To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 742
- compare with another revision
- download diff
- download tarball
- view history from revision 742
- Committer: Teddy Hogeborn
- Date: 2015-03-10 18:03:38 UTC
- Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9
Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
- files removed:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strcpy() */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
51
#include <sys/ioctl.h> /* ioctl */
52
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
53
sockaddr_in6, PF_INET6,
305
305
return false;
306
306
}
307
307
308
ret = close(fd);
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
309
309
if(ret == -1){
310
310
perror_plus("close");
311
311
}
493
493
return plaintext_length;
494
494
}
495
495
496
__attribute__((warn_unused_result, const))
497
static const char *safe_string(const char *str){
498
if(str == NULL)
499
return "(unknown)";
500
return str;
501
}
502
503
496
__attribute__((warn_unused_result))
504
497
static const char *safer_gnutls_strerror(int value){
505
498
const char *ret = gnutls_strerror(value);
506
return safe_string(ret);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
507
502
}
508
503
509
504
/* GnuTLS log function callback */
516
511
__attribute__((nonnull, warn_unused_result))
517
512
static int init_gnutls_global(const char *pubkeyfilename,
518
513
const char *seckeyfilename,
519
const char *dhparamsfilename,
520
514
mandos_context *mc){
521
515
int ret;
522
unsigned int uret;
523
516
524
517
if(debug){
525
518
fprintf_plus(stderr, "Initializing GnuTLS\n");
576
569
safer_gnutls_strerror(ret));
577
570
goto globalfail;
578
571
}
579
/* If a Diffie-Hellman parameters file was given, try to use it */
580
if(dhparamsfilename != NULL){
581
gnutls_datum_t params = { .data = NULL, .size = 0 };
582
do {
583
int dhpfile = open(dhparamsfilename, O_RDONLY);
584
if(dhpfile == -1){
585
perror_plus("open");
586
dhparamsfilename = NULL;
587
break;
588
}
589
size_t params_capacity = 0;
590
while(true){
591
params_capacity = incbuffer((char **)¶ms.data,
592
(size_t)params.size,
593
(size_t)params_capacity);
594
if(params_capacity == 0){
595
perror_plus("incbuffer");
596
free(params.data);
597
params.data = NULL;
598
dhparamsfilename = NULL;
599
break;
600
}
601
ssize_t bytes_read = read(dhpfile,
602
params.data + params.size,
603
BUFFER_SIZE);
604
/* EOF */
605
if(bytes_read == 0){
606
break;
607
}
608
/* check bytes_read for failure */
609
if(bytes_read < 0){
610
perror_plus("read");
611
free(params.data);
612
params.data = NULL;
613
dhparamsfilename = NULL;
614
break;
615
}
616
params.size += (unsigned int)bytes_read;
617
}
618
if(params.data == NULL){
619
dhparamsfilename = NULL;
620
}
621
if(dhparamsfilename == NULL){
622
break;
623
}
624
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
625
GNUTLS_X509_FMT_PEM);
626
if(ret != GNUTLS_E_SUCCESS){
627
fprintf_plus(stderr, "Failed to parse DH parameters in file"
628
" \"%s\": %s\n", dhparamsfilename,
629
safer_gnutls_strerror(ret));
630
dhparamsfilename = NULL;
631
}
632
} while(false);
633
}
634
if(dhparamsfilename == NULL){
635
if(mc->dh_bits == 0){
636
/* Find out the optimal number of DH bits */
637
/* Try to read the private key file */
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
639
do {
640
int secfile = open(seckeyfilename, O_RDONLY);
641
if(secfile == -1){
642
perror_plus("open");
643
break;
644
}
645
size_t buffer_capacity = 0;
646
while(true){
647
buffer_capacity = incbuffer((char **)&buffer.data,
648
(size_t)buffer.size,
649
(size_t)buffer_capacity);
650
if(buffer_capacity == 0){
651
perror_plus("incbuffer");
652
free(buffer.data);
653
buffer.data = NULL;
654
break;
655
}
656
ssize_t bytes_read = read(secfile,
657
buffer.data + buffer.size,
658
BUFFER_SIZE);
659
/* EOF */
660
if(bytes_read == 0){
661
break;
662
}
663
/* check bytes_read for failure */
664
if(bytes_read < 0){
665
perror_plus("read");
666
free(buffer.data);
667
buffer.data = NULL;
668
break;
669
}
670
buffer.size += (unsigned int)bytes_read;
671
}
672
close(secfile);
673
} while(false);
674
/* If successful, use buffer to parse private key */
675
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
676
if(buffer.data != NULL){
677
{
678
gnutls_openpgp_privkey_t privkey = NULL;
679
ret = gnutls_openpgp_privkey_init(&privkey);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error initializing OpenPGP key"
682
" structure: %s",
683
