To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 749.1.1
- compare with another revision
- download diff
- download tarball
- view history from revision 749.1.1
- Committer: Teddy Hogeborn
- Date: 2015-05-23 20:18:34 UTC
- mto: This revision was merged to the branch mainline in revision 756.
- Revision ID: teddy@recompile.se-20150523201834-e89ex4ito93yni8x
mandos: Use multiprocessing module to run checkers.
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2016 Teddy Hogeborn
13
* Copyright © 2008-2016 Björn Påhlsson
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strncpy() */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
51
#include <sys/ioctl.h> /* ioctl */
52
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
53
sockaddr_in6, PF_INET6,
57
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
58
inet_pton(), connect(),
59
59
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
61
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
62
*/
63
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
64
strtoimax() */
65
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
66
EAI_SYSTEM, ENETUNREACH,
67
EHOSTUNREACH, ECONNREFUSED, EPROTO,
68
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
69
ENOTEMPTY,
65
#include <errno.h> /* perror(), errno,
70
66
program_invocation_short_name */
71
67
#include <time.h> /* nanosleep(), time(), sleep() */
72
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
309
305
return false;
310
306
}
311
307
312
ret = close(fd);
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
313
309
if(ret == -1){
314
310
perror_plus("close");
315
311
}
517
513
fprintf_plus(stderr, "GnuTLS: %s", string);
518
514
}
519
515
520
__attribute__((nonnull(1, 2, 4), warn_unused_result))
516
__attribute__((nonnull, warn_unused_result))
521
517
static int init_gnutls_global(const char *pubkeyfilename,
522
518
const char *seckeyfilename,
523
const char *dhparamsfilename,
524
519
mandos_context *mc){
525
520
int ret;
526
521
unsigned int uret;
529
524
fprintf_plus(stderr, "Initializing GnuTLS\n");
530
525
}
531
526
527
ret = gnutls_global_init();
528
if(ret != GNUTLS_E_SUCCESS){
529
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
530
safer_gnutls_strerror(ret));
531
return -1;
532
}
533
532
534
if(debug){
533
535
/* "Use a log level over 10 to enable all debugging options."
534
536
* - GnuTLS manual
542
544
if(ret != GNUTLS_E_SUCCESS){
543
545
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
544
546
safer_gnutls_strerror(ret));
547
gnutls_global_deinit();
545
548
return -1;
546
549
}
547
550
572
575
safer_gnutls_strerror(ret));
573
576
goto globalfail;
574
577
}
575
/* If a Diffie-Hellman parameters file was given, try to use it */
576
if(dhparamsfilename != NULL){
577
gnutls_datum_t params = { .data = NULL, .size = 0 };
578
do {
579
int dhpfile = open(dhparamsfilename, O_RDONLY);
580
if(dhpfile == -1){
581
perror_plus("open");
582
dhparamsfilename = NULL;
583
break;
584
}
585
size_t params_capacity = 0;
578
if(mc->dh_bits == 0){
579
/* Find out the optimal number of DH bits */
580
/* Try to read the private key file */
581
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
582
{
583
int secfile = open(seckeyfilename, O_RDONLY);
584
size_t buffer_capacity = 0;
586
585
while(true){
587
params_capacity = incbuffer((char **)¶ms.data,
588
(size_t)params.size,
589
(size_t)params_capacity);
590
if(params_capacity == 0){
586
buffer_capacity = incbuffer((char **)&buffer.data,
587
(size_t)buffer.size,
588
(size_t)buffer_capacity);
589
if(buffer_capacity == 0){
591
590
perror_plus("incbuffer");
592
free(params.data);
593
params.data = NULL;
594
dhparamsfilename = NULL;
591
free(buffer.data);
592
buffer.data = NULL;
595
593
break;
596
594
}
597
ssize_t bytes_read = read(dhpfile,
598
params.data + params.size,
595
ssize_t bytes_read = read(secfile, buffer.data + buffer.size,
599
596
BUFFER_SIZE);
600
597
/* EOF */
601
598
if(bytes_read == 0){
604
601
/* check bytes_read for failure */
605
602
if(bytes_read < 0){
606
603
perror_plus("read");
607
free(params.data);
608
params.data = NULL;
609
dhparamsfilename = NULL;
610
break;
611
}
612
params.size += (unsigned int)bytes_read;
613
}
614
if(params.data == NULL){
615
dhparamsfilename = NULL;
616
}
617
if(dhparamsfilename == NULL){
618
break;
619
}
620
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
621
GNUTLS_X509_FMT_PEM);
622
if(ret != GNUTLS_E_SUCCESS){
623
fprintf_plus(stderr, "Failed to parse DH parameters in file"
624
" \"%s\": %s\n", dhparamsfilename,
625
safer_gnutls_strerror(ret));
626
dhparamsfilename = NULL;
627
}
628
} while(false);
629
}
630
if(dhparamsfilename == NULL){
631
if(mc->dh_bits == 0){
632
/* Find out the optimal number of DH bits */
