To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 741
- compare with another revision
- download diff
- download tarball
- view history from revision 741
- Committer: Teddy Hogeborn
- Date: 2015-01-25 00:02:51 UTC
- Revision ID: teddy@recompile.se-20150125000251-j2bw50gfq9smqyxe
mandos.xml (SEE ALSO): Update links.
Update link to GnuPG home page, change reference from TLS 1.1 to TLS
1.2, and change to latest RFC for using OpenPGP keys with TLS (and use
its correct title).
Update link to GnuPG home page, change reference from TLS 1.1 to TLS
1.2, and change to latest RFC for using OpenPGP keys with TLS (and use
its correct title).
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2020 Teddy Hogeborn
13
* Copyright © 2008-2020 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
23
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
23
* General Public License for more details.
26
24
*
27
25
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
29
28
*
30
29
* Contact the authors at <mandos@recompile.se>.
31
30
*/
47
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
47
strtof(), abort() */
49
48
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
53
51
#include <sys/ioctl.h> /* ioctl */
54
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
53
sockaddr_in6, PF_INET6,
59
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
58
inet_pton(), connect(),
61
59
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
63
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
62
*/
65
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
64
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
65
#include <errno.h> /* perror(), errno,
72
66
program_invocation_short_name */
73
67
#include <time.h> /* nanosleep(), time(), sleep() */
74
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
123
117
gnutls_*
124
118
init_gnutls_session(),
125
119
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
120
#include <gnutls/openpgp.h>
128
121
/* gnutls_certificate_set_openpgp_key_file(),
129
122
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
135
123
136
124
/* GPGME */
137
125
#include <gpgme.h> /* All GPGME types, constants and
145
133
#define PATHDIR "/conf/conf.d/mandos"
146
134
#define SECKEY "seckey.txt"
147
135
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
136
#define HOOKDIR "/lib/mandos/network-hooks.d"
151
137
152
138
bool debug = false;
280
266
return true;
281
267
}
282
268
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
335
269
/*
336
270
* Initialize GPGME.
337
271
*/
357
291
return false;
358
292
}
359
293
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
400
perror_plus("clock_settime");
401
}
402
ret = lower_privileges();
403
if(ret != 0){
404
errno = ret;
405
perror_plus("Failed to lower privileges");
406
}
407
} while(false);
408
409
294
rc = gpgme_data_new_from_fd(&pgp_data, fd);
410
295
if(rc != GPG_ERR_NO_ERROR){
411
296
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
419
304
gpgme_strsource(rc), gpgme_strerror(rc));
420
305
return false;
421
306
}
422
{
423
gpgme_import_result_t import_result
424
= gpgme_op_import_result(mc->ctx);
425
if((import_result->imported < 1
426
or import_result->not_imported > 0)
427
and import_result->unchanged == 0){
428
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
429
fprintf_plus(stderr,
430
"The total number of considered keys: %d\n",
431
import_result->considered);
432
fprintf_plus(stderr,
433
"The number of keys without user ID: %d\n",
434
import_result->no_user_id);
435
fprintf_plus(stderr,
436
"The total number of imported keys: %d\n",
437
import_result->imported);
438
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
439
import_result->imported_rsa);
440
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
441
import_result->unchanged);
442
fprintf_plus(stderr, "The number of new user IDs: %d\n",
443
import_result->new_user_ids);
444
fprintf_plus(stderr, "The number of new sub keys: %d\n",
445
import_result->new_sub_keys);
446
fprintf_plus(stderr, "The number of new signatures: %d\n",
447
import_result->new_signatures);
448
fprintf_plus(stderr, "The number of new revocations: %d\n",
449
import_result->new_revocations);
450
fprintf_plus(stderr,
451
"The total number of secret keys read: %d\n",
452
import_result->secret_read);
453
fprintf_plus(stderr,
454
"The number of imported secret keys: %d\n",
455
import_result->secret_imported);
456
fprintf_plus(stderr,
457
"The number of unchanged secret keys: %d\n",
458
import_result->secret_unchanged);
459
fprintf_plus(stderr, "The number of keys not imported: %d\n",
460
import_result->not_imported);
461
for(gpgme_import_status_t import_status
462
= import_result->imports;
463
import_status != NULL;
464
import_status = import_status->next){
465
fprintf_plus(stderr, "Import status for key: %s\n",
466
import_status->fpr);
467
if(import_status->result != GPG_ERR_NO_ERROR){
468
fprintf_plus(stderr, "Import result: %s: %s\n",
469
gpgme_strsource(import_status->result),
470
gpgme_strerror(import_status->result));
471
}
472
fprintf_plus(stderr, "Key status:\n");
473
fprintf_plus(stderr,
474
import_status->status & GPGME_IMPORT_NEW
475
? "The key was new.\n"
476
: "The key was not new.\n");
477
fprintf_plus(stderr,
478
import_status->status & GPGME_IMPORT_UID
479
? "The key contained new user IDs.\n"
480
: "The key did not contain new user IDs.\n");
481
fprintf_plus(stderr,
482
import_status->status & GPGME_IMPORT_SIG
483
? "The key contained new signatures.\n"
484
: "The key did not contain new signatures.\n");
485
fprintf_plus(stderr,
486
import_status->status & GPGME_IMPORT_SUBKEY
487
? "The key contained new sub keys.\n"
488
: "The key did not contain new sub keys.\n");
489
fprintf_plus(stderr,
490
import_status->status & GPGME_IMPORT_SECRET
491
? "The key contained a secret key.\n"
492
: "The key did not contain a secret key.\n");
493
}
494
return false;
495
}
496
}
497
307
498
ret = close(fd);
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
