To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 777
- compare with another revision
- download diff
- download tarball
- view history from revision 777
- Committer: Teddy Hogeborn
- Date: 2015-07-20 03:03:33 UTC
- Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
- files added:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strcpy() */
51
51
#include <sys/ioctl.h> /* ioctl */
52
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
53
sockaddr_in6, PF_INET6,
305
305
return false;
306
306
}
307
307
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
308
ret = close(fd);
309
309
if(ret == -1){
310
310
perror_plus("close");
311
311
}
493
493
return plaintext_length;
494
494
}
495
495
496
__attribute__((warn_unused_result, const))
497
static const char *safe_string(const char *str){
498
if(str == NULL)
499
return "(unknown)";
500
return str;
501
}
502
496
503
__attribute__((warn_unused_result))
497
504
static const char *safer_gnutls_strerror(int value){
498
505
const char *ret = gnutls_strerror(value);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
506
return safe_string(ret);
502
507
}
503
508
504
509
/* GnuTLS log function callback */
511
516
__attribute__((nonnull, warn_unused_result))
512
517
static int init_gnutls_global(const char *pubkeyfilename,
513
518
const char *seckeyfilename,
519
const char *dhparamsfilename,
514
520
mandos_context *mc){
515
521
int ret;
522
unsigned int uret;
516
523
517
524
if(debug){
518
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
569
576
safer_gnutls_strerror(ret));
570
577
goto globalfail;
571
578
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
/* If a Diffie-Hellman parameters file was given, try to use it */
580
if(dhparamsfilename != NULL){
581
gnutls_datum_t params = { .data = NULL, .size = 0 };
582
do {
583
int dhpfile = open(dhparamsfilename, O_RDONLY);
584
if(dhpfile == -1){
585
perror_plus("open");
586
dhparamsfilename = NULL;
587
break;
588
}
589
size_t params_capacity = 0;
590
while(true){
591
params_capacity = incbuffer((char **)¶ms.data,
592
(size_t)params.size,
593
(size_t)params_capacity);
594
if(params_capacity == 0){
595
perror_plus("incbuffer");
596
free(params.data);
597
params.data = NULL;
598
dhparamsfilename = NULL;
599
break;
600
}
601
ssize_t bytes_read = read(dhpfile,
602
params.data + params.size,
603
BUFFER_SIZE);
604
/* EOF */
605
if(bytes_read == 0){
606
break;
607
}
608
/* check bytes_read for failure */
609
if(bytes_read < 0){
610
perror_plus("read");
611
free(params.data);
612
params.data = NULL;
613
dhparamsfilename = NULL;
614
break;
615
}
616
params.size += (unsigned int)bytes_read;
617
}
618
if(params.data == NULL){
619
dhparamsfilename = NULL;
620
}
621
if(dhparamsfilename == NULL){
622
break;
623
}
624
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
625
GNUTLS_X509_FMT_PEM);
626
if(ret != GNUTLS_E_SUCCESS){
627
fprintf_plus(stderr, "Failed to parse DH parameters in file"
628
" \"%s\": %s\n", dhparamsfilename,
629
safer_gnutls_strerror(ret));
630
dhparamsfilename = NULL;
631
}
632
} while(false);
633
}
634
if(dhparamsfilename == NULL){
635
if(mc->dh_bits == 0){
636
/* Find out the optimal number of DH bits */
637
/* Try to read the private key file */
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
639
do {
640
int secfile = open(seckeyfilename, O_RDONLY);
641
if(secfile == -1){
642
perror_plus("open");
643
break;
644
}
645
size_t buffer_capacity = 0;
646
while(true){
647
buffer_capacity = incbuffer((char **)&buffer.data,
648
(size_t)buffer.size,
649
(size_t)buffer_capacity);
650
if(buffer_capacity == 0){
651
perror_plus("incbuffer");