633
/* Try to read the private key file */
634
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
635
do {
636
int secfile = open(seckeyfilename, O_RDONLY);
637
if(secfile == -1){
638
perror_plus("open");
639
break;
640
}
641
size_t buffer_capacity = 0;
642
while(true){
643
buffer_capacity = incbuffer((char **)&buffer.data,
644
(size_t)buffer.size,
645
(size_t)buffer_capacity);
646
if(buffer_capacity == 0){
647
perror_plus("incbuffer");
648
free(buffer.data);
649
buffer.data = NULL;
650
break;
651
}
652
ssize_t bytes_read = read(secfile,
653
buffer.data + buffer.size,
654
BUFFER_SIZE);
655
/* EOF */
656
if(bytes_read == 0){
657
break;
658
}
659
/* check bytes_read for failure */
660
if(bytes_read < 0){
661
perror_plus("read");
662
free(buffer.data);
663
buffer.data = NULL;
664
break;
665
}
666
buffer.size += (unsigned int)bytes_read;
667
}
668
close(secfile);
669
} while(false);
670
/* If successful, use buffer to parse private key */
671
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
672
if(buffer.data != NULL){
673
{
674
gnutls_openpgp_privkey_t privkey = NULL;
675
ret = gnutls_openpgp_privkey_init(&privkey);
604
free(buffer.data);
605
buffer.data = NULL;
606
break;
607
}
608
buffer.size += (unsigned int)bytes_read;
609
}
610
close(secfile);
611
}
612
/* If successful, use buffer to parse private key */
613
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
614
if(buffer.data != NULL){
615
{
616
gnutls_openpgp_privkey_t privkey = NULL;
617
ret = gnutls_openpgp_privkey_init(&privkey);
618
if(ret != GNUTLS_E_SUCCESS){
619
fprintf_plus(stderr, "Error initializing OpenPGP key"
620
" structure: %s", safer_gnutls_strerror(ret));
621
free(buffer.data);
622
buffer.data = NULL;
623
} else {
624
ret = gnutls_openpgp_privkey_import(privkey, &buffer,
625
GNUTLS_OPENPGP_FMT_BASE64,
626
"", 0);
676
627
if(ret != GNUTLS_E_SUCCESS){
677
fprintf_plus(stderr, "Error initializing OpenPGP key"
678
" structure: %s",
628
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
679
629
safer_gnutls_strerror(ret));
680
free(buffer.data);
681
buffer.data = NULL;
682
} else {
683
ret = gnutls_openpgp_privkey_import
684
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
685
if(ret != GNUTLS_E_SUCCESS){
686
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
687
safer_gnutls_strerror(ret));
688
privkey = NULL;
689
}
690
free(buffer.data);
691
buffer.data = NULL;
692
if(privkey != NULL){
693
/* Use private key to suggest an appropriate
694
sec_param */
695
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
696
gnutls_openpgp_privkey_deinit(privkey);
697
if(debug){
698
fprintf_plus(stderr, "This OpenPGP key implies using"
699
" a GnuTLS security parameter \"%s\".\n",
700
safe_string(gnutls_sec_param_get_name
701
(sec_param)));
702
}
703
}
630
privkey = NULL;
704
631
}
705
}
706
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
707
/* Err on the side of caution */
708
sec_param = GNUTLS_SEC_PARAM_ULTRA;
709
if(debug){
710
fprintf_plus(stderr, "Falling back to security parameter"
711
" \"%s\"\n",
712
safe_string(gnutls_sec_param_get_name
713
(sec_param)));
632
free(buffer.data);
633
buffer.data = NULL;
634
if(privkey != NULL){
635
/* Use private key to suggest an appropriate sec_param */
636
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
637
gnutls_openpgp_privkey_deinit(privkey);
638
if(debug){
639
fprintf_plus(stderr, "This OpenPGP key implies using a"
640
" GnuTLS security parameter \"%s\".\n",
641
safe_string(gnutls_sec_param_get_name
642
(sec_param)));
643
}
714
644
}
715
645
}
716
646
}
717
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
718
if(uret != 0){
719
mc->dh_bits = uret;
647
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
648
/* Err on the side of caution */
649
sec_param = GNUTLS_SEC_PARAM_ULTRA;
720
650
if(debug){
721
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
722
" implies %u DH bits; using that.\n",
651
fprintf_plus(stderr, "Falling back to security parameter"
652
" \"%s\"\n",
723
653
safe_string(gnutls_sec_param_get_name
724
(sec_param)),
725
mc->dh_bits);
654
(sec_param)));
726
655
}
727
} else {
728
fprintf_plus(stderr, "Failed to get implied number of DH"
729
" bits for security parameter \"%s\"): %s\n",
656
}
657
}
658
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
659
if(uret != 0){
660
mc->dh_bits = uret;
661
if(debug){
662
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
663
" implies %u DH bits; using that.\n",
730
664
safe_string(gnutls_sec_param_get_name
731
665
(sec_param)),
732
safer_gnutls_strerror(ret));
733
goto globalfail;
666
mc->dh_bits);
734
667
}
735
} else if(debug){
736
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
737
mc->dh_bits);
738
}
739