safer_gnutls_strerror(ret));
684
free(buffer.data);
685
buffer.data = NULL;
686
} else {
687
ret = gnutls_openpgp_privkey_import
688
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
689
if(ret != GNUTLS_E_SUCCESS){
690
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
691
safer_gnutls_strerror(ret));
692
privkey = NULL;
693
}
694
free(buffer.data);
695
buffer.data = NULL;
696
if(privkey != NULL){
697
/* Use private key to suggest an appropriate
698
sec_param */
699
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
700
gnutls_openpgp_privkey_deinit(privkey);
701
if(debug){
702
fprintf_plus(stderr, "This OpenPGP key implies using"
703
" a GnuTLS security parameter \"%s\".\n",
704
safe_string(gnutls_sec_param_get_name
705
(sec_param)));
706
}
707
}
708
}
709
}
710
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
711
/* Err on the side of caution */
712
sec_param = GNUTLS_SEC_PARAM_ULTRA;
713
if(debug){
714
fprintf_plus(stderr, "Falling back to security parameter"
715
" \"%s\"\n",
716
safe_string(gnutls_sec_param_get_name
717
(sec_param)));
718
}
719
}
720
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
if(uret != 0){
723
mc->dh_bits = uret;
724
if(debug){
725
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
726
" implies %u DH bits; using that.\n",
727
safe_string(gnutls_sec_param_get_name
728
(sec_param)),
729
mc->dh_bits);
730
}
731
} else {
732
fprintf_plus(stderr, "Failed to get implied number of DH"
733
" bits for security parameter \"%s\"): %s\n",
734
safe_string(gnutls_sec_param_get_name
735
(sec_param)),
736
safer_gnutls_strerror(ret));
737
goto globalfail;
738
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
749
}
750
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
751
579
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
752
580
753
581
return 0;
813
641
/* ignore client certificate if any. */
814
642
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
815
643
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
816
646
return 0;
817
647
}
818
648
820
650
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
821
651
__attribute__((unused)) const char *txt){}
822
652
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
/* Helper function to add_local_route() and delete_local_route() */
876
__attribute__((nonnull, warn_unused_result))
877
static bool add_delete_local_route(const bool add,
878
const char *address,
879
AvahiIfIndex if_index){
880
int ret;
881
char helper[] = "mandos-client-iprouteadddel";
882
char add_arg[] = "add";
883
char delete_arg[] = "delete";
884
char debug_flag[] = "--debug";
885
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
886
if(pluginhelperdir == NULL){
887
if(debug){
888
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
889
" variable not set; cannot run helper\n");
890
}
891
return false;
892
}
893
894
char interface[IF_NAMESIZE];
895
if(if_indextoname((unsigned int)if_index, interface) == NULL){
896
perror_plus("if_indextoname");
897
return false;
898
}
899
900
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
901
if(devnull == -1){
902
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
return false;
904
}
905
pid_t pid = fork();
906
if(pid == 0){
907
/* Child */
908
/* Raise privileges */
909
errno = raise_privileges_permanently();
910
if(errno != 0){
911
perror_plus("Failed to raise privileges");
912
/* _exit(EX_NOPERM); */
913
} else {
914
/* Set group */
915
errno = 0;
916
ret = setgid(0);
917
if(ret == -1){
918
perror_plus("setgid");
919
_exit(EX_NOPERM);
920
}
921
/* Reset supplementary groups */
922
errno = 0;
923
ret = setgroups(0, NULL);
924
if(ret == -1){
925
perror_plus("setgroups");
926
_exit(EX_NOPERM);
927
}
928
}
929
ret = dup2(devnull, STDIN_FILENO);
930
if(ret == -1){
931
perror_plus("dup2(devnull, STDIN_FILENO)");
932
_exit(EX_OSERR);
933
}
934
ret = close(devnull);
935
if(ret == -1){
936
perror_plus("close");
937
_exit(EX_OSERR);
938
}
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
if(ret == -1){
941
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
942
_exit(EX_OSERR);
943
}
944
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
O_RDONLY
946
| O_DIRECTORY
947
| O_PATH
948
| O_CLOEXEC));
949
if(helperdir_fd == -1){
950
perror_plus("open");
951
_exit(EX_UNAVAILABLE);
952
}
953
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
954
helper, O_RDONLY));
955
if(helper_fd == -1){
956
perror_plus("openat");
957
_exit(EX_UNAVAILABLE);
958
}
959
close(helperdir_fd);