499
309
if(ret == -1){
500
310
perror_plus("close");
501
311
}
540
350
/* Create new GPGME "context" */
541
351
rc = gpgme_new(&(mc->ctx));
542
352
if(rc != GPG_ERR_NO_ERROR){
543
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
544
gpgme_strsource(rc), gpgme_strerror(rc));
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
545
356
return false;
546
357
}
547
358
583
394
/* Create new empty GPGME data buffer for the plaintext */
584
395
rc = gpgme_data_new(&dh_plain);
585
396
if(rc != GPG_ERR_NO_ERROR){
586
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
587
399
gpgme_strsource(rc), gpgme_strerror(rc));
588
400
gpgme_data_release(dh_crypto);
589
401
return -1;
602
414
if(result == NULL){
603
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
604
416
} else {
605
if(result->unsupported_algorithm != NULL) {
606
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
607
result->unsupported_algorithm);
608
}
609
fprintf_plus(stderr, "Wrong key usage: %s\n",
610
result->wrong_key_usage ? "Yes" : "No");
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
611
421
if(result->file_name != NULL){
612
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
613
423
}
614
615
for(gpgme_recipient_t r = result->recipients; r != NULL;
616
r = r->next){
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
617
427
fprintf_plus(stderr, "Public key algorithm: %s\n",
618
gpgme_pubkey_algo_name(r->pubkey_algo));
619
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
620
431
fprintf_plus(stderr, "Secret key available: %s\n",
621
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
622
435
}
623
436
}
624
437
}
680
493
return plaintext_length;
681
494
}
682
495
683
__attribute__((warn_unused_result, const))
684
static const char *safe_string(const char *str){
685
if(str == NULL)
686
return "(unknown)";
687
return str;
688
}
689
690
496
__attribute__((warn_unused_result))
691
497
static const char *safer_gnutls_strerror(int value){
692
498
const char *ret = gnutls_strerror(value);
693
return safe_string(ret);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
694
502
}
695
503
696
504
/* GnuTLS log function callback */
700
508
fprintf_plus(stderr, "GnuTLS: %s", string);
701
509
}
702
510
703
__attribute__((nonnull(1, 2, 4), warn_unused_result))
511
__attribute__((nonnull, warn_unused_result))
704
512
static int init_gnutls_global(const char *pubkeyfilename,
705
513
const char *seckeyfilename,
706
const char *dhparamsfilename,
707
514
mandos_context *mc){
708
515
int ret;
709
516
711
518
fprintf_plus(stderr, "Initializing GnuTLS\n");
712
519
}
713
520
521
ret = gnutls_global_init();
522
if(ret != GNUTLS_E_SUCCESS){
523
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
524
safer_gnutls_strerror(ret));
525
return -1;
526
}
527
714
528
if(debug){
715
529
/* "Use a log level over 10 to enable all debugging options."
716
530
* - GnuTLS manual
724
538
if(ret != GNUTLS_E_SUCCESS){
725
539
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
726
540
safer_gnutls_strerror(ret));
541
gnutls_global_deinit();
727
542
return -1;
728
543
}
729
544
730
545
if(debug){
731
fprintf_plus(stderr, "Attempting to use public key %s and"
732
" private key %s as GnuTLS credentials\n",
546
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
547
" secret key %s as GnuTLS credentials\n",
733
548
pubkeyfilename,
734
549
seckeyfilename);
735
550
}
736
551
737
#if GNUTLS_VERSION_NUMBER >= 0x030606
738
ret = gnutls_certificate_set_rawpk_key_file
739
(mc->cred, pubkeyfilename, seckeyfilename,
740
GNUTLS_X509_FMT_PEM, /* format */
741
NULL, /* pass */
742
/* key_usage */
743
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
744
NULL, /* names */
745
0, /* names_length */
746
/* privkey_flags */
747
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
748
0); /* pkcs11_flags */
749
#elif GNUTLS_VERSION_NUMBER < 0x030600
750
552
ret = gnutls_certificate_set_openpgp_key_file
751
553
(mc->cred, pubkeyfilename, seckeyfilename,
752
554
GNUTLS_OPENPGP_FMT_BASE64);
753
#else
754
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
755
#endif
756
555
if(ret != GNUTLS_E_SUCCESS){
757
556
fprintf_plus(stderr,
758
"Error[%d] while reading the key pair ('%s',"
557
"Error[%d] while reading the OpenPGP key pair ('%s',"
759
558
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
760
559
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
761
560
safer_gnutls_strerror(ret));
770
569
safer_gnutls_strerror(ret));
771
570
goto globalfail;
772
571
}
773
/* If a Diffie-Hellman parameters file was given, try to use it */
774
if(dhparamsfilename != NULL){
775
gnutls_datum_t params = { .data = NULL, .size = 0 };
776
do {
777
int dhpfile = open(dhparamsfilename, O_RDONLY);
778
if(dhpfile == -1){
779
perror_plus("open");
780
dhparamsfilename = NULL;
781
break;
782
}
783
size_t params_capacity = 0;
784
while(true){
785
params_capacity = incbuffer((char **)¶ms.data,
786
(size_t)params.size,
787
(size_t)params_capacity);
788
if(params_capacity == 0){
789
perror_plus("incbuffer");
790
free(params.data);
791
params.data = NULL;
792
dhparamsfilename = NULL;
793
break;
794
}
795
ssize_t bytes_read = read(dhpfile,
796
params.data + params.size,
797
BUFFER_SIZE);
798
/* EOF */
799
if(bytes_read == 0){
800
break;
801
}
802
/* check bytes_read for failure */
803
if(bytes_read < 0){
804
perror_plus("read");
805
free(params.data);
806
params.data = NULL;
807
dhparamsfilename = NULL;
808
break;
809
}
810
params.size += (unsigned int)bytes_read;
811
}
812
ret = close(dhpfile);
813
if(ret == -1){
814
perror_plus("close");
815
}
816
if(params.data == NULL){
817
dhparamsfilename = NULL;
818
}
819
if(dhparamsfilename == NULL){
820
break;
821
}
822
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
823
GNUTLS_X509_FMT_PEM);
824
if(ret != GNUTLS_E_SUCCESS){
825
fprintf_plus(stderr, "Failed to parse DH parameters in file"
826
" \"%s\": %s\n", dhparamsfilename,
827
safer_gnutls_strerror(ret));
828
dhparamsfilename = NULL;