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
740
if(ret != GNUTLS_E_SUCCESS){
741
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
742
" bits): %s\n", mc->dh_bits,
668
} else {
669
fprintf_plus(stderr, "Failed to get implied number of DH"
670
" bits for security parameter \"%s\"): %s\n",
671
safe_string(gnutls_sec_param_get_name(sec_param)),
743
672
safer_gnutls_strerror(ret));
744
673
goto globalfail;
745
674
}
746
}
675
} else if(debug){
676
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
677
mc->dh_bits);
678
}
679
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"
682
" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));
683
goto globalfail;
684
}
685
747
686
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
748
687
749
688
return 0;
751
690
globalfail:
752
691
753
692
gnutls_certificate_free_credentials(mc->cred);
693
gnutls_global_deinit();
754
694
gnutls_dh_params_deinit(mc->dh_params);
755
695
return -1;
756
696
}
808
748
/* ignore client certificate if any. */
809
749
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
810
750
751
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
752
811
753
return 0;
812
754
}
813
755
815
757
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
816
758
__attribute__((unused)) const char *txt){}
817
759
818
/* Set effective uid to 0, return errno */
819
__attribute__((warn_unused_result))
820
int raise_privileges(void){
821
int old_errno = errno;
822
int ret = 0;
823
if(seteuid(0) == -1){
824
ret = errno;
825
}
826
errno = old_errno;
827
return ret;
828
}
829
830
/* Set effective and real user ID to 0. Return errno. */
831
__attribute__((warn_unused_result))
832
int raise_privileges_permanently(void){
833
int old_errno = errno;
834
int ret = raise_privileges();
835
if(ret != 0){
836
errno = old_errno;
837
return ret;
838
}
839
if(setuid(0) == -1){
840
ret = errno;
841
}
842
errno = old_errno;
843
return ret;
844
}
845
846
/* Set effective user ID to unprivileged saved user ID */
847
__attribute__((warn_unused_result))
848
int lower_privileges(void){
849
int old_errno = errno;
850
int ret = 0;
851
if(seteuid(uid) == -1){
852
ret = errno;
853
}
854
errno = old_errno;
855
return ret;
856
}
857
858
/* Lower privileges permanently */
859
__attribute__((warn_unused_result))
860
int lower_privileges_permanently(void){
861
int old_errno = errno;
862
int ret = 0;
863
if(setuid(uid) == -1){
864
ret = errno;
865
}
866
errno = old_errno;
867
return ret;
868
}
869
870
/* Helper function to add_local_route() and delete_local_route() */
871
__attribute__((nonnull, warn_unused_result))
872
static bool add_delete_local_route(const bool add,
873
const char *address,
874
AvahiIfIndex if_index){
875
int ret;
876
char helper[] = "mandos-client-iprouteadddel";
877
char add_arg[] = "add";
878
char delete_arg[] = "delete";
879
char debug_flag[] = "--debug";
880
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
881
if(pluginhelperdir == NULL){
882
if(debug){
883
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
884
" variable not set; cannot run helper\n");
885
}
886
return false;
887
}
888
889
char interface[IF_NAMESIZE];
890
if(if_indextoname((unsigned int)if_index, interface) == NULL){
891
perror_plus("if_indextoname");
892
return false;
893
}
894
895
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
896
if(devnull == -1){
897
perror_plus("open(\"/dev/null\", O_RDONLY)");
898
return false;
899
}
900
pid_t pid = fork();
901
if(pid == 0){
902
/* Child */
903
/* Raise privileges */
904
errno = raise_privileges_permanently();
905
if(errno != 0){
906
perror_plus("Failed to raise privileges");
907
/* _exit(EX_NOPERM); */
908
} else {
909
/* Set group */
910
errno = 0;
911
ret = setgid(0);
912
if(ret == -1){
913
perror_plus("setgid");
914
_exit(EX_NOPERM);
915
}
916
/* Reset supplementary groups */
917
errno = 0;
918
ret = setgroups(0, NULL);
919
if(ret == -1){
920
perror_plus("setgroups");
921
_exit(EX_NOPERM);
922
}
923
}
924
ret = dup2(devnull, STDIN_FILENO);
925
if(ret == -1){
926
perror_plus("dup2(devnull, STDIN_FILENO)");
927
_exit(EX_OSERR);
928
}
929
ret = close(devnull);
930
if(ret == -1){
931
perror_plus("close");
932
_exit(EX_OSERR);
933
}
934
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
935
if(ret == -1){
936
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
937
_exit(EX_OSERR);
938
}
939
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
940
O_RDONLY
941
| O_DIRECTORY
942
| O_PATH
943
| O_CLOEXEC));
944
if(helperdir_fd == -1){
945
perror_plus("open");
946
_exit(EX_UNAVAILABLE);
947
}
948
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
949
helper, O_RDONLY));
950
if(helper_fd == -1){
951
perror_plus("openat");
952
close(helperdir_fd);
953