652
free(buffer.data);
653
buffer.data = NULL;
654
break;
655
}
656
ssize_t bytes_read = read(secfile,
657
buffer.data + buffer.size,
658
BUFFER_SIZE);
659
/* EOF */
660
if(bytes_read == 0){
661
break;
662
}
663
/* check bytes_read for failure */
664
if(bytes_read < 0){
665
perror_plus("read");
666
free(buffer.data);
667
buffer.data = NULL;
668
break;
669
}
670
buffer.size += (unsigned int)bytes_read;
671
}
672
close(secfile);
673
} while(false);
674
/* If successful, use buffer to parse private key */
675
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
676
if(buffer.data != NULL){
677
{
678
gnutls_openpgp_privkey_t privkey = NULL;
679
ret = gnutls_openpgp_privkey_init(&privkey);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error initializing OpenPGP key"
682
" structure: %s",
683
safer_gnutls_strerror(ret));
684
free(buffer.data);
685
buffer.data = NULL;
686
} else {
687
ret = gnutls_openpgp_privkey_import
688
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
689
if(ret != GNUTLS_E_SUCCESS){
690
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
691
safer_gnutls_strerror(ret));
692
privkey = NULL;
693
}
694
free(buffer.data);
695
buffer.data = NULL;
696
if(privkey != NULL){
697
/* Use private key to suggest an appropriate
698
sec_param */
699
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
700
gnutls_openpgp_privkey_deinit(privkey);
701
if(debug){
702
fprintf_plus(stderr, "This OpenPGP key implies using"
703
" a GnuTLS security parameter \"%s\".\n",
704
safe_string(gnutls_sec_param_get_name
705
(sec_param)));
706
}
707
}
708
}
709
}
710
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
711
/* Err on the side of caution */
712
sec_param = GNUTLS_SEC_PARAM_ULTRA;
713
if(debug){
714
fprintf_plus(stderr, "Falling back to security parameter"
715
" \"%s\"\n",
716
safe_string(gnutls_sec_param_get_name
717
(sec_param)));
718
}
719
}
720
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
if(uret != 0){
723
mc->dh_bits = uret;
724
if(debug){
725
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
726
" implies %u DH bits; using that.\n",
727
safe_string(gnutls_sec_param_get_name
728
(sec_param)),
729
mc->dh_bits);
730
}
731
} else {
732
fprintf_plus(stderr, "Failed to get implied number of DH"
733
" bits for security parameter \"%s\"): %s\n",
734
safe_string(gnutls_sec_param_get_name
735
(sec_param)),
736
safer_gnutls_strerror(ret));
737
goto globalfail;
738
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
749
}
750
}
579
751
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
580
752
581
753
return 0;
641
813
/* ignore client certificate if any. */
642
814
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
643
815
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
646
816
return 0;
647
817
}
648
818
650
820
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
651
821
__attribute__((unused)) const char *txt){}
652
822
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
/* Helper function to add_local_route() and delete_local_route() */
876
__attribute__((nonnull, warn_unused_result))
877
static bool add_delete_local_route(const bool add,
878
const char *address,
879
AvahiIfIndex if_index){
880
int ret;
881
char helper[] = "mandos-client-iprouteadddel";
882
char add_arg[] = "add";
883
char delete_arg[] = "delete";
884
char debug_flag[] = "--debug";
885
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
886
if(pluginhelperdir == NULL){
887
if(debug){
888
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
889
" variable not set; cannot run helper\n");
890
}
891
return false;
892
}
893
894