829
}
830
free(params.data);
831
} while(false);
832
}
833
if(dhparamsfilename == NULL){
834
if(mc->dh_bits == 0){
835
#if GNUTLS_VERSION_NUMBER < 0x030600
836
/* Find out the optimal number of DH bits */
837
/* Try to read the private key file */
838
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
839
do {
840
int secfile = open(seckeyfilename, O_RDONLY);
841
if(secfile == -1){
842
perror_plus("open");
843
break;
844
}
845
size_t buffer_capacity = 0;
846
while(true){
847
buffer_capacity = incbuffer((char **)&buffer.data,
848
(size_t)buffer.size,
849
(size_t)buffer_capacity);
850
if(buffer_capacity == 0){
851
perror_plus("incbuffer");
852
free(buffer.data);
853
buffer.data = NULL;
854
break;
855
}
856
ssize_t bytes_read = read(secfile,
857
buffer.data + buffer.size,
858
BUFFER_SIZE);
859
/* EOF */
860
if(bytes_read == 0){
861
break;
862
}
863
/* check bytes_read for failure */
864
if(bytes_read < 0){
865
perror_plus("read");
866
free(buffer.data);
867
buffer.data = NULL;
868
break;
869
}
870
buffer.size += (unsigned int)bytes_read;
871
}
872
close(secfile);
873
} while(false);
874
/* If successful, use buffer to parse private key */
875
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
876
if(buffer.data != NULL){
877
{
878
gnutls_openpgp_privkey_t privkey = NULL;
879
ret = gnutls_openpgp_privkey_init(&privkey);
880
if(ret != GNUTLS_E_SUCCESS){
881
fprintf_plus(stderr, "Error initializing OpenPGP key"
882
" structure: %s",
883
safer_gnutls_strerror(ret));
884
free(buffer.data);
885
buffer.data = NULL;
886
} else {
887
ret = gnutls_openpgp_privkey_import
888
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
889
if(ret != GNUTLS_E_SUCCESS){
890
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
891
safer_gnutls_strerror(ret));
892
privkey = NULL;
893
}
894
free(buffer.data);
895
buffer.data = NULL;
896
if(privkey != NULL){
897
/* Use private key to suggest an appropriate
898
sec_param */
899
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
900
gnutls_openpgp_privkey_deinit(privkey);
901
if(debug){
902
fprintf_plus(stderr, "This OpenPGP key implies using"
903
" a GnuTLS security parameter \"%s\".\n",
904
safe_string(gnutls_sec_param_get_name
905
(sec_param)));
906
}
907
}
908
}
909
}
910
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
911
/* Err on the side of caution */
912
sec_param = GNUTLS_SEC_PARAM_ULTRA;
913
if(debug){
914
fprintf_plus(stderr, "Falling back to security parameter"
915
" \"%s\"\n",
916
safe_string(gnutls_sec_param_get_name
917
(sec_param)));
918
}
919
}
920
}
921
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
922
if(uret != 0){
923
mc->dh_bits = uret;
924
if(debug){
925
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
926
" implies %u DH bits; using that.\n",
927
safe_string(gnutls_sec_param_get_name
928
(sec_param)),
929
mc->dh_bits);
930
}
931
} else {
932
fprintf_plus(stderr, "Failed to get implied number of DH"
933
" bits for security parameter \"%s\"): %s\n",
934
safe_string(gnutls_sec_param_get_name
935
(sec_param)),
936
safer_gnutls_strerror(ret));
937
goto globalfail;
938
}
939
#endif
940
} else { /* dh_bits != 0 */
941
if(debug){
942
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
943
mc->dh_bits);
944
}
945
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
946
if(ret != GNUTLS_E_SUCCESS){
947
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
948
" bits): %s\n", mc->dh_bits,
949
safer_gnutls_strerror(ret));
950
goto globalfail;
951
}
952
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
953
}
954
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
955
580
956
581
return 0;
957
582
958
583
globalfail:
959
584
960
585
gnutls_certificate_free_credentials(mc->cred);
586
gnutls_global_deinit();
961
587
gnutls_dh_params_deinit(mc->dh_params);
962
588
return -1;
963
589
}
968
594
int ret;
969
595
/* GnuTLS session creation */
970
596
do {
971
ret = gnutls_init(session, (GNUTLS_SERVER
972
#if GNUTLS_VERSION_NUMBER >= 0x030506
973
| GNUTLS_NO_TICKETS
974
#endif
975
#if GNUTLS_VERSION_NUMBER >= 0x030606
976
| GNUTLS_ENABLE_RAWPK
977
#endif
978
));
597
ret = gnutls_init(session, GNUTLS_SERVER);
979
598
if(quit_now){
980
599
return -1;
981
600
}
1022
641
/* ignore client certificate if any. */
1023
642
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
1024
643
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
1025
646
return 0;
1026
647
}
1027
648
1029
650
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1030
651
__attribute__((unused)) const char *txt){}
1031
652
1032
/* Helper function to add_local_route() and delete_local_route() */
1033
__attribute__((nonnull, warn_unused_result))
1034
static bool add_delete_local_route(const bool add,
1035
const char *address,
1036
AvahiIfIndex if_index){
1037
int ret;
1038
char helper[] = "mandos-client-iprouteadddel";
1039
char add_arg[] = "add";
1040
char delete_arg[] = "delete";
1041
char debug_flag[] = "--debug";
1042
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1043
if(pluginhelperdir == NULL){
1044
if(debug){
1045
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1046
" variable not set; cannot run helper\n");
1047
}
1048
return false;
1049
}
1050
1051
char interface[IF_NAMESIZE];
1052
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1053
perror_plus("if_indextoname");
1054
return false;
1055
}
1056
1057
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1058
if(devnull == -1){
1059
perror_plus("open(\"/dev/null\", O_RDONLY)");
1060
return false;
1061
}
1062
pid_t pid = fork();
1063
if(pid == 0){
1064
/* Child */
1065
/* Raise privileges */
1066
errno = raise_privileges_permanently();
1067
if(errno != 0){
1068
perror_plus("Failed to raise privileges");
1069
/* _exit(EX_NOPERM); */
1070
} else {
1071
/* Set group */
1072
errno = 0;
1073
ret = setgid(0);
1074
if(ret == -1){
1075
perror_plus("setgid");
1076
close(devnull);
1077
_exit(EX_NOPERM);
1078
}
1079
/* Reset supplementary groups */
1080
errno = 0;
1081