_exit(EX_UNAVAILABLE);
954
}
955
close(helperdir_fd);
956
#ifdef __GNUC__
957
#pragma GCC diagnostic push
958
#pragma GCC diagnostic ignored "-Wcast-qual"
959
#endif
960
if(fexecve(helper_fd, (char *const [])
961
{ helper, add ? add_arg : delete_arg, (char *)address,
962
interface, debug ? debug_flag : NULL, NULL },
963
environ) == -1){
964
#ifdef __GNUC__
965
#pragma GCC diagnostic pop
966
#endif
967
perror_plus("fexecve");
968
_exit(EXIT_FAILURE);
969
}
970
}
971
if(pid == -1){
972
perror_plus("fork");
973
return false;
974
}
975
int status;
976
pid_t pret = -1;
977
errno = 0;
978
do {
979
pret = waitpid(pid, &status, 0);
980
if(pret == -1 and errno == EINTR and quit_now){
981
int errno_raising = 0;
982
if((errno = raise_privileges()) != 0){
983
errno_raising = errno;
984
perror_plus("Failed to raise privileges in order to"
985
" kill helper program");
986
}
987
if(kill(pid, SIGTERM) == -1){
988
perror_plus("kill");
989
}
990
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
991
perror_plus("Failed to lower privileges after killing"
992
" helper program");
993
}
994
return false;
995
}
996
} while(pret == -1 and errno == EINTR);
997
if(pret == -1){
998
perror_plus("waitpid");
999
return false;
1000
}
1001
if(WIFEXITED(status)){
1002
if(WEXITSTATUS(status) != 0){
1003
fprintf_plus(stderr, "Error: iprouteadddel exited"
1004
" with status %d\n", WEXITSTATUS(status));
1005
return false;
1006
}
1007
return true;
1008
}
1009
if(WIFSIGNALED(status)){
1010
fprintf_plus(stderr, "Error: iprouteadddel died by"
1011
" signal %d\n", WTERMSIG(status));
1012
return false;
1013
}
1014
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1015
return false;
1016
}
1017
1018
__attribute__((nonnull, warn_unused_result))
1019
static bool add_local_route(const char *address,
1020
AvahiIfIndex if_index){
1021
if(debug){
1022
fprintf_plus(stderr, "Adding route to %s\n", address);
1023
}
1024
return add_delete_local_route(true, address, if_index);
1025
}
1026
1027
__attribute__((nonnull, warn_unused_result))
1028
static bool delete_local_route(const char *address,
1029
AvahiIfIndex if_index){
1030
if(debug){
1031
fprintf_plus(stderr, "Removing route to %s\n", address);
1032
}
1033
return add_delete_local_route(false, address, if_index);
1034
}
1035
1036
760
/* Called when a Mandos server is found */
1037
761
__attribute__((nonnull, warn_unused_result))
1038
762
static int start_mandos_communication(const char *ip, in_port_t port,
1049
773
int retval = -1;
1050
774
gnutls_session_t session;
1051
775
int pf; /* Protocol family */
1052
bool route_added = false;
1053
776
1054
777
errno = 0;
1055
778
1113
836
PRIuMAX "\n", ip, (uintmax_t)port);
1114
837
}
1115
838
1116
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
839
tcp_sd = socket(pf, SOCK_STREAM, 0);
1117
840
if(tcp_sd < 0){
1118
841
int e = errno;
1119
842
perror_plus("socket");
1126
849
goto mandos_end;
1127
850
}
1128
851
852
memset(&to, 0, sizeof(to));
1129
853
if(af == AF_INET6){
1130
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1131
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1132
ret = inet_pton(af, ip, &to6->sin6_addr);
854
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
855
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1133
856
} else { /* IPv4 */
1134
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1135
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1136
ret = inet_pton(af, ip, &to4->sin_addr);
857
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
858
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1137
859
}
1138
860
if(ret < 0 ){
1139
861
int e = errno;
1209
931
goto mandos_end;
1210
932
}
1211
933
1212
while(true){
1213
if(af == AF_INET6){
1214
ret = connect(tcp_sd, (struct sockaddr *)&to,
1215
sizeof(struct sockaddr_in6));
1216
} else {
1217
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1218
sizeof(struct sockaddr_in));
1219
}
1220
if(ret < 0){
1221
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1222
and if_index != AVAHI_IF_UNSPEC
1223
and connect_to == NULL
1224
and not route_added and
1225
((af == AF_INET6 and not
1226
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1227
&to)->sin6_addr)))
1228
or (af == AF_INET and
1229
/* Not a a IPv4LL address */
1230
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1231
& 0xFFFF0000L) != 0xA9FE0000L))){
1232
/* Work around Avahi bug - Avahi does not announce link-local
1233
addresses if it has a global address, so local hosts with
1234
*only* a link-local address (e.g. Mandos clients) cannot
1235
connect to a Mandos server announced by Avahi on a server
1236
host with a global address. Work around this by retrying
1237
with an explicit route added with the server's address.
1238
1239
Avahi bug reference:
1240
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1241
https://bugs.debian.org/587961
1242
*/
1243
if(debug){
1244
fprintf_plus(stderr, "Mandos server unreachable, trying"
1245
" direct route\n");
1246
}
1247
int e = errno;
1248
route_added = add_local_route(ip, if_index);
1249
if(route_added){
1250
continue;
1251
}
1252
errno = e;
1253
}
1254
if(errno != ECONNREFUSED or debug){
1255
int e = errno;
1256
perror_plus("connect");
1257
errno = e;
1258
}
1259
goto mandos_end;
1260
}
1261
1262
if(quit_now){
1263
errno = EINTR;
1264
goto mandos_end;
1265
}
1266
break;
934
if(af == AF_INET6){
935
ret = connect(tcp_sd, (struct sockaddr *)&to,
936
sizeof(struct sockaddr_in6));
937
} else {
938
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
939
sizeof(struct sockaddr_in));
940
}
941
if(ret < 0){
942
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
943
int e = errno;
944
perror_plus("connect");
945
errno = e;
946
}
947
goto mandos_end;
948
}
949
950
if(quit_now){
951
errno = EINTR;
952
goto mandos_end;
1267
953
}
1268
954
1269
955
const char *out = mandos_protocol_version;
1452
1138
1453
1139
mandos_end:
1454
1140
{
1455
if(route_added){
1456
if(not delete_local_route(ip, if_index)){
1457
fprintf_plus(stderr, "Failed to delete local route to %s on"
1458
" interface %d", ip, if_index);
1459
}
1460
}
1461
1141
int e = errno;
1462
1142
free(decrypted_buffer);
1463
1143
free(buffer);
1464
1144
if(tcp_sd >= 0){
1465
ret = close(tcp_sd);
1145
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1466
1146
}
1467
1147
if(ret == -1){
1468
1148
if(e == 0){
1623
1303
__attribute__((nonnull, warn_unused_result))
1624
1304
bool get_flags(const char *ifname, struct ifreq *ifr){
1625
1305
int ret;
1626
int old_errno;
1306
error_t ret_errno;
1627
1307
1628
1308
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1629
1309
if(s < 0){
1630
old_errno = errno;
1310
ret_errno = errno;
1631
1311
perror_plus("socket");
1632
errno = old_errno;
1312
errno = ret_errno;
1633
1313
return false;
1634
1314
}
1635
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1636
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1315
strcpy(ifr->ifr_name, ifname);
1637
1316
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1638
1317
if(ret == -1){
1639
1318
if(debug){
1640
old_errno = errno;
1319
ret_errno = errno;
1641
1320
perror_plus("ioctl SIOCGIFFLAGS");
1642
errno = old_errno;
1321
errno = ret_errno;
1643
1322
}
1644
1323
return false;
1645
1324
}
1890
1569
}
1891
1570
}
1892
1571
1572
/* Set effective uid to 0, return errno */
1573
__attribute__((warn_unused_result))
1574
error_t raise_privileges(void){
1575
error_t old_errno = errno;
1576
error_t ret_errno = 0;
1577
if(seteuid(0) == -1){
1578
ret_errno = errno;
1579
}
1580
errno = old_errno;
1581
return ret_errno;
1582
}
1583
1584
/* Set effective and real user ID to 0. Return errno. */
1585
__attribute__((warn_unused_result))
1586
error_t raise_privileges_permanently(void){
1587
error_t old_errno = errno;
1588
error_t ret_errno = raise_privileges();
1589
if(ret_errno != 0){
1590
errno = old_errno;
1591
return ret_errno;
1592
}
1593
if(setuid(0) == -1){
1594
ret_errno = errno;
1595
}
1596
errno = old_errno;
1597
return ret_errno;
1598
}
1599
1600
/* Set effective user ID to unprivileged saved user ID */
1601
__attribute__((warn_unused_result))
1602
error_t lower_privileges(void){
1603
error_t old_errno = errno;
1604
error_t ret_errno = 0;
1605
if(seteuid(uid) == -1){
1606
ret_errno = errno;
1607
}
1608
errno = old_errno;
1609
return ret_errno;
1610
}
1611
1612
/* Lower privileges permanently */
1613
__attribute__((warn_unused_result))
1614
error_t lower_privileges_permanently(void){
1615
error_t old_errno = errno;
1616
error_t ret_errno = 0;
1617
if(setuid(uid) == -1){
1618
ret_errno = errno;
1619
}
1620
errno = old_errno;
1621
return ret_errno;
1622
}
1623
1893
1624
__attribute__((nonnull))
1894
1625
void run_network_hooks(const char *mode, const char *interface,
1895
1626
const float delay){
1896
1627
struct dirent **direntries = NULL;
1897
1628
if(hookdir_fd == -1){
1898
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1899
| O_CLOEXEC);
1629
hookdir_fd = open(hookdir, O_RDONLY);
1900
1630
if(hookdir_fd == -1){
1901
1631
if(errno == ENOENT){
1902
1632
if(debug){
1909
1639
return;
1910
1640
}
1911
1641
}
1642
#ifdef __GLIBC__
1643
#if __GLIBC_PREREQ(2, 15)
1912
1644
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1913
1645
runnable_hook, alphasort);
1646
#else /* not __GLIBC_PREREQ(2, 15) */
1647
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1648
alphasort);
1649