char interface[IF_NAMESIZE];
895
if(if_indextoname((unsigned int)if_index, interface) == NULL){
896
perror_plus("if_indextoname");
897
return false;
898
}
899
900
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
901
if(devnull == -1){
902
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
return false;
904
}
905
pid_t pid = fork();
906
if(pid == 0){
907
/* Child */
908
/* Raise privileges */
909
errno = raise_privileges_permanently();
910
if(errno != 0){
911
perror_plus("Failed to raise privileges");
912
/* _exit(EX_NOPERM); */
913
} else {
914
/* Set group */
915
errno = 0;
916
ret = setgid(0);
917
if(ret == -1){
918
perror_plus("setgid");
919
_exit(EX_NOPERM);
920
}
921
/* Reset supplementary groups */
922
errno = 0;
923
ret = setgroups(0, NULL);
924
if(ret == -1){
925
perror_plus("setgroups");
926
_exit(EX_NOPERM);
927
}
928
}
929
ret = dup2(devnull, STDIN_FILENO);
930
if(ret == -1){
931
perror_plus("dup2(devnull, STDIN_FILENO)");
932
_exit(EX_OSERR);
933
}
934
ret = close(devnull);
935
if(ret == -1){
936
perror_plus("close");
937
_exit(EX_OSERR);
938
}
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
if(ret == -1){
941
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
942
_exit(EX_OSERR);
943
}
944
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
O_RDONLY
946
| O_DIRECTORY
947
| O_PATH
948
| O_CLOEXEC));
949
if(helperdir_fd == -1){
950
perror_plus("open");
951
_exit(EX_UNAVAILABLE);
952
}
953
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
954
helper, O_RDONLY));
955
if(helper_fd == -1){
956
perror_plus("openat");
957
close(helperdir_fd);
958
_exit(EX_UNAVAILABLE);
959
}
960
close(helperdir_fd);
961
#ifdef __GNUC__
962
#pragma GCC diagnostic push
963
#pragma GCC diagnostic ignored "-Wcast-qual"
964
#endif
965
if(fexecve(helper_fd, (char *const [])
966
{ helper, add ? add_arg : delete_arg, (char *)address,
967
interface, debug ? debug_flag : NULL, NULL },
968
environ) == -1){
969
#ifdef __GNUC__
970
#pragma GCC diagnostic pop
971
#endif
972
perror_plus("fexecve");
973
_exit(EXIT_FAILURE);
974
}
975
}
976
if(pid == -1){
977
perror_plus("fork");
978
return false;
979
}
980
int status;
981
pid_t pret = -1;
982
errno = 0;
983
do {
984
pret = waitpid(pid, &status, 0);
985
if(pret == -1 and errno == EINTR and quit_now){
986
int errno_raising = 0;
987
if((errno = raise_privileges()) != 0){
988
errno_raising = errno;
989
perror_plus("Failed to raise privileges in order to"
990
" kill helper program");
991
}
992
if(kill(pid, SIGTERM) == -1){
993
perror_plus("kill");
994
}
995
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
996
perror_plus("Failed to lower privileges after killing"
997
" helper program");
998
}
999
return false;
1000
}
1001
} while(pret == -1 and errno == EINTR);
1002
if(pret == -1){
1003
perror_plus("waitpid");
1004
return false;
1005
}
1006
if(WIFEXITED(status)){
1007
if(WEXITSTATUS(status) != 0){
1008
fprintf_plus(stderr, "Error: iprouteadddel exited"
1009
" with status %d\n", WEXITSTATUS(status));
1010
return false;
1011
}
1012
return true;
1013
}
1014
if(WIFSIGNALED(status)){
1015
fprintf_plus(stderr, "Error: iprouteadddel died by"
1016
" signal %d\n", WTERMSIG(status));
1017
return false;
1018
}
1019
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1020
return false;
1021
}
1022
1023
__attribute__((nonnull, warn_unused_result))
1024
static bool add_local_route(const char *address,
1025
AvahiIfIndex if_index){
1026
if(debug){
1027
fprintf_plus(stderr, "Adding route to %s\n", address);
1028
}
1029
return add_delete_local_route(true, address, if_index);
1030
}
1031
1032