ret = setgroups(0, NULL);
1082
if(ret == -1){
1083
perror_plus("setgroups");
1084
close(devnull);
1085
_exit(EX_NOPERM);
1086
}
1087
}
1088
ret = dup2(devnull, STDIN_FILENO);
1089
if(ret == -1){
1090
perror_plus("dup2(devnull, STDIN_FILENO)");
1091
close(devnull);
1092
_exit(EX_OSERR);
1093
}
1094
ret = close(devnull);
1095
if(ret == -1){
1096
perror_plus("close");
1097
}
1098
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1099
if(ret == -1){
1100
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1101
_exit(EX_OSERR);
1102
}
1103
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1104
O_RDONLY
1105
| O_DIRECTORY
1106
| O_PATH
1107
| O_CLOEXEC));
1108
if(helperdir_fd == -1){
1109
perror_plus("open");
1110
_exit(EX_UNAVAILABLE);
1111
}
1112
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1113
helper, O_RDONLY));
1114
if(helper_fd == -1){
1115
perror_plus("openat");
1116
close(helperdir_fd);
1117
_exit(EX_UNAVAILABLE);
1118
}
1119
close(helperdir_fd);
1120
#ifdef __GNUC__
1121
#pragma GCC diagnostic push
1122
#pragma GCC diagnostic ignored "-Wcast-qual"
1123
#endif
1124
if(fexecve(helper_fd, (char *const [])
1125
{ helper, add ? add_arg : delete_arg, (char *)address,
1126
interface, debug ? debug_flag : NULL, NULL },
1127
environ) == -1){
1128
#ifdef __GNUC__
1129
#pragma GCC diagnostic pop
1130
#endif
1131
perror_plus("fexecve");
1132
_exit(EXIT_FAILURE);
1133
}
1134
}
1135
if(pid == -1){
1136
perror_plus("fork");
1137
close(devnull);
1138
return false;
1139
}
1140
ret = close(devnull);
1141
if(ret == -1){
1142
perror_plus("close");
1143
}
1144
int status;
1145
pid_t pret = -1;
1146
errno = 0;
1147
do {
1148
pret = waitpid(pid, &status, 0);
1149
if(pret == -1 and errno == EINTR and quit_now){
1150
int errno_raising = 0;
1151
if((errno = raise_privileges()) != 0){
1152
errno_raising = errno;
1153
perror_plus("Failed to raise privileges in order to"
1154
" kill helper program");
1155
}
1156
if(kill(pid, SIGTERM) == -1){
1157
perror_plus("kill");
1158
}
1159
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1160
perror_plus("Failed to lower privileges after killing"
1161
" helper program");
1162
}
1163
return false;
1164
}
1165
} while(pret == -1 and errno == EINTR);
1166
if(pret == -1){
1167
perror_plus("waitpid");
1168
return false;
1169
}
1170
if(WIFEXITED(status)){
1171
if(WEXITSTATUS(status) != 0){
1172
fprintf_plus(stderr, "Error: iprouteadddel exited"
1173
" with status %d\n", WEXITSTATUS(status));
1174
return false;
1175
}
1176
return true;
1177
}
1178
if(WIFSIGNALED(status)){
1179
fprintf_plus(stderr, "Error: iprouteadddel died by"
1180
" signal %d\n", WTERMSIG(status));
1181
return false;
1182
}
1183
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1184
return false;
1185
}
1186
1187
__attribute__((nonnull, warn_unused_result))
1188
static bool add_local_route(const char *address,
1189
AvahiIfIndex if_index){
1190
if(debug){
1191
fprintf_plus(stderr, "Adding route to %s\n", address);
1192
}
1193
return add_delete_local_route(true, address, if_index);
1194
}
1195
1196
__attribute__((nonnull, warn_unused_result))
1197
static bool delete_local_route(const char *address,
1198
AvahiIfIndex if_index){
1199
if(debug){
1200
fprintf_plus(stderr, "Removing route to %s\n", address);
1201
}
1202
return add_delete_local_route(false, address, if_index);
1203
}
1204
1205
653
/* Called when a Mandos server is found */
1206
654
__attribute__((nonnull, warn_unused_result))
1207
655
static int start_mandos_communication(const char *ip, in_port_t port,
1218
666
int retval = -1;
1219
667
gnutls_session_t session;
1220
668
int pf; /* Protocol family */
1221
bool route_added = false;
1222
669
1223
670
errno = 0;
1224
671
1246
693
bool match = false;
1247
694
{
1248
695
char *interface = NULL;
1249
while((interface = argz_next(mc->interfaces,
1250
mc->interfaces_size,
1251
interface))){
696
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
697
interface))){
1252
698
if(if_nametoindex(interface) == (unsigned int)if_index){
1253
699
match = true;
1254
700
break;
1283
729
PRIuMAX "\n", ip, (uintmax_t)port);
1284
730
}
1285
731
1286
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1287
733
if(tcp_sd < 0){
1288
734
int e = errno;
1289
735
perror_plus("socket");
1296
742
goto mandos_end;
1297
743
}
1298
744
745
memset(&to, 0, sizeof(to));
1299
746
if(af == AF_INET6){
1300
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1301
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1302
ret = inet_pton(af, ip, &to6->sin6_addr);
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1303
749
} else { /* IPv4 */
1304
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1305
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1306
ret = inet_pton(af, ip, &to4->sin_addr);
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1307
752
}
1308
753
if(ret < 0 ){
1309
754
int e = errno;
1379
824
goto mandos_end;
1380
825
}
1381
826
1382
while(true){
1383
if(af == AF_INET6){
1384
ret = connect(tcp_sd, (struct sockaddr *)&to,
1385
sizeof(struct sockaddr_in6));
1386
} else {
1387
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1388
sizeof(struct sockaddr_in));
1389
}
1390
if(ret < 0){
1391
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1392
and if_index != AVAHI_IF_UNSPEC
1393
and connect_to == NULL
1394
and not route_added and
1395
((af == AF_INET6 and not
1396
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1397
&to)->sin6_addr)))
1398
or (af == AF_INET and
1399
/* Not a a IPv4LL address */
1400
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1401
& 0xFFFF0000L) != 0xA9FE0000L))){
1402
/* Work around Avahi bug - Avahi does not announce link-local
1403
addresses if it has a global address, so local hosts with
1404
*only* a link-local address (e.g. Mandos clients) cannot
1405
connect to a Mandos server announced by Avahi on a server
1406
host with a global address. Work around this by retrying
1407
with an explicit route added with the server's address.