#endif /* not __GLIBC_PREREQ(2, 15) */
1650
#else /* not __GLIBC__ */
1651
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1652
alphasort);
1653
#endif /* not __GLIBC__ */
1914
1654
if(numhooks == -1){
1915
1655
perror_plus("scandir");
1916
1656
return;
1917
1657
}
1918
1658
struct dirent *direntry;
1919
1659
int ret;
1920
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1921
if(devnull == -1){
1922
perror_plus("open(\"/dev/null\", O_RDONLY)");
1923
return;
1924
}
1660
int devnull = open("/dev/null", O_RDONLY);
1925
1661
for(int i = 0; i < numhooks; i++){
1926
1662
direntry = direntries[i];
1927
1663
if(debug){
1951
1687
perror_plus("setgroups");
1952
1688
_exit(EX_NOPERM);
1953
1689
}
1690
ret = dup2(devnull, STDIN_FILENO);
1691
if(ret == -1){
1692
perror_plus("dup2(devnull, STDIN_FILENO)");
1693
_exit(EX_OSERR);
1694
}
1695
ret = close(devnull);
1696
if(ret == -1){
1697
perror_plus("close");
1698
_exit(EX_OSERR);
1699
}
1700
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1701
if(ret == -1){
1702
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1703
_exit(EX_OSERR);
1704
}
1954
1705
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1955
1706
if(ret == -1){
1956
1707
perror_plus("setenv");
1991
1742
_exit(EX_OSERR);
1992
1743
}
1993
1744
}
1994
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
1995
direntry->d_name,
1996
O_RDONLY));
1745
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
1997
1746
if(hook_fd == -1){
1998
1747
perror_plus("openat");
1999
1748
_exit(EXIT_FAILURE);
2000
1749
}
2001
if(close(hookdir_fd) == -1){
1750
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2002
1751
perror_plus("close");
2003
1752
_exit(EXIT_FAILURE);
2004
1753
}
2005
ret = dup2(devnull, STDIN_FILENO);
2006
if(ret == -1){
2007
perror_plus("dup2(devnull, STDIN_FILENO)");
2008
_exit(EX_OSERR);
2009
}
2010
ret = close(devnull);
2011
if(ret == -1){
2012
perror_plus("close");
2013
_exit(EX_OSERR);
2014
}
2015
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2016
if(ret == -1){
2017
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2018
_exit(EX_OSERR);
2019
}
2020
1754
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2021
1755
environ) == -1){
2022
1756
perror_plus("fexecve");
2062
1796
free(direntry);
2063
1797
}
2064
1798
free(direntries);
2065
if(close(hookdir_fd) == -1){
1799
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2066
1800
perror_plus("close");
2067
1801
} else {
2068
1802
hookdir_fd = -1;
2071
1805
}
2072
1806
2073
1807
__attribute__((nonnull, warn_unused_result))
2074
int bring_up_interface(const char *const interface,
2075
const float delay){
2076
int old_errno = errno;
1808
error_t bring_up_interface(const char *const interface,
1809
const float delay){
1810
error_t old_errno = errno;
2077
1811
int ret;
2078
1812
struct ifreq network;
2079
1813
unsigned int if_index = if_nametoindex(interface);
2089
1823
}
2090
1824
2091
1825
if(not interface_is_up(interface)){
2092
int ret_errno = 0;
2093
int ioctl_errno = 0;
1826
error_t ret_errno = 0, ioctl_errno = 0;
2094
1827
if(not get_flags(interface, &network)){
2095
1828
ret_errno = errno;
2096
1829
fprintf_plus(stderr, "Failed to get flags for interface "
2109
1842
}
2110
1843
2111
1844
if(quit_now){
2112
ret = close(sd);
1845
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2113
1846
if(ret == -1){
2114
1847
perror_plus("close");
2115
1848
}
2165
1898
}
2166
1899
2167
1900
/* Close the socket */
2168
ret = close(sd);
1901
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2169
1902
if(ret == -1){
2170
1903
perror_plus("close");
2171
1904
}
2199
1932
}
2200
1933
2201
1934
__attribute__((nonnull, warn_unused_result))
2202
int take_down_interface(const char *const interface){
2203
int old_errno = errno;
1935
error_t take_down_interface(const char *const interface){
1936
error_t old_errno = errno;
2204
1937
struct ifreq network;
2205
1938
unsigned int if_index = if_nametoindex(interface);
2206
1939
if(if_index == 0){
2209
1942
return ENXIO;
2210
1943
}
2211
1944
if(interface_is_up(interface)){
2212
int ret_errno = 0;
2213
int ioctl_errno = 0;
1945
error_t ret_errno = 0, ioctl_errno = 0;
2214
1946
if(not get_flags(interface, &network) and debug){
2215
1947
ret_errno = errno;
2216
1948
fprintf_plus(stderr, "Failed to get flags for interface "
2254
1986
}
2255
1987
2256
1988
/* Close the socket */
2257
int ret = close(sd);
1989
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2258
1990
if(ret == -1){
2259
1991
perror_plus("close");
2260
1992
}
2276
2008
2277
2009
int main(int argc, char *argv[]){
2278
2010
mandos_context mc = { .server = NULL, .dh_bits = 0,
2279
.priority = "SECURE256:!CTYPE-X.509"
2280
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2281
.current_server = NULL, .interfaces = NULL,
2282
.interfaces_size = 0 };
2011
.priority = "SECURE256:!CTYPE-X.509:"
2012
"+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2013
.interfaces = NULL, .interfaces_size = 0 };
2283
2014
AvahiSServiceBrowser *sb = NULL;
2284
2015
error_t ret_errno;
2285
2016
int ret;
2294
2025
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2295
2026
const char *seckey = PATHDIR "/" SECKEY;
2296
2027
const char *pubkey = PATHDIR "/" PUBKEY;
2297
const char *dh_params_file = NULL;
2298
2028
char *interfaces_hooks = NULL;
2299
2029
2300
2030
bool gnutls_initialized = false;
2353
2083
.doc = "Bit length of the prime number used in the"
2354
2084
" Diffie-Hellman key exchange",
2355
2085
.group = 2 },
2356
{ .name = "dh-params", .key = 134,
2357
.arg = "FILE",
2358
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2359
" for the Diffie-Hellman key exchange",
2360
.group = 2 },
2361
2086
{ .name = "priority", .key = 130,
2362
2087
.arg = "STRING",
2363
2088
.doc = "GnuTLS priority string for the TLS handshake",
2418
2143
}
2419
2144
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2420
2145
break;
2421
case 134: /* --dh-params */
2422
dh_params_file = arg;
2423
break;
2424
2146
case 130: /* --priority */
2425
2147
mc.priority = arg;
2426
2148
break;
2466
2188
.args_doc = "",
2467
2189
.doc = "Mandos client -- Get and decrypt"
2468
2190
" passwords from a Mandos server" };
2469
ret_errno = argp_parse(&argp, argc, argv,
2470
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2471
switch(ret_errno){
2191
ret = argp_parse(&argp, argc, argv,
2192
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2193
switch(ret){
2472
2194
case 0:
2473
2195
break;
2474
2196
case ENOMEM:
2475
2197
default:
2476
errno = ret_errno;
2198
errno = ret;
2477
2199
perror_plus("argp_parse");
2478
2200
exitcode = EX_OSERR;
2479
2201
goto end;
2482
2204
goto end;
2483
2205
}
2484
2206
}
2485
2207
2486
2208
{
2487
2209
/* Work around Debian bug #633582:
2488
2210
<http://bugs.debian.org/633582> */
2489
2211
2490
2212
/* Re-raise privileges */
2491
ret = raise_privileges();
2492
if(ret != 0){
2493
errno = ret;
2213
ret_errno = raise_privileges();
2214
if(ret_errno != 0){
2215
errno = ret_errno;
2494
2216
perror_plus("Failed to raise privileges");
2495
2217
} else {
2496
2218
struct stat st;
2512
2234
}
2513
2235
}
2514
2236
}
2515
close(seckey_fd);
2237
TEMP_FAILURE_RETRY(close(seckey_fd));
2516
2238
}
2517
2239
}
2518
2240
2519
2241
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2520
2242
int pubkey_fd = open(pubkey, O_RDONLY);
2521
2243
if(pubkey_fd == -1){
2533
2255
}
2534
2256
}
2535
2257
}
2536
close(pubkey_fd);
2537
}
2538
}
2539
2540
if(dh_params_file != NULL
2541
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2542
int dhparams_fd = open(dh_params_file, O_RDONLY);
2543
if(dhparams_fd == -1){
2544
perror_plus("open");
2545
} else {
2546
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2547
if(ret == -1){
2548
perror_plus("fstat");
2549
} else {
2550
if(S_ISREG(st.st_mode)
2551
and st.st_uid == 0 and st.st_gid == 0){
2552
ret = fchown(dhparams_fd, uid, gid);
2553
if(ret == -1){
2554
perror_plus("fchown");
2555
}
2556
}
2557
}
2558
close(dhparams_fd);
2559
}
2560
}
2561
2258
TEMP_FAILURE_RETRY(close(pubkey_fd));
2259
}
2260
}
2261
2562
2262
/* Lower privileges */
2563
ret = lower_privileges();
2564
if(ret != 0){
2565
errno = ret;
2263
ret_errno = lower_privileges();
2264
if(ret_errno != 0){
2265
errno = ret_errno;
2566
2266
perror_plus("Failed to lower privileges");
2567
2267
}
2568
2268
}
2738
2438
errno = bring_up_interface(interface, delay);
2739
2439
if(not interface_was_up){
2740
2440
if(errno != 0){
2741
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2742
" %s\n", interface, strerror(errno));
2441
perror_plus("Failed to bring up interface");
2743
2442
} else {
2744
2443
errno = argz_add(&interfaces_to_take_down,
2745
2444
&interfaces_to_take_down_size,
2768
2467
goto end;
2769
2468
}
2770
2469
2771
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2470
ret = init_gnutls_global(pubkey, seckey, &mc);
2772
2471
if(ret == -1){
2773
2472
fprintf_plus(stderr, "init_gnutls_global failed\n");
2774
2473
exitcode = EX_UNAVAILABLE;
2896
2595
2897
2596
/* Allocate a new server */
2898
2597
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2899
&config, NULL, NULL, &ret);
2598
&config, NULL, NULL, &ret_errno);
2900
2599
2901
2600
/* Free the Avahi configuration data */
2902
2601
avahi_server_config_free(&config);
2905
2604
/* Check if creating the Avahi server object succeeded */
2906
2605
if(mc.server == NULL){
2907
2606
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2908
avahi_strerror(ret));
2607
avahi_strerror(ret_errno));
2909
2608
exitcode = EX_UNAVAILABLE;
2910
2609
goto end;
2911
2610
}
2963
2662
2964
2663
if(gnutls_initialized){
2965
2664
gnutls_certificate_free_credentials(mc.cred);
2665
gnutls_global_deinit();
2966
2666
gnutls_dh_params_deinit(mc.dh_params);
2967
2667
}
2968
2668
2991
2691
2992
2692
/* Re-raise privileges */
2993
2693
{
2994
ret = raise_privileges();
2995
if(ret != 0){
2996
errno = ret;
2694
ret_errno = raise_privileges();
2695
if(ret_errno != 0){
2696
errno = ret_errno;
2997
2697
perror_plus("Failed to raise privileges");
2998
2698
} else {
2999
2699
3007
2707
while((interface=argz_next(interfaces_to_take_down,
3008
2708
interfaces_to_take_down_size,
3009
2709
interface))){
3010
ret = take_down_interface(interface);
3011
if(ret != 0){
3012
errno = ret;
2710
ret_errno = take_down_interface(interface);
2711
if(ret_errno != 0){
2712
errno = ret_errno;
3013
2713
perror_plus("Failed to take down interface");
3014
2714
}
3015
2715
}
3020
2720
}
3021
2721
}
3022
2722
3023
ret = lower_privileges_permanently();
3024
if(ret != 0){
3025
errno = ret;
2723
ret_errno = lower_privileges_permanently();
2724
if(ret_errno != 0){
2725
errno = ret_errno;
3026
2726
perror_plus("Failed to lower privileges permanently");
3027
2727
}
3028
2728
}
3030
2730
free(interfaces_to_take_down);
3031
2731
free(interfaces_hooks);
3032
2732
3033
void clean_dir_at(int base, const char * const dirname,
3034
uintmax_t level){
3035
struct dirent **direntries = NULL;
3036
int dret;
3037
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3038
O_RDONLY
3039
| O_NOFOLLOW
3040
| O_DIRECTORY
3041
| O_PATH));
3042
if(dir_fd == -1){
3043
perror_plus("open");
3044
}
3045
int numentries = scandirat(dir_fd, ".", &direntries,
3046
notdotentries, alphasort);
3047
if(numentries >= 0){
3048
for(int i = 0; i < numentries; i++){
3049
if(debug){
3050
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3051
dirname, direntries[i]->d_name);
3052
}
3053
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3054
if(dret == -1){
3055
if(errno == EISDIR){
3056
dret = unlinkat(dir_fd, direntries[i]->d_name,
3057
AT_REMOVEDIR);
3058
}
3059
if((dret == -1) and (errno == ENOTEMPTY)
3060
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3061
== 0) and (level == 0)){
3062
/* Recurse only in this special case */
3063
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3064
dret = 0;
3065
}
3066
if(dret == -1){
3067
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3068
direntries[i]->d_name, strerror(errno));
3069
}
3070
}
3071
free(direntries[i]);
3072
}
3073
3074
/* need to clean even if 0 because man page doesn't specify */
3075
free(direntries);
3076
if(numentries == -1){
3077
perror_plus("scandirat");
3078
}
3079
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3080
if(dret == -1 and errno != ENOENT){
3081
perror_plus("rmdir");
3082
}
3083
} else {
3084
perror_plus("scandirat");
3085
}
3086
close(dir_fd);
3087
}
3088
3089
2733
/* Removes the GPGME temp directory and all files inside */
3090
2734
if(tempdir != NULL){
3091
clean_dir_at(-1, tempdir, 0);
2735
struct dirent **direntries = NULL;
2736
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2737
O_NOFOLLOW));
2738
if(tempdir_fd == -1){
2739
perror_plus("open");
2740
} else {
2741
#ifdef __GLIBC__
2742
#if __GLIBC_PREREQ(2, 15)
2743
int numentries = scandirat(tempdir_fd, ".", &direntries,
2744
notdotentries, alphasort);
2745
#else /* not __GLIBC_PREREQ(2, 15) */
2746
int numentries = scandir(tempdir, &direntries, notdotentries,
2747
alphasort);
2748
#endif /* not __GLIBC_PREREQ(2, 15) */
2749
#else /* not __GLIBC__ */
2750
int numentries = scandir(tempdir, &direntries, notdotentries,
2751
alphasort);
2752
#endif /* not __GLIBC__ */
2753
if(numentries >= 0){
2754
for(int i = 0; i < numentries; i++){
2755
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2756
if(ret == -1){
2757
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2758
" \"%s\", 0): %s\n", tempdir,
2759
direntries[i]->d_name, strerror(errno));
2760
}
2761
free(direntries[i]);
2762
}
2763
2764
/* need to clean even if 0 because man page doesn't specify */
2765
free(direntries);
2766
if(numentries == -1){
2767
perror_plus("scandir");
2768
}
2769
ret = rmdir(tempdir);
2770
if(ret == -1 and errno != ENOENT){
2771
perror_plus("rmdir");
2772
}
2773
}
2774
TEMP_FAILURE_RETRY(close(tempdir_fd));
2775
}
3092
2776
}
3093
2777
3094
2778
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0