960
#ifdef __GNUC__
961
#pragma GCC diagnostic push
962
#pragma GCC diagnostic ignored "-Wcast-qual"
963
#endif
964
if(fexecve(helper_fd, (char *const [])
965
{ helper, add ? add_arg : delete_arg, (char *)address,
966
interface, debug ? debug_flag : NULL, NULL },
967
environ) == -1){
968
#ifdef __GNUC__
969
#pragma GCC diagnostic pop
970
#endif
971
perror_plus("fexecve");
972
_exit(EXIT_FAILURE);
973
}
974
}
975
if(pid == -1){
976
perror_plus("fork");
977
return false;
978
}
979
int status;
980
pid_t pret = -1;
981
errno = 0;
982
do {
983
pret = waitpid(pid, &status, 0);
984
if(pret == -1 and errno == EINTR and quit_now){
985
int errno_raising = 0;
986
if((errno = raise_privileges()) != 0){
987
errno_raising = errno;
988
perror_plus("Failed to raise privileges in order to"
989
" kill helper program");
990
}
991
if(kill(pid, SIGTERM) == -1){
992
perror_plus("kill");
993
}
994
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
995
perror_plus("Failed to lower privileges after killing"
996
" helper program");
997
}
998
return false;
999
}
1000
} while(pret == -1 and errno == EINTR);
1001
if(pret == -1){
1002
perror_plus("waitpid");
1003
return false;
1004
}
1005
if(WIFEXITED(status)){
1006
if(WEXITSTATUS(status) != 0){
1007
fprintf_plus(stderr, "Error: iprouteadddel exited"
1008
" with status %d\n", WEXITSTATUS(status));
1009
return false;
1010
}
1011
return true;
1012
}
1013
if(WIFSIGNALED(status)){
1014
fprintf_plus(stderr, "Error: iprouteadddel died by"
1015
" signal %d\n", WTERMSIG(status));
1016
return false;
1017
}
1018
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1019
return false;
1020
}
1021
1022
__attribute__((nonnull, warn_unused_result))
1023
static bool add_local_route(const char *address,
1024
AvahiIfIndex if_index){
1025
if(debug){
1026
fprintf_plus(stderr, "Adding route to %s\n", address);
1027
}
1028
return add_delete_local_route(true, address, if_index);
1029
}
1030
1031
__attribute__((nonnull, warn_unused_result))
1032
static bool delete_local_route(const char *address,
1033
AvahiIfIndex if_index){
1034
if(debug){
1035
fprintf_plus(stderr, "Removing route to %s\n", address);
1036
}
1037
return add_delete_local_route(false, address, if_index);
1038
}
1039
1040
653
/* Called when a Mandos server is found */
1041
654
__attribute__((nonnull, warn_unused_result))
1042
655
static int start_mandos_communication(const char *ip, in_port_t port,
1053
666
int retval = -1;
1054
667
gnutls_session_t session;
1055
668
int pf; /* Protocol family */
1056
bool route_added = false;
1057
669
1058
670
errno = 0;
1059
671
1117
729
PRIuMAX "\n", ip, (uintmax_t)port);
1118
730
}
1119
731
1120
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1121
733
if(tcp_sd < 0){
1122
734
int e = errno;
1123
735
perror_plus("socket");
1130
742
goto mandos_end;
1131
743
}
1132
744
745
memset(&to, 0, sizeof(to));
1133
746
if(af == AF_INET6){
1134
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1135
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1136
ret = inet_pton(af, ip, &to6->sin6_addr);
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1137
749
} else { /* IPv4 */
1138
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1139
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1140
ret = inet_pton(af, ip, &to4->sin_addr);
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1141
752
}
1142
753
if(ret < 0 ){
1143
754
int e = errno;
1213
824
goto mandos_end;
1214
825
}
1215
826
1216
while(true){
1217
if(af == AF_INET6){
1218
ret = connect(tcp_sd, (struct sockaddr *)&to,
1219
sizeof(struct sockaddr_in6));
1220
} else {
1221
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1222
sizeof(struct sockaddr_in));
1223
}
1224
if(ret < 0){
1225
if(errno == ENETUNREACH
1226
and if_index != AVAHI_IF_UNSPEC
1227
and connect_to == NULL
1228
and not route_added and
1229
((af == AF_INET6 and not
1230
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1231
&to)->sin6_addr)))
1232
or (af == AF_INET and
1233
/* Not a a IPv4LL address */
1234
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1235
& 0xFFFF0000L) != 0xA9FE0000L))){
1236
/* Work around Avahi bug - Avahi does not announce link-local
1237
addresses if it has a global address, so local hosts with
1238
*only* a link-local address (e.g. Mandos clients) cannot
1239
connect to a Mandos server announced by Avahi on a server
1240
host with a global address. Work around this by retrying
1241
with an explicit route added with the server's address.