__attribute__((nonnull, warn_unused_result))
1033
static bool delete_local_route(const char *address,
1034
AvahiIfIndex if_index){
1035
if(debug){
1036
fprintf_plus(stderr, "Removing route to %s\n", address);
1037
}
1038
return add_delete_local_route(false, address, if_index);
1039
}
1040
653
1041
/* Called when a Mandos server is found */
654
1042
__attribute__((nonnull, warn_unused_result))
655
1043
static int start_mandos_communication(const char *ip, in_port_t port,
666
1054
int retval = -1;
667
1055
gnutls_session_t session;
668
1056
int pf; /* Protocol family */
1057
bool route_added = false;
669
1058
670
1059
errno = 0;
671
1060
729
1118
PRIuMAX "\n", ip, (uintmax_t)port);
730
1119
}
731
1120
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1121
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
733
1122
if(tcp_sd < 0){
734
1123
int e = errno;
735
1124
perror_plus("socket");
742
1131
goto mandos_end;
743
1132
}
744
1133
745
memset(&to, 0, sizeof(to));
746
1134
if(af == AF_INET6){
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1135
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1136
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1137
ret = inet_pton(af, ip, &to6->sin6_addr);
749
1138
} else { /* IPv4 */
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1139
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1140
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1141
ret = inet_pton(af, ip, &to4->sin_addr);
752
1142
}
753
1143
if(ret < 0 ){
754
1144
int e = errno;
824
1214
goto mandos_end;
825
1215
}
826
1216
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1217
while(true){
1218
if(af == AF_INET6){
1219
ret = connect(tcp_sd, (struct sockaddr *)&to,
1220
sizeof(struct sockaddr_in6));
1221
} else {
1222
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1223
sizeof(struct sockaddr_in));
1224
}
1225
if(ret < 0){
1226
if(errno == ENETUNREACH
1227
and if_index != AVAHI_IF_UNSPEC
1228
and connect_to == NULL
1229
and not route_added and
1230
((af == AF_INET6 and not
1231
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1232
&to)->sin6_addr)))
1233
or (af == AF_INET and
1234
/* Not a a IPv4LL address */
1235
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1236
& 0xFFFF0000L) != 0xA9FE0000L))){
1237
/* Work around Avahi bug - Avahi does not announce link-local
1238
addresses if it has a global address, so local hosts with
1239
*only* a link-local address (e.g. Mandos clients) cannot
1240
connect to a Mandos server announced by Avahi on a server
1241
host with a global address. Work around this by retrying
1242
with an explicit route added with the server's address.
1243
1244
Avahi bug reference:
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1246
https://bugs.debian.org/587961
1247
*/
1248
if(debug){
1249
fprintf_plus(stderr, "Mandos server unreachable, trying"
1250
" direct route\n");
1251
}
1252
int e = errno;
1253
route_added = add_local_route(ip, if_index);
1254
if(route_added){
1255
continue;
1256
}
1257
errno = e;
1258
}
1259
if(errno != ECONNREFUSED or debug){
1260
int e = errno;
1261
perror_plus("connect");
1262
errno = e;
1263
}
1264
goto mandos_end;
1265
}
1266
1267
if(quit_now){
1268
errno = EINTR;
1269
goto mandos_end;
1270
}
1271
break;
846
1272
}
847
1273
848
1274
const char *out = mandos_protocol_version;
1031
1457
1032
1458
mandos_end:
1033
1459
{
1460
if(route_added){
1461
if(not delete_local_route(ip, if_index)){
1462
fprintf_plus(stderr, "Failed to delete local route to %s on"
1463
" interface %d", ip, if_index);
1464
}
1465
}
1034
1466
int e = errno;
1035
1467
free(decrypted_buffer);
1036
1468
