/mandos/trunk : revision 742

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2015-03-10 18:03:38 UTC
Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9

Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.

If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.

There is a "PFS" priority string specifier, but we can't use it because:

1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".

2. It is only available since GnuTLS 3.2.4.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

files removed:
bugs.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.postinst

debian/mandos.prerm

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

#define BUFFER_SIZE 256

#define PDIR "/lib/mandos/plugins.d"

#define PHDIR "/lib/mandos/plugin-helpers"

#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"

const char *argp_program_version = "plugin-runner " VERSION;

348

347

349

348

int main(int argc, char *argv[]){

350

349

char *plugindir = NULL;

351

char *pluginhelperdir = NULL;

352

350

char *argfile = NULL;

353

351

FILE *conffp;

354

352

struct dirent **direntries = NULL;

416

414

.doc = "Group ID the plugins will run as", .group = 3 },

417

415

{ .name = "debug", .key = 132,

418

416

.doc = "Debug mode", .group = 4 },

419

{ .name = "plugin-helper-dir", .key = 133,

420

.arg = "DIRECTORY",

421

.doc = "Specify a different plugin helper directory",

422

.group = 2 },

423

417

424

418

* These reproduce what we would get without ARGP_NO_HELP

425

419

551

545

case 132: /* --debug */

552

546

debug = true;

553

547

break;

554

case 133: /* --plugin-helper-dir */

555

free(pluginhelperdir);

556

pluginhelperdir = strdup(arg);

557

if(pluginhelperdir != NULL){

558

errno = 0;

559

}

560

break;

561

548

562

549

* These reproduce what we would get without ARGP_NO_HELP

563

550

614

601

case 130: /* --userid */

615

602

case 131: /* --groupid */

616

603

case 132: /* --debug */

617

case 133: /* --plugin-helper-dir */

618

604

case '?': /* --help */

619

605

case -3: /* --usage */

620

606

case 'V': /* --version */

701

687

custom_argc += 1;

702

688

{

703

689

char **new_argv = realloc(custom_argv, sizeof(char *)

704

* ((size_t)custom_argc + 1));

690

* ((unsigned int)

691

custom_argc + 1));

705

692

if(new_argv == NULL){

706

693

error(0, errno, "realloc");

707

694

exitstatus = EX_OSERR;

774

761

goto fallback;

775

762

}

776

763

777

{

778

char *pluginhelperenv;

779

bool bret = true;

780

ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",

781

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

782

if(ret != -1){

783

bret = add_environment(getplugin(NULL), pluginhelperenv, true);

784

}

785

if(ret == -1 or not bret){

786

error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"

787

" environment variable to \"%s\" for all plugins\n",

788

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

789

}

790

if(ret != -1){

791

free(pluginhelperenv);

792

}

793

}

794

795

764

if(debug){

796

765

for(plugin *p = plugin_list; p != NULL; p=p->next){

797

766

fprintf(stderr, "Plugin: %s has %d arguments\n",

826

795

}

827

796

}

828

797

}

829

close(plugindir_fd);

798

TEMP_FAILURE_RETRY(close(plugindir_fd));

830

799

}

831

800

}

832

801

891

860

return 1;

892

861

}

893

862

863

#ifdef __GLIBC__

864

#if __GLIBC_PREREQ(2, 15)

894

865

int numplugins = scandirat(dir_fd, ".", &direntries, good_name,

895

866

alphasort);

867

#else /* not __GLIBC_PREREQ(2, 15) */

868

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

869

&direntries, good_name, alphasort);

870

#endif /* not __GLIBC_PREREQ(2, 15) */

871

#else /* not __GLIBC__ */

872

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

873

&direntries, good_name, alphasort);

874

#endif /* not __GLIBC__ */

896

875

if(numplugins == -1){

897

876

error(0, errno, "Could not scan plugin dir");

898

877

direntries = NULL;

914

893

ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));

915

894

if(ret == -1){

916

895

error(0, errno, "stat");

917

close(plugin_fd);

896

TEMP_FAILURE_RETRY(close(plugin_fd));

918

897

free(direntries[i]);

919

898

continue;

920

899

}

929

908

plugindir != NULL ? plugindir : PDIR,

930

909

direntries[i]->d_name);

931

910

}

932

close(plugin_fd);

911

TEMP_FAILURE_RETRY(close(plugin_fd));

933

912

free(direntries[i]);

934

913

continue;

935

914

}

937

916

plugin *p = getplugin(direntries[i]->d_name);

938

917

if(p == NULL){

939

918

error(0, errno, "getplugin");

940

close(plugin_fd);

919

TEMP_FAILURE_RETRY(close(plugin_fd));

941

920

free(direntries[i]);

942

921

continue;

943

922

}

946

925

fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",

947

926

direntries[i]->d_name);

948

927

}

949

close(plugin_fd);

928

TEMP_FAILURE_RETRY(close(plugin_fd));

950

929

free(direntries[i]);

951

930

continue;

952

931

}

992

971

if(pipefd[0] >= FD_SETSIZE){

993

972

fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],

994

973

FD_SETSIZE);

995

close(pipefd[0]);

996

close(pipefd[1]);

974

TEMP_FAILURE_RETRY(close(pipefd[0]));

975

TEMP_FAILURE_RETRY(close(pipefd[1]));

997

976

exitstatus = EX_OSERR;

998

977

free(direntries[i]);