1408
1409
Avahi bug reference:
1410
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1411
https://bugs.debian.org/587961
1412
*/
1413
if(debug){
1414
fprintf_plus(stderr, "Mandos server unreachable, trying"
1415
" direct route\n");
1416
}
1417
int e = errno;
1418
route_added = add_local_route(ip, if_index);
1419
if(route_added){
1420
continue;
1421
}
1422
errno = e;
1423
}
1424
if(errno != ECONNREFUSED or debug){
1425
int e = errno;
1426
perror_plus("connect");
1427
errno = e;
1428
}
1429
goto mandos_end;
1430
}
1431
1432
if(quit_now){
1433
errno = EINTR;
1434
goto mandos_end;
1435
}
1436
break;
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1437
846
}
1438
847
1439
848
const char *out = mandos_protocol_version;
1593
1002
&decrypted_buffer, mc);
1594
1003
if(decrypted_buffer_size >= 0){
1595
1004
1596
clearerr(stdout);
1597
1005
written = 0;
1598
1006
while(written < (size_t) decrypted_buffer_size){
1599
1007
if(quit_now){
1615
1023
}
1616
1024
written += (size_t)ret;
1617
1025
}
1618
ret = fflush(stdout);
1619
if(ret != 0){
1620
int e = errno;
1621
if(debug){
1622
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1623
strerror(errno));
1624
}
1625
errno = e;
1626
goto mandos_end;
1627
}
1628
1026
retval = 0;
1629
1027
}
1630
1028
}
1633
1031
1634
1032
mandos_end:
1635
1033
{
1636
if(route_added){
1637
if(not delete_local_route(ip, if_index)){
1638
fprintf_plus(stderr, "Failed to delete local route to %s on"
1639
" interface %d", ip, if_index);
1640
}
1641
}
1642
1034
int e = errno;
1643
1035
free(decrypted_buffer);
1644
1036
free(buffer);
1645
1037
if(tcp_sd >= 0){
1646
ret = close(tcp_sd);
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1647
1039
}
1648
1040
if(ret == -1){
1649
1041
if(e == 0){
1661
1053
return retval;
1662
1054
}
1663
1055
1056
__attribute__((nonnull))
1664
1057
static void resolve_callback(AvahiSServiceResolver *r,
1665
1058
AvahiIfIndex interface,
1666
1059
AvahiProtocol proto,
1803
1196
__attribute__((nonnull, warn_unused_result))
1804
1197
bool get_flags(const char *ifname, struct ifreq *ifr){
1805
1198
int ret;
1806
int old_errno;
1199
error_t ret_errno;
1807
1200
1808
1201
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1809
1202
if(s < 0){
1810
old_errno = errno;
1203
ret_errno = errno;
1811
1204
perror_plus("socket");
1812
errno = old_errno;
1205
errno = ret_errno;
1813
1206
return false;
1814
1207
}
1815
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1816
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1208
strcpy(ifr->ifr_name, ifname);
1817
1209
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1818
1210
if(ret == -1){
1819
1211
if(debug){
1820
old_errno = errno;
1212
ret_errno = errno;
1821
1213
perror_plus("ioctl SIOCGIFFLAGS");
1822
errno = old_errno;
1823
}
1824
if((close(s) == -1) and debug){
1825
old_errno = errno;
1826
perror_plus("close");
1827
errno = old_errno;
1214
errno = ret_errno;
1828
1215
}
1829
1216
return false;
1830
1217
}
1831
if((close(s) == -1) and debug){
1832
old_errno = errno;
1833
perror_plus("close");
1834
errno = old_errno;
1835
}
1836
1218
return true;
1837
1219
}
1838
1220
2080
1462
}
2081
1463
}
2082
1464
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
2083
1517
__attribute__((nonnull))
2084
1518
void run_network_hooks(const char *mode, const char *interface,
2085
1519
const float delay){
2086
1520
struct dirent **direntries = NULL;
2087
1521
if(hookdir_fd == -1){
2088
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2089
| O_CLOEXEC);
1522
hookdir_fd = open(hookdir, O_RDONLY);
2090
1523
if(hookdir_fd == -1){
2091
1524
if(errno == ENOENT){
2092
1525
if(debug){
2099
1532
return;
2100
1533
}
2101
1534
}
2102
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2103
if(devnull == -1){
2104
perror_plus("open(\"/dev/null\", O_RDONLY)");
2105
return;
2106
}
1535
#ifdef __GLIBC__
1536
#if __GLIBC_PREREQ(2, 15)
2107
1537
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2108
1538
runnable_hook, alphasort);
1539
#else /* not __GLIBC_PREREQ(2, 15) */
1540
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1541
alphasort);
1542
#endif /* not __GLIBC_PREREQ(2, 15) */
1543
#else /* not __GLIBC__ */
1544
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1545
alphasort);
1546
#endif /* not __GLIBC__ */
2109
1547
if(numhooks == -1){
2110
1548
perror_plus("scandir");
2111
close(devnull);
2112
1549
return;
2113
1550
}
2114
1551
struct dirent *direntry;
2115
1552
int ret;
1553
int devnull = open("/dev/null", O_RDONLY);
2116
1554
for(int i = 0; i < numhooks; i++){
2117
1555
direntry = direntries[i];
2118
1556
if(debug){
2142
1580
perror_plus("setgroups");
2143
1581
_exit(EX_NOPERM);
2144
1582
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
2145
1598
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2146
1599
if(ret == -1){
2147
1600
perror_plus("setenv");
2182
1635
_exit(EX_OSERR);
2183
1636
}
2184
1637
}
2185
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2186
direntry->d_name,
2187
O_RDONLY));
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2188
1639
if(hook_fd == -1){
2189
1640
perror_plus("openat");
2190
1641
_exit(EXIT_FAILURE);
2191
1642
}
2192
if(close(hookdir_fd) == -1){
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2193
1644
perror_plus("close");
2194
1645
_exit(EXIT_FAILURE);
2195
1646
}
2196
ret = dup2(devnull, STDIN_FILENO);
2197
if(ret == -1){
2198
perror_plus("dup2(devnull, STDIN_FILENO)");
2199
_exit(EX_OSERR);
2200
}
2201
ret = close(devnull);
2202
if(ret == -1){
2203
perror_plus("close");
2204
_exit(EX_OSERR);
2205
}
2206
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2207
if(ret == -1){
2208
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2209
_exit(EX_OSERR);
2210
}
2211
1647
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2212
1648
environ) == -1){
2213
1649
perror_plus("fexecve");
2253
1689
free(direntry);
2254
1690
}
2255
1691
free(direntries);
2256
if(close(hookdir_fd) == -1){
1692
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2257
1693
perror_plus("close");
2258
1694
} else {
2259
1695
hookdir_fd = -1;
2262
1698
}
2263
1699
2264
1700
__attribute__((nonnull, warn_unused_result))
2265
int bring_up_interface(const char *const interface,
2266
const float delay){
2267
int old_errno = errno;
1701
error_t bring_up_interface(const char *const interface,
1702
const float delay){
1703
error_t old_errno = errno;
2268
1704
int ret;
2269
1705
struct ifreq network;
2270
1706
unsigned int if_index = if_nametoindex(interface);
2280
1716
}
2281
1717
2282
1718
if(not interface_is_up(interface)){
2283
int ret_errno = 0;
2284
int ioctl_errno = 0;
1719
error_t ret_errno = 0, ioctl_errno = 0;
2285
1720
if(not get_flags(interface, &network)){
2286
1721
ret_errno = errno;
2287
1722
fprintf_plus(stderr, "Failed to get flags for interface "
2300
1735
}
2301
1736
2302
1737
if(quit_now){
2303
ret = close(sd);
1738
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2304
1739
if(ret == -1){
2305
1740
perror_plus("close");
2306
1741
}
2356
1791
}
2357
1792
2358
1793
/* Close the socket */
2359
ret = close(sd);
1794
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2360
1795
if(ret == -1){
2361
1796
perror_plus("close");
2362
1797
}
2374
1809
2375
1810
/* Sleep checking until interface is running.
2376
1811
Check every 0.25s, up to total time of delay */
2377
for(int i = 0; i < delay * 4; i++){
1812
for(int i=0; i < delay * 4; i++){
2378
1813
if(interface_is_running(interface)){
2379
1814
break;
2380
1815
}
2390
1825
}
2391
1826
2392
1827
__attribute__((nonnull, warn_unused_result))
2393
int take_down_interface(const char *const interface){
2394
int old_errno = errno;
1828
error_t take_down_interface(const char *const interface){
1829
error_t old_errno = errno;
2395
1830
struct ifreq network;
2396
1831
unsigned int if_index = if_nametoindex(interface);
2397
1832
if(if_index == 0){
2400
1835
return ENXIO;
2401
1836
}
2402
1837
if(interface_is_up(interface)){
2403
int ret_errno = 0;
2404
int ioctl_errno = 0;
1838
error_t ret_errno = 0, ioctl_errno = 0;
2405
1839
if(not get_flags(interface, &network) and debug){
2406
1840
ret_errno = errno;
2407
1841
fprintf_plus(stderr, "Failed to get flags for interface "
2445
1879
}
2446
1880
2447
1881
/* Close the socket */
2448
int ret = close(sd);
1882
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2449
1883
if(ret == -1){
2450
1884
perror_plus("close");
2451
1885
}
2466
1900
}
2467
1901
2468
1902
int main(int argc, char *argv[]){
2469
mandos_context mc = { .server = NULL, .dh_bits = 0,
2470
#if GNUTLS_VERSION_NUMBER >= 0x030606
2471
.priority = "SECURE128:!CTYPE-X.509"
2472
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2473
":%PROFILE_ULTRA",
2474
#elif GNUTLS_VERSION_NUMBER < 0x030600
2475
.priority = "SECURE256:!CTYPE-X.509"
2476
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2477
#else
2478
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2479
#endif
2480
.current_server = NULL, .interfaces = NULL,
2481
.interfaces_size = 0 };
1903
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1904
.priority = "SECURE256:!CTYPE-X.509:"
1905
"+CTYPE-OPENPGP", .current_server = NULL,
1906
.interfaces = NULL, .interfaces_size = 0 };
2482
1907
AvahiSServiceBrowser *sb = NULL;
2483
1908
error_t ret_errno;
2484
1909
int ret;
2493
1918
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2494
1919
const char *seckey = PATHDIR "/" SECKEY;
2495
1920
const char *pubkey = PATHDIR "/" PUBKEY;
2496
#if GNUTLS_VERSION_NUMBER >= 0x030606
2497
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2498
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2499
#endif
2500
const char *dh_params_file = NULL;
2501
1921
char *interfaces_hooks = NULL;
2502
1922
2503
1923
bool gnutls_initialized = false;
2550
1970
{ .name = "pubkey", .key = 'p',
2551
1971
.arg = "FILE",
2552
1972
.doc = "OpenPGP public key file base name",
2553
.group = 1 },
2554
{ .name = "tls-privkey", .key = 't',
2555
.arg = "FILE",
2556
#if GNUTLS_VERSION_NUMBER >= 0x030606
2557
.doc = "TLS private key file base name",
2558
#else
2559
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2560
#endif
2561
.group = 1 },
2562
{ .name = "tls-pubkey", .key = 'T',
2563
.arg = "FILE",
2564
#if GNUTLS_VERSION_NUMBER >= 0x030606
2565
.doc = "TLS public key file base name",
2566
#else
2567
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2568
#endif
2569
.group = 1 },
1973
.group = 2 },
2570
1974
{ .name = "dh-bits", .key = 129,
2571
1975
.arg = "BITS",
2572
1976
.doc = "Bit length of the prime number used in the"
2573
1977
" Diffie-Hellman key exchange",
2574
1978
.group = 2 },
2575
{ .name = "dh-params", .key = 134,
2576
.arg = "FILE",
2577
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2578
" for the Diffie-Hellman key exchange",
2579
.group = 2 },
2580
1979
{ .name = "priority", .key = 130,
2581
1980
.arg = "STRING",
2582
1981
.doc = "GnuTLS priority string for the TLS handshake",
2628
2027
case 'p': /* --pubkey */
2629
2028
pubkey = arg;
2630
2029
break;
2631
case 't': /* --tls-privkey */
2632
#if GNUTLS_VERSION_NUMBER >= 0x030606
2633
tls_privkey = arg;
2634
#endif
2635
break;
2636
case 'T': /* --tls-pubkey */
2637
#if GNUTLS_VERSION_NUMBER >= 0x030606
2638
tls_pubkey = arg;
2639
#endif
2640
break;
2641
2030
case 129: /* --dh-bits */
2642
2031
errno = 0;
2643
2032
tmpmax = strtoimax(arg, &tmp, 10);
2647
2036
}
2648
2037
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2649
2038
break;
2650
case 134: /* --dh-params */
2651
dh_params_file = arg;
2652
break;
2653
2039
case 130: /* --priority */
2654
2040
mc.priority = arg;
2655
2041
break;
2678
2064
argp_state_help(state, state->out_stream,
2679
2065
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2680
2066
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2681
__builtin_unreachable();
2682
2067
case -3: /* --usage */
2683
2068
argp_state_help(state, state->out_stream,
2684
2069
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2685
__builtin_unreachable();
2686
2070
case 'V': /* --version */
2687
2071
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2688
2072
exit(argp_err_exit_status);
2697
2081
.args_doc = "",
2698
2082
.doc = "Mandos client -- Get and decrypt"
2699
2083
" passwords from a Mandos server" };
2700
ret_errno = argp_parse(&argp, argc, argv,
2701
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2702
switch(ret_errno){
2084
ret = argp_parse(&argp, argc, argv,
2085
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2086
switch(ret){
2703
2087
case 0:
2704
2088
break;
2705
2089
case ENOMEM:
2706
2090
default:
2707
errno = ret_errno;
2091
errno = ret;
2708
2092
perror_plus("argp_parse");
2709
2093
exitcode = EX_OSERR;
2710
2094
goto end;
2713
2097
goto end;
2714
2098
}
2715
2099
}
2716
2100
2717
2101
{
2718
2102
/* Work around Debian bug #633582:
2719
<https://bugs.debian.org/633582> */
2103
<http://bugs.debian.org/633582> */
2720
2104
2721
2105
/* Re-raise privileges */
2722
ret = raise_privileges();
2723
if(ret != 0){
2724
errno = ret;
2106
ret_errno = raise_privileges();
2107
if(ret_errno != 0){
2108
errno = ret_errno;
2725
2109
perror_plus("Failed to raise privileges");
2726
2110
} else {
2727
2111
struct stat st;
2743
2127
}
2744
2128
}
2745
2129
}
2746
close(seckey_fd);
2130
TEMP_FAILURE_RETRY(close(seckey_fd));
2747
2131
}
2748
2132
}
2749
2133
2750
2134
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2751
2135
int pubkey_fd = open(pubkey, O_RDONLY);
2752
2136
if(pubkey_fd == -1){
2764
2148
}
2765
2149
}
2766
2150
}
2767
close(pubkey_fd);
2768
}
2769
}
2770
2771
if(dh_params_file != NULL
2772
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2773
int dhparams_fd = open(dh_params_file, O_RDONLY);
2774
if(dhparams_fd == -1){
2775
perror_plus("open");
2776
} else {
2777
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2778
if(ret == -1){
2779
perror_plus("fstat");
2780
} else {
2781
if(S_ISREG(st.st_mode)
2782
and st.st_uid == 0 and st.st_gid == 0){
2783
ret = fchown(dhparams_fd, uid, gid);
2784
if(ret == -1){
2785
perror_plus("fchown");
2786
}
2787
}
2788
}
2789
close(dhparams_fd);
2790
}
2791
}
2792
2151
TEMP_FAILURE_RETRY(close(pubkey_fd));
2152
}
2153
}
2154
2793
2155
/* Lower privileges */
2794
ret = lower_privileges();
2795
if(ret != 0){
2796
errno = ret;
2156
ret_errno = lower_privileges();
2157
if(ret_errno != 0){
2158
errno = ret_errno;
2797
2159
perror_plus("Failed to lower privileges");
2798
2160
}
2799
2161
}
2969
2331
errno = bring_up_interface(interface, delay);
2970
2332
if(not interface_was_up){
2971
2333
if(errno != 0){
2972
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2973
" %s\n", interface, strerror(errno));
2334
perror_plus("Failed to bring up interface");
2974
2335
} else {
2975
2336
errno = argz_add(&interfaces_to_take_down,
2976
2337
&interfaces_to_take_down_size,
2999
2360
goto end;
3000
2361
}
3001
2362
3002
#if GNUTLS_VERSION_NUMBER >= 0x030606
3003
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3004
#elif GNUTLS_VERSION_NUMBER < 0x030600
3005
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3006
#else
3007
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3008
#endif
2363
ret = init_gnutls_global(pubkey, seckey, &mc);
3009
2364
if(ret == -1){
3010
2365
fprintf_plus(stderr, "init_gnutls_global failed\n");
3011
2366
exitcode = EX_UNAVAILABLE;
3133
2488
3134
2489
/* Allocate a new server */
3135
2490
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3136
&config, NULL, NULL, &ret);
2491
&config, NULL, NULL, &ret_errno);
3137
2492
3138
2493
/* Free the Avahi configuration data */
3139
2494
avahi_server_config_free(&config);
3142
2497
/* Check if creating the Avahi server object succeeded */
3143
2498
if(mc.server == NULL){
3144
2499
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3145
avahi_strerror(ret));
2500
avahi_strerror(ret_errno));
3146
2501
exitcode = EX_UNAVAILABLE;
3147
2502
goto end;
3148
2503
}
3183
2538
end:
3184
2539
3185
2540
if(debug){
3186
if(signal_received){
3187
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3188
argv[0], signal_received,
3189
strsignal(signal_received));
3190
} else {
3191
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3192
}
2541
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
2542
}
3194
2543
3195
2544
/* Cleanup things */
3206
2555
3207
2556
if(gnutls_initialized){
3208
2557
gnutls_certificate_free_credentials(mc.cred);
2558
gnutls_global_deinit();
3209
2559
gnutls_dh_params_deinit(mc.dh_params);
3210
2560
}
3211
2561
3234
2584
3235
2585
/* Re-raise privileges */
3236
2586
{
3237
ret = raise_privileges();
3238
if(ret != 0){
3239
errno = ret;
2587
ret_errno = raise_privileges();
2588
if(ret_errno != 0){
2589
errno = ret_errno;
3240
2590
perror_plus("Failed to raise privileges");
3241
2591
} else {
3242
2592
3247
2597
/* Take down the network interfaces which were brought up */
3248
2598
{
3249
2599
char *interface = NULL;
3250
while((interface = argz_next(interfaces_to_take_down,
3251
interfaces_to_take_down_size,
3252
interface))){
3253
ret = take_down_interface(interface);
3254
if(ret != 0){
3255
errno = ret;
2600
while((interface=argz_next(interfaces_to_take_down,
2601
interfaces_to_take_down_size,
2602
interface))){
2603
ret_errno = take_down_interface(interface);
2604
if(ret_errno != 0){
2605
errno = ret_errno;
3256
2606
perror_plus("Failed to take down interface");
3257
2607
}
3258
2608
}
3263
2613
}
3264
2614
}
3265
2615
3266
ret = lower_privileges_permanently();
3267
if(ret != 0){
3268
errno = ret;
2616
ret_errno = lower_privileges_permanently();
2617
if(ret_errno != 0){
2618
errno = ret_errno;
3269
2619
perror_plus("Failed to lower privileges permanently");
3270
2620
}
3271
2621
}
3273
2623
free(interfaces_to_take_down);
3274
2624
free(interfaces_hooks);
3275
2625
3276
void clean_dir_at(int base, const char * const dirname,
3277
uintmax_t level){
3278
struct dirent **direntries = NULL;
3279
int dret;
3280
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3281
O_RDONLY
3282
| O_NOFOLLOW
3283
| O_DIRECTORY
3284
| O_PATH));
3285
if(dir_fd == -1){
3286
perror_plus("open");
3287
return;
3288
}
3289
int numentries = scandirat(dir_fd, ".", &direntries,
3290
notdotentries, alphasort);
3291
if(numentries >= 0){
3292
for(int i = 0; i < numentries; i++){
3293
if(debug){
3294
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3295
dirname, direntries[i]->d_name);
3296
}
3297
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3298
if(dret == -1){
3299
if(errno == EISDIR){
3300
dret = unlinkat(dir_fd, direntries[i]->d_name,
3301
AT_REMOVEDIR);
3302
}
3303
if((dret == -1) and (errno == ENOTEMPTY)
3304
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3305
== 0) and (level == 0)){
3306
/* Recurse only in this special case */
3307
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3308
dret = 0;
3309
}
3310
if((dret == -1) and (errno != ENOENT)){
3311
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3312
direntries[i]->d_name, strerror(errno));
3313
}
3314
}
3315
free(direntries[i]);
3316
}
3317
3318
/* need to clean even if 0 because man page doesn't specify */
3319
free(direntries);
3320
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3321
if(dret == -1 and errno != ENOENT){
3322
perror_plus("rmdir");
3323
}
3324
} else {
3325
perror_plus("scandirat");
3326
}
3327
close(dir_fd);
3328
}
3329
3330
2626
/* Removes the GPGME temp directory and all files inside */
3331
2627
if(tempdir != NULL){
3332
clean_dir_at(-1, tempdir, 0);
2628
struct dirent **direntries = NULL;
2629
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2630
O_NOFOLLOW));
2631
if(tempdir_fd == -1){
2632
perror_plus("open");
2633
} else {
2634
#ifdef __GLIBC__
2635
#if __GLIBC_PREREQ(2, 15)
2636
int numentries = scandirat(tempdir_fd, ".", &direntries,
2637
notdotentries, alphasort);
2638
#else /* not __GLIBC_PREREQ(2, 15) */
2639
int numentries = scandir(tempdir, &direntries, notdotentries,
2640
alphasort);
2641
#endif /* not __GLIBC_PREREQ(2, 15) */
2642
#else /* not __GLIBC__ */
2643
int numentries = scandir(tempdir, &direntries, notdotentries,
2644
alphasort);
2645
#endif /* not __GLIBC__ */
2646
if(numentries >= 0){
2647
for(int i = 0; i < numentries; i++){
2648
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2649
if(ret == -1){
2650
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2651
" \"%s\", 0): %s\n", tempdir,
2652
direntries[i]->d_name, strerror(errno));
2653
}
2654
free(direntries[i]);
2655
}
2656
2657
/* need to clean even if 0 because man page doesn't specify */
2658
free(direntries);
2659
if(numentries == -1){
2660
perror_plus("scandir");
2661
}
2662
ret = rmdir(tempdir);
2663
if(ret == -1 and errno != ENOENT){
2664
perror_plus("rmdir");
2665
}
2666
}
2667
TEMP_FAILURE_RETRY(close(tempdir_fd));
2668
}
3333
2669
}
3334
2670
3335
2671
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0