1242
1243
Avahi bug reference:
1244
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1245
https://bugs.debian.org/587961
1246
*/
1247
if(debug){
1248
fprintf_plus(stderr, "Mandos server unreachable, trying"
1249
" direct route\n");
1250
}
1251
int e = errno;
1252
route_added = add_local_route(ip, if_index);
1253
if(route_added){
1254
continue;
1255
}
1256
errno = e;
1257
}
1258
if(errno != ECONNREFUSED or debug){
1259
int e = errno;
1260
perror_plus("connect");
1261
errno = e;
1262
}
1263
goto mandos_end;
1264
}
1265
1266
if(quit_now){
1267
errno = EINTR;
1268
goto mandos_end;
1269
}
1270
break;
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1271
846
}
1272
847
1273
848
const char *out = mandos_protocol_version;
1456
1031
1457
1032
mandos_end:
1458
1033
{
1459
if(route_added){
1460
if(not delete_local_route(ip, if_index)){
1461
fprintf_plus(stderr, "Failed to delete local route to %s on"
1462
" interface %d", ip, if_index);
1463
}
1464
}
1465
1034
int e = errno;
1466
1035
free(decrypted_buffer);
1467
1036
free(buffer);
1468
1037
if(tcp_sd >= 0){
1469
ret = close(tcp_sd);
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1470
1039
}
1471
1040
if(ret == -1){
1472
1041
if(e == 0){
1893
1462
}
1894
1463
}
1895
1464
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1896
1517
__attribute__((nonnull))
1897
1518
void run_network_hooks(const char *mode, const char *interface,
1898
1519
const float delay){
1899
1520
struct dirent **direntries = NULL;
1900
1521
if(hookdir_fd == -1){
1901
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1902
| O_CLOEXEC);
1522
hookdir_fd = open(hookdir, O_RDONLY);
1903
1523
if(hookdir_fd == -1){
1904
1524
if(errno == ENOENT){
1905
1525
if(debug){
1930
1550
}
1931
1551
struct dirent *direntry;
1932
1552
int ret;
1933
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1934
if(devnull == -1){
1935
perror_plus("open(\"/dev/null\", O_RDONLY)");
1936
return;
1937
}
1553
int devnull = open("/dev/null", O_RDONLY);
1938
1554
for(int i = 0; i < numhooks; i++){
1939
1555
direntry = direntries[i];
1940
1556
if(debug){
1964
1580
perror_plus("setgroups");
1965
1581
_exit(EX_NOPERM);
1966
1582
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
1967
1598
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1968
1599
if(ret == -1){
1969
1600
perror_plus("setenv");
2004
1635
_exit(EX_OSERR);
2005
1636
}
2006
1637
}
2007
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2008
direntry->d_name,
2009
O_RDONLY));
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2010
1639
if(hook_fd == -1){
2011
1640
perror_plus("openat");
2012
1641
_exit(EXIT_FAILURE);
2013
1642
}
2014
if(close(hookdir_fd) == -1){
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2015
1644
perror_plus("close");
2016
1645
_exit(EXIT_FAILURE);
2017
1646
}
2018
ret = dup2(devnull, STDIN_FILENO);
2019
if(ret == -1){
2020
perror_plus("dup2(devnull, STDIN_FILENO)");
2021
_exit(EX_OSERR);
2022
}
2023
ret = close(devnull);
2024
if(ret == -1){
2025
perror_plus("close");
2026
_exit(EX_OSERR);
2027
}
2028
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2029
if(ret == -1){
2030
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2031
_exit(EX_OSERR);
2032
}
2033
1647
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2034
1648
environ) == -1){
2035
1649
perror_plus("fexecve");
2075
1689
free(direntry);
2076
1690
}
2077
1691
free(direntries);
2078
if(close(hookdir_fd) == -1){
1692
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2079
1693
perror_plus("close");
2080
1694
} else {
2081
1695
hookdir_fd = -1;
2121
1735
}
2122
1736
2123
1737
if(quit_now){
2124
ret = close(sd);
1738
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2125
1739
if(ret == -1){
2126
1740
perror_plus("close");
2127
1741
}
2177
1791
}
2178
1792
2179
1793
/* Close the socket */
2180
ret = close(sd);
1794
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2181
1795
if(ret == -1){
2182
1796
perror_plus("close");
2183
1797
}
2265
1879
}
2266
1880
2267
1881
/* Close the socket */
2268
int ret = close(sd);
1882
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2269
1883
if(ret == -1){
2270
1884
perror_plus("close");
2271
1885
}
2286
1900
}
2287
1901
2288
1902
int main(int argc, char *argv[]){
2289
mandos_context mc = { .server = NULL, .dh_bits = 0,
1903
mandos_context mc = { .server = NULL, .dh_bits = 1024,
2290
1904
.priority = "SECURE256:!CTYPE-X.509:"
2291
1905
"+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2292
1906
.interfaces = NULL, .interfaces_size = 0 };
2304
1918
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2305
1919
const char *seckey = PATHDIR "/" SECKEY;
2306
1920
const char *pubkey = PATHDIR "/" PUBKEY;
2307
const char *dh_params_file = NULL;
2308
1921
char *interfaces_hooks = NULL;
2309
1922
2310
1923
bool gnutls_initialized = false;
2363
1976
.doc = "Bit length of the prime number used in the"
2364
1977
" Diffie-Hellman key exchange",
2365
1978
.group = 2 },
2366
{ .name = "dh-params", .key = 134,
2367
.arg = "FILE",
2368
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2369
" for the Diffie-Hellman key exchange",
2370
.group = 2 },
2371
1979
{ .name = "priority", .key = 130,
2372
1980
.arg = "STRING",
2373
1981
.doc = "GnuTLS priority string for the TLS handshake",
2428
2036
}
2429
2037
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2430
2038
break;
2431
case 134: /* --dh-params */
2432
dh_params_file = arg;
2433
break;
2434
2039
case 130: /* --priority */
2435
2040
mc.priority = arg;
2436
2041
break;
2492
2097
goto end;
2493
2098
}
2494
2099
}
2495
2100
2496
2101
{
2497
2102
/* Work around Debian bug #633582:
2498
2103
<http://bugs.debian.org/633582> */
2522
2127
}
2523
2128
}
2524
2129
}
2525
close(seckey_fd);
2130
TEMP_FAILURE_RETRY(close(seckey_fd));
2526
2131
}
2527
2132
}
2528
2133
2529
2134
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2530
2135
int pubkey_fd = open(pubkey, O_RDONLY);
2531
2136
if(pubkey_fd == -1){
2543
2148
}
2544
2149
}
2545
2150
}
2546
close(pubkey_fd);
2547
}
2548
}
2549
2550
if(strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2551
int dhparams_fd = open(dh_params_file, O_RDONLY);
2552
if(dhparams_fd == -1){
2553
perror_plus("open");
2554
} else {
2555
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2556
if(ret == -1){
2557
perror_plus("fstat");
2558
} else {
2559
if(S_ISREG(st.st_mode)
2560
and st.st_uid == 0 and st.st_gid == 0){
2561
ret = fchown(dhparams_fd, uid, gid);
2562
if(ret == -1){
2563
perror_plus("fchown");
2564
}
2565
}
2566
}
2567
close(dhparams_fd);
2568
}
2569
}
2570
2151
TEMP_FAILURE_RETRY(close(pubkey_fd));
2152
}
2153
}
2154
2571
2155
/* Lower privileges */
2572
2156
ret_errno = lower_privileges();
2573
2157
if(ret_errno != 0){
2747
2331
errno = bring_up_interface(interface, delay);
2748
2332
if(not interface_was_up){
2749
2333
if(errno != 0){
2750
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2751
" %s\n", interface, strerror(errno));
2334
perror_plus("Failed to bring up interface");
2752
2335
} else {
2753
2336
errno = argz_add(&interfaces_to_take_down,
2754
2337
&interfaces_to_take_down_size,
2777
2360
goto end;
2778
2361
}
2779
2362
2780
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2363
ret = init_gnutls_global(pubkey, seckey, &mc);
2781
2364
if(ret == -1){
2782
2365
fprintf_plus(stderr, "init_gnutls_global failed\n");
2783
2366
exitcode = EX_UNAVAILABLE;
3043
2626
/* Removes the GPGME temp directory and all files inside */
3044
2627
if(tempdir != NULL){
3045
2628
struct dirent **direntries = NULL;
3046
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3047
| O_NOFOLLOW
3048
| O_DIRECTORY
3049
| O_PATH));
2629
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2630
O_NOFOLLOW));
3050
2631
if(tempdir_fd == -1){
3051
2632
perror_plus("open");
3052
2633
} else {
3083
2664
perror_plus("rmdir");
3084
2665
}
3085
2666
}
3086
close(tempdir_fd);
2667
TEMP_FAILURE_RETRY(close(tempdir_fd));
3087
2668
}
3088
2669
}
3089
2670
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0