free(buffer);
1037
1469
if(tcp_sd >= 0){
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1470
ret = close(tcp_sd);
1039
1471
}
1040
1472
if(ret == -1){
1041
1473
if(e == 0){
1076
1508
timed out */
1077
1509
1078
1510
if(quit_now){
1511
avahi_s_service_resolver_free(r);
1079
1512
return;
1080
1513
}
1081
1514
1461
1894
}
1462
1895
}
1463
1896
1464
/* Set effective uid to 0, return errno */
1465
__attribute__((warn_unused_result))
1466
error_t raise_privileges(void){
1467
error_t old_errno = errno;
1468
error_t ret_errno = 0;
1469
if(seteuid(0) == -1){
1470
ret_errno = errno;
1471
}
1472
errno = old_errno;
1473
return ret_errno;
1474
}
1475
1476
/* Set effective and real user ID to 0. Return errno. */
1477
__attribute__((warn_unused_result))
1478
error_t raise_privileges_permanently(void){
1479
error_t old_errno = errno;
1480
error_t ret_errno = raise_privileges();
1481
if(ret_errno != 0){
1482
errno = old_errno;
1483
return ret_errno;
1484
}
1485
if(setuid(0) == -1){
1486
ret_errno = errno;
1487
}
1488
errno = old_errno;
1489
return ret_errno;
1490
}
1491
1492
/* Set effective user ID to unprivileged saved user ID */
1493
__attribute__((warn_unused_result))
1494
error_t lower_privileges(void){
1495
error_t old_errno = errno;
1496
error_t ret_errno = 0;
1497
if(seteuid(uid) == -1){
1498
ret_errno = errno;
1499
}
1500
errno = old_errno;
1501
return ret_errno;
1502
}
1503
1504
/* Lower privileges permanently */
1505
__attribute__((warn_unused_result))
1506
error_t lower_privileges_permanently(void){
1507
error_t old_errno = errno;
1508
error_t ret_errno = 0;
1509
if(setuid(uid) == -1){
1510
ret_errno = errno;
1511
}
1512
errno = old_errno;
1513
return ret_errno;
1514
}
1515
1516
1897
__attribute__((nonnull))
1517
1898
void run_network_hooks(const char *mode, const char *interface,
1518
1899
const float delay){
1519
1900
struct dirent **direntries = NULL;
1520
1901
if(hookdir_fd == -1){
1521
hookdir_fd = open(hookdir, O_RDONLY);
1902
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1903
| O_CLOEXEC);
1522
1904
if(hookdir_fd == -1){
1523
1905
if(errno == ENOENT){
1524
1906
if(debug){
1549
1931
}
1550
1932
struct dirent *direntry;
1551
1933
int ret;
1552
int devnull = open("/dev/null", O_RDONLY);
1934
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
if(devnull == -1){
1936
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
return;
1938
}
1553
1939
for(int i = 0; i < numhooks; i++){
1554
1940
direntry = direntries[i];
1555
1941
if(debug){
1579
1965
perror_plus("setgroups");
1580
1966
_exit(EX_NOPERM);
1581
1967
}
1582
ret = dup2(devnull, STDIN_FILENO);
1583
if(ret == -1){
1584
perror_plus("dup2(devnull, STDIN_FILENO)");
1585
_exit(EX_OSERR);
1586
}
1587
ret = close(devnull);
1588
if(ret == -1){
1589
perror_plus("close");
1590
_exit(EX_OSERR);
1591
}
1592
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1593
if(ret == -1){
1594
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1595
_exit(EX_OSERR);
1596
}
1597
1968
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1598
1969
if(ret == -1){
1599
1970
perror_plus("setenv");
1634
2005
_exit(EX_OSERR);
1635
2006
}
1636
2007
}
1637
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2008
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2009
direntry->d_name,
2010
O_RDONLY));
1638
2011
if(hook_fd == -1){
1639
2012
perror_plus("openat");
1640
2013
_exit(EXIT_FAILURE);
1641
2014
}
1642
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2015
if(close(hookdir_fd) == -1){
1643
2016
perror_plus("close");
1644
2017
_exit(EXIT_FAILURE);
1645
2018
}
2019
ret = dup2(devnull, STDIN_FILