey.txt"
147
135
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
136
#define HOOKDIR "/lib/mandos/network-hooks.d"
151
137
152
138
bool debug = false;
280
266
return true;
281
267
}
282
268
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
335
269
/*
336
270
* Initialize GPGME.
337
271
*/
357
291
return false;
358
292
}
359
293
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
410
294
rc = gpgme_data_new_from_fd(&pgp_data, fd);
411
295
if(rc != GPG_ERR_NO_ERROR){
412
296
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
420
304
gpgme_strsource(rc), gpgme_strerror(rc));
421
305
return false;
422
306
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
498
307
499
ret = close(fd);
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
500
309
if(ret == -1){
501
310
perror_plus("close");
502
311
}
541
350
/* Create new GPGME "context" */
542
351
rc = gpgme_new(&(mc->ctx));
543
352
if(rc != GPG_ERR_NO_ERROR){
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
546
356
return false;
547
357
}
548
358
584
394
/* Create new empty GPGME data buffer for the plaintext */
585
395
rc = gpgme_data_new(&dh_plain);
586
396
if(rc != GPG_ERR_NO_ERROR){
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
588
399
gpgme_strsource(rc), gpgme_strerror(rc));
589
400
gpgme_data_release(dh_crypto);
590
401
return -1;
603
414
if(result == NULL){
604
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
605
416
} else {
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
612
421
if(result->file_name != NULL){
613
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
614
423
}
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
618
427
fprintf_plus(stderr, "Public key algorithm: %s\n",
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
621
431
fprintf_plus(stderr, "Secret key available: %s\n",
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
623
435
}
624
436
}
625
437
}
681
493
return plaintext_length;
682
494
}
683
495
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
691
496
__attribute__((warn_unused_result))
692
497
static const char *safer_gnutls_strerror(int value){
693
498
const char *ret = gnutls_strerror(value);
694
return safe_string(ret);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
695
502
}
696
503
697
504
/* GnuTLS log function callback */
701
508
fprintf_plus(stderr, "GnuTLS: %s", string);
702
509
}
703
510
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
511
__attribute__((nonnull, warn_unused_result))
705
512
static int init_gnutls_global(const char *pubkeyfilename,
706
513
const char *seckeyfilename,
707
const char *dhparamsfilename,
708
514
mandos_context *mc){
709
515
int ret;
710
516
712
518
fprintf_plus(stderr, "Initializing GnuTLS\n");
713
519
}
714
520
521
ret = gnutls_global_init();
522
if(ret != GNUTLS_E_SUCCESS){
523
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
524
safer_gnutls_strerror(ret));
525
return -1;
526
}
527
715
528
if(debug){
716
529
/* "Use a log level over 10 to enable all debugging options."
717
530
* - GnuTLS manual
725
538
if(ret != GNUTLS_E_SUCCESS){
726
539
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
727
540
safer_gnutls_strerror(ret));
541
gnutls_global_deinit();
728
542
return -1;
729
543
}
730
544
731
545
if(debug){
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
546
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
547
" secret key %s as GnuTLS credentials\n",
734
548
pubkeyfilename,
735
549
seckeyfilename);
736
550
}
737
551
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
751
552
ret = gnutls_certificate_set_openpgp_key_file
752
553
(mc->cred, pubkeyfilename, seckeyfilename,
753
554
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
757
555
if(ret != GNUTLS_E_SUCCESS){
758
556
fprintf_plus(stderr,
759
"Error[%d] while reading the key pair ('%s',"
557
"Error[%d] while reading the OpenPGP key pair ('%s',"
760
558
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
761
559
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
762
560
safer_gnutls_strerror(ret));
771
569
safer_gnutls_strerror(ret));
772
570
goto globalfail;
773
571
}
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
955
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
956
580
957
581
return 0;
958
582
959
583
globalfail:
960
584
961
585
gnutls_certificate_free_credentials(mc->cred);
586
gnutls_global_deinit();
962
587
gnutls_dh_params_deinit(mc->dh_params);
963
588
return -1;
964
589
}
969
594
int ret;
970
595
/* GnuTLS session creation */
971
596
do {
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
597
ret = gnutls_init(session, GNUTLS_SERVER);
980
598
if(quit_now){
981
599
return -1;
982
600
}
1023
641
/* ignore client certificate if any. */
1024
642
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
1025
643
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
1026
646
return 0;
1027
647
}
1028
648
1030
650
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1031
651
__attribute__((unused)) const char *txt){}
1032
652
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
1206
653
/* Called when a Mandos server is found */
1207
654
__attribute__((nonnull, warn_unused_result))
1208
655
static int start_mandos_communication(const char *ip, in_port_t port,
1219
666
int retval = -1;
1220
667
gnutls_session_t session;
1221
668
int pf; /* Protocol family */
1222
bool route_added = false;
1223
669
1224
670
errno = 0;
1225
671
1247
693
bool match = false;
1248
694
{
1249
695
char *interface = NULL;
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
696
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
697
interface))){
1253
698
if(if_nametoindex(interface) == (unsigned int)if_index){
1254
699
match = true;
1255
700
break;
1284
729
PRIuMAX "\n", ip, (uintmax_t)port);
1285
730
}
1286
731
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1288
733
if(tcp_sd < 0){
1289
734
int e = errno;
1290
735
perror_plus("socket");
1297
742
goto mandos_end;
1298
743
}
1299
744
745
memset(&to, 0, sizeof(to));
1300
746
if(af == AF_INET6){
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1304
749
} else { /* IPv4 */
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1308
752
}
1309
753
if(ret < 0 ){
1310
754
int e = errno;
1380
824
goto mandos_end;
1381
825
}
1382
826
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1438
846
}
1439
847
1440
848
const char *out = mandos_protocol_version;
1594
1002
&decrypted_buffer, mc);
1595
1003
if(decrypted_buffer_size >= 0){
1596
1004
1597
clearerr(stdout);
1598
1005
written = 0;
1599
1006
while(written < (size_t) decrypted_buffer_size){
1600
1007
if(quit_now){
1616
1023
}
1617
1024
written += (size_t)ret;
1618
1025
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1629
1026
retval = 0;
1630
1027
}
1631
1028
}
1634
1031
1635
1032
mandos_end:
1636
1033
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1643
1034
int e = errno;
1644
1035
free(decrypted_buffer);
1645
1036
free(buffer);
1646
1037
if(tcp_sd >= 0){
1647
ret = close(tcp_sd);
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1648
1039
}
1649
1040
if(ret == -1){
1650
1041
if(e == 0){
1662
1053
return retval;
1663
1054
}
1664
1055
1056
__attribute__((nonnull))
1665
1057
static void resolve_callback(AvahiSServiceResolver *r,
1666
1058
AvahiIfIndex interface,
1667
1059
AvahiProtocol proto,
1804
1196
__attribute__((nonnull, warn_unused_result))
1805
1197
bool get_flags(const char *ifname, struct ifreq *ifr){
1806
1198
int ret;
1807
int old_errno;
1199
error_t ret_errno;
1808
1200
1809
1201
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1810
1202
if(s < 0){
1811
old_errno = errno;
1203
ret_errno = errno;
1812
1204
perror_plus("socket");
1813
errno = old_errno;
1205
errno = ret_errno;
1814
1206
return false;
1815
1207
}
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1208
strcpy(ifr->ifr_name, ifname);
1818
1209
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1819
1210
if(ret == -1){
1820
1211
if(debug){
1821
old_errno = errno;
1212
ret_errno = errno;
1822
1213
perror_plus("ioctl SIOCGIFFLAGS");
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1214
errno = ret_errno;
1829
1215
}
1830
1216
return false;
1831
1217
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1837
1218
return true;
1838
1219
}
1839
1220
2081
1462
}
2082
1463
}
2083
1464
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
2084
1517
__attribute__((nonnull))
2085
1518
void run_network_hooks(const char *mode, const char *interface,
2086
1519
const float delay){
2087
1520
struct dirent **direntries = NULL;
2088
1521
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
1522
hookdir_fd = open(hookdir, O_RDONLY);
2091
1523
if(hookdir_fd == -1){
2092
1524
if(errno == ENOENT){
2093
1525
if(debug){
2100
1532
return;
2101
1533
}
2102
1534
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
1535
#ifdef __GLIBC__
1536
#if __GLIBC_PREREQ(2, 15)
2108
1537
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
1538
runnable_hook, alphasort);
1539
#else /* not __GLIBC_PREREQ(2, 15) */
1540
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1541
alphasort);
1542
#endif /* not __GLIBC_PREREQ(2, 15) */
1543
#else /* not __GLIBC__ */
1544
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1545
alphasort);
1546
#endif /* not __GLIBC__ */
2110
1547
if(numhooks == -1){
2111
1548
perror_plus("scandir");
2112
close(devnull);
2113
1549
return;
2114
1550
}
2115
1551
struct dirent *direntry;
2116
1552
int ret;
1553
int devnull = open("/dev/null", O_RDONLY);
2117
1554
for(int i = 0; i < numhooks; i++){
2118
1555
direntry = direntries[i];
2119
1556
if(debug){
2143
1580
perror_plus("setgroups");
2144
1581
_exit(EX_NOPERM);
2145
1582
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
2146
1598
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
1599
if(ret == -1){
2148
1600
perror_plus("setenv");
2183
1635
_exit(EX_OSERR);
2184
1636
}
2185
1637
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2189
1639
if(hook_fd == -1){
2190
1640
perror_plus("openat");
2191
1641
_exit(EXIT_FAILURE);
2192
1642
}
2193
if(close(hookdir_fd) == -1){
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2194
1644
perror_plus("close");
2195
1645
_exit(EXIT_FAILURE);
2196
1646
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
1647
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
1648
environ) == -1){
2214
1649
perror_plus("fexecve");
2215
1650
_exit(EXIT_FAILURE);
2216
1651
}
2217
1652
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
1653
int status;
2224
1654
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
1655
perror_plus("waitpid");
2254
1684
free(direntry);
2255
1685
}
2256
1686
free(direntries);
2257
if(close(hookdir_fd) == -1){
1687
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2258
1688
perror_plus("close");
2259
1689
} else {
2260
1690
hookdir_fd = -1;
2263
1693
}
2264
1694
2265
1695
__attribute__((nonnull, warn_unused_result))
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
1696
error_t bring_up_interface(const char *const interface,
1697
const float delay){
1698
error_t old_errno = errno;
2269
1699
int ret;
2270
1700
struct ifreq network;
2271
1701
unsigned int if_index = if_nametoindex(interface);
2281
1711
}
2282
1712
2283
1713
if(not interface_is_up(interface)){
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
1714
error_t ret_errno = 0, ioctl_errno = 0;
2286
1715
if(not get_flags(interface, &network)){
2287
1716
ret_errno = errno;
2288
1717
fprintf_plus(stderr, "Failed to get flags for interface "
2301
1730
}
2302
1731
2303
1732
if(quit_now){
2304
ret = close(sd);
1733
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2305
1734
if(ret == -1){
2306
1735
perror_plus("close");
2307
1736
}
2357
1786
}
2358
1787
2359
1788
/* Close the socket */
2360
ret = close(sd);
1789
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2361
1790
if(ret == -1){
2362
1791
perror_plus("close");
2363
1792
}
2375
1804
2376
1805
/* Sleep checking until interface is running.
2377
1806
Check every 0.25s, up to total time of delay */
2378
for(int i = 0; i < delay * 4; i++){
1807
for(int i=0; i < delay * 4; i++){
2379
1808
if(interface_is_running(interface)){
2380
1809
break;
2381
1810
}
2391
1820
}
2392
1821
2393
1822
__attribute__((nonnull, warn_unused_result))
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
1823
error_t take_down_interface(const char *const interface){
1824
error_t old_errno = errno;
2396
1825
struct ifreq network;
2397
1826
unsigned int if_index = if_nametoindex(interface);
2398
1827
if(if_index == 0){
2401
1830
return ENXIO;
2402
1831
}
2403
1832
if(interface_is_up(interface)){
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
1833
error_t ret_errno = 0, ioctl_errno = 0;
2406
1834
if(not get_flags(interface, &network) and debug){
2407
1835
ret_errno = errno;
2408
1836
fprintf_plus(stderr, "Failed to get flags for interface "
2446
1874
}
2447
1875
2448
1876
/* Close the socket */
2449
int ret = close(sd);
1877
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2450
1878
if(ret == -1){
2451
1879
perror_plus("close");
2452
1880
}
2467
1895
}
2468
1896
2469
1897
int main(int argc, char *argv[]){
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
1898
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1899
.priority = "SECURE256:!CTYPE-X.509:"
1900
"+CTYPE-OPENPGP", .current_server = NULL,
1901
.interfaces = NULL, .interfaces_size = 0 };
2483
1902
AvahiSServiceBrowser *sb = NULL;
2484
1903
error_t ret_errno;
2485
1904
int ret;
2494
1913
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2495
1914
const char *seckey = PATHDIR "/" SECKEY;
2496
1915
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
2502
1916
char *interfaces_hooks = NULL;
2503
1917
2504
1918
bool gnutls_initialized = false;
2551
1965
{ .name = "pubkey", .key = 'p',
2552
1966
.arg = "FILE",
2553
1967
.doc = "OpenPGP public key file base name",
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
1968
.group = 2 },
2571
1969
{ .name = "dh-bits", .key = 129,
2572
1970
.arg = "BITS",
2573
1971
.doc = "Bit length of the prime number used in the"
2574
1972
" Diffie-Hellman key exchange",
2575
1973
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
2581
1974
{ .name = "priority", .key = 130,
2582
1975
.arg = "STRING",
2583
1976
.doc = "GnuTLS priority string for the TLS handshake",
2629
2022
case 'p': /* --pubkey */
2630
2023
pubkey = arg;
2631
2024
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2642
2025
case 129: /* --dh-bits */
2643
2026
errno = 0;
2644
2027
tmpmax = strtoimax(arg, &tmp, 10);
2648
2031
}
2649
2032
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2650
2033
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2654
2034
case 130: /* --priority */
2655
2035
mc.priority = arg;
2656
2036
break;
2679
2059
argp_state_help(state, state->out_stream,
2680
2060
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2681
2061
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2683
2062
case -3: /* --usage */
2684
2063
argp_state_help(state, state->out_stream,
2685
2064
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2687
2065
case 'V': /* --version */
2688
2066
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2689
2067
exit(argp_err_exit_status);
2698
2076
.args_doc = "",
2699
2077
.doc = "Mandos client -- Get and decrypt"
2700
2078
" passwords from a Mandos server" };
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2079
ret = argp_parse(&argp, argc, argv,
2080
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2081
switch(ret){
2704
2082
case 0:
2705
2083
break;
2706
2084
case ENOMEM:
2707
2085
default:
2708
errno = ret_errno;
2086
errno = ret;
2709
2087
perror_plus("argp_parse");
2710
2088
exitcode = EX_OSERR;
2711
2089
goto end;
2714
2092
goto end;
2715
2093
}
2716
2094
}
2717
2095
2718
2096
{
2719
2097
/* Work around Debian bug #633582:
2720
<https://bugs.debian.org/633582> */
2098
<http://bugs.debian.org/633582> */
2721
2099
2722
2100
/* Re-raise privileges */
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2101
ret_errno = raise_privileges();
2102
if(ret_errno != 0){
2103
errno = ret_errno;
2726
2104
perror_plus("Failed to raise privileges");
2727
2105
} else {
2728
2106
struct stat st;
2744
2122
}
2745
2123
}
2746
2124
}
2747
close(seckey_fd);
2125
TEMP_FAILURE_RETRY(close(seckey_fd));
2748
2126
}
2749
2127
}
2750
2128
2751
2129
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2752
2130
int pubkey_fd = open(pubkey, O_RDONLY);
2753
2131
if(pubkey_fd == -1){
2765
2143
}
2766
2144
}
2767
2145
}
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2146
TEMP_FAILURE_RETRY(close(pubkey_fd));
2147
}
2148
}
2149
2794
2150
/* Lower privileges */
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2151
ret_errno = lower_privileges();
2152
if(ret_errno != 0){
2153
errno = ret_errno;
2798
2154
perror_plus("Failed to lower privileges");
2799
2155
}
2800
2156
}
2970
2326
errno = bring_up_interface(interface, delay);
2971
2327
if(not interface_was_up){
2972
2328
if(errno != 0){
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2329
perror_plus("Failed to bring up interface");
2975
2330
} else {
2976
2331
errno = argz_add(&interfaces_to_take_down,
2977
2332
&interfaces_to_take_down_size,
3000
2355
goto end;
3001
2356
}
3002
2357
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
2358
ret = init_gnutls_global(pubkey, seckey, &mc);
3010
2359
if(ret == -1){
3011
2360
fprintf_plus(stderr, "init_gnutls_global failed\n");
3012
2361
exitcode = EX_UNAVAILABLE;
3134
2483
3135
2484
/* Allocate a new server */
3136
2485
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3137
&config, NULL, NULL, &ret);
2486
&config, NULL, NULL, &ret_errno);
3138
2487
3139
2488
/* Free the Avahi configuration data */
3140
2489
avahi_server_config_free(&config);
3143
2492
/* Check if creating the Avahi server object succeeded */
3144
2493
if(mc.server == NULL){
3145
2494
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3146
avahi_strerror(ret));
2495
avahi_strerror(ret_errno));
3147
2496
exitcode = EX_UNAVAILABLE;
3148
2497
goto end;
3149
2498
}
3184
2533
end:
3185
2534
3186
2535
if(debug){
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
2536
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3194
2537
}
3195
2538
3196
2539
/* Cleanup things */
3207
2550
3208
2551
if(gnutls_initialized){
3209
2552
gnutls_certificate_free_credentials(mc.cred);
2553
gnutls_global_deinit();
3210
2554
gnutls_dh_params_deinit(mc.dh_params);
3211
2555
}
3212
2556
3235
2579
3236
2580
/* Re-raise privileges */
3237
2581
{
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
2582
ret_errno = raise_privileges();
2583
if(ret_errno != 0){
2584
errno = ret_errno;
3241
2585
perror_plus("Failed to raise privileges");
3242
2586
} else {
3243
2587
3248
2592
/* Take down the network interfaces which were brought up */
3249
2593
{
3250
2594
char *interface = NULL;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
2595
while((interface=argz_next(interfaces_to_take_down,
2596
interfaces_to_take_down_size,
2597
interface))){
2598
ret_errno = take_down_interface(interface);
2599
if(ret_errno != 0){
2600
errno = ret_errno;
3257
2601
perror_plus("Failed to take down interface");
3258
2602
}
3259
2603
}
3264
2608
}
3265
2609
}
3266
2610
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
2611
ret_errno = lower_privileges_permanently();
2612
if(ret_errno != 0){
2613
errno = ret_errno;
3270
2614
perror_plus("Failed to lower privileges permanently");
3271
2615
}
3272
2616
}
3274
2618
free(interfaces_to_take_down);
3275
2619
free(interfaces_hooks);
3276
2620
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
3331
2621
/* Removes the GPGME temp directory and all files inside */
3332
2622
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
2623
struct dirent **direntries = NULL;
2624
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2625
O_NOFOLLOW));
2626
if(tempdir_fd == -1){
2627
perror_plus("open");
2628
} else {
2629
#ifdef __GLIBC__
2630
#if __GLIBC_PREREQ(2, 15)
2631
int numentries = scandirat(tempdir_fd, ".", &direntries,
2632
notdotentries, alphasort);
2633
#else /* not __GLIBC_PREREQ(2, 15) */
2634
int numentries = scandir(tempdir, &direntries, notdotentries,
2635
alphasort);
2636
#endif /* not __GLIBC_PREREQ(2, 15) */
2637
#else /* not __GLIBC__ */
2638
int numentries = scandir(tempdir, &direntries, notdotentries,
2639
alphasort);
2640
#endif /* not __GLIBC__ */
2641
if(numentries >= 0){
2642
for(int i = 0; i < numentries; i++){
2643
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2644
if(ret == -1){
2645
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2646
" \"%s\", 0): %s\n", tempdir,
2647
direntries[i]->d_name, strerror(errno));
2648
}
2649
free(direntries[i]);
2650
}
2651
2652
/* need to clean even if 0 because man page doesn't specify */
2653
free(direntries);
2654
if(numentries == -1){
2655
perror_plus("scandir");
2656
}
2657
ret = rmdir(tempdir);
2658
if(ret == -1 and errno != ENOENT){
2659
perror_plus("rmdir");
2660
}
2661
}
2662
TEMP_FAILURE_RETRY(close(tempdir_fd));
2663
}
3334
2664
}
3335
2665
3336
2666
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0