999

978

goto fallback;

1003

982

ret = set_cloexec_flag(pipefd[0]);

1004

983

if(ret < 0){

1005

984

error(0, errno, "set_cloexec_flag");

1006

close(pipefd[0]);

1007

close(pipefd[1]);

985

TEMP_FAILURE_RETRY(close(pipefd[0]));

986

TEMP_FAILURE_RETRY(close(pipefd[1]));

1008

987

exitstatus = EX_OSERR;

1009

988

free(direntries[i]);

1010

989

goto fallback;

1012

991

ret = set_cloexec_flag(pipefd[1]);

1013

992

if(ret < 0){

1014

993

error(0, errno, "set_cloexec_flag");

1015

close(pipefd[0]);

1016

close(pipefd[1]);

994

TEMP_FAILURE_RETRY(close(pipefd[0]));

995

TEMP_FAILURE_RETRY(close(pipefd[1]));

1017

996

exitstatus = EX_OSERR;

1018

997

free(direntries[i]);

1019

998

goto fallback;

1038

1017

error(0, errno, "fork");

1039

1018

TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1040

1019

&sigchld_action.sa_mask, NULL));

1041

close(pipefd[0]);

1042

close(pipefd[1]);

1020

TEMP_FAILURE_RETRY(close(pipefd[0]));

1021

TEMP_FAILURE_RETRY(close(pipefd[1]));

1043

1022

exitstatus = EX_OSERR;

1044

1023

free(direntries[i]);

1045

1024

goto fallback;

1073

1052

/* no return */

1074

1053

}

1075

1054

/* Parent process */

1076

close(pipefd[1]); /* Close unused write end of pipe */

1077

close(plugin_fd);

1055

TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of

1056

pipe */

1057

TEMP_FAILURE_RETRY(close(plugin_fd));

1078

1058

plugin *new_plugin = getplugin(direntries[i]->d_name);

1079

1059

if(new_plugin == NULL){

1080

1060

error(0, errno, "getplugin");

1104

1084

goto fallback;

1105

1085

}

1106

1086

1107

FD_SET(new_plugin->fd, &rfds_all);

1087

#if defined (__GNUC__) and defined (__GLIBC__)

1088

#if not __GLIBC_PREREQ(2, 16)

1089

#pragma GCC diagnostic push

1090

#pragma GCC diagnostic ignored "-Wsign-conversion"

1091

#endif

1092

#endif

1093

FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from

1094

-Wconversion in GNU libc

1095

before 2.16 */

1096

#if defined (__GNUC__) and defined (__GLIBC__)

1097

#if not __GLIBC_PREREQ(2, 16)

1098

#pragma GCC diagnostic pop

1099

#endif

1100

#endif

1108

1101

1109

1102

if(maxfd < new_plugin->fd){

1110

1103

maxfd = new_plugin->fd;

1113

1106

1114

1107

free(direntries);

1115

1108

direntries = NULL;

1116

close(dir_fd);

1109

TEMP_FAILURE_RETRY(close(dir_fd));

1117

1110

dir_fd = -1;

1118

1111

free_plugin(getplugin(NULL));

1119

1112

1166

1159

}

1167

1160

1168

1161

/* Remove the plugin */

1169

FD_CLR(proc->fd, &rfds_all);

1162

#if defined (__GNUC__) and defined (__GLIBC__)

1163

#if not __GLIBC_PREREQ(2, 16)

1164

#pragma GCC diagnostic push

1165

#pragma GCC diagnostic ignored "-Wsign-conversion"

1166

#endif

1167

#endif

1168

FD_CLR(proc->fd, &rfds_all); /* Spurious warning from

1169

-Wconversion in GNU libc

1170

before 2.16 */

1171

#if defined (__GNUC__) and defined (__GLIBC__)

1172

#if not __GLIBC_PREREQ(2, 16)

1173

#pragma GCC diagnostic pop

1174

#endif

1175

#endif

1170

1176

1171

1177

/* Block signal while modifying process_list */

1172

1178

ret = (int)TEMP_FAILURE_RETRY(sigprocmask

1212

1218

}

1213

1219

1214

1220

/* This process has not completed. Does it have any output? */

1215

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1221

#if defined (__GNUC__) and defined (__GLIBC__)

1222

#if not __GLIBC_PREREQ(2, 16)

1223

#pragma GCC diagnostic push

1224

#pragma GCC diagnostic ignored "-Wsign-conversion"

1225

#endif

1226

#endif

1227

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious

1228

warning from

1229

-Wconversion

1230

in GNU libc

1231

before

1232

2.16 */

1233

#if defined (__GNUC__) and defined (__GLIBC__)

1234

#if not __GLIBC_PREREQ(2, 16)

1235

#pragma GCC diagnostic pop

1236

#endif

1237

#endif

1216

1238

/* This process had nothing to say at this time */

1217

1239

proc = proc->next;

1218

1240

continue;

1288

1310

free(direntries);

1289

1311

1290

1312

if(dir_fd != -1){

1291

close(dir_fd);

1313

TEMP_FAILURE_RETRY(close(dir_fd));

1292

1314

}

1293

1315

1294

1316

/* Kill the processes */

1314

1336

free_plugin_list();

1315

1337

1316

1338

free(plugindir);

1317

free(pluginhelperdir);

1318

1339

free(argfile);

1319

1340

1320

1341

return exitstatus;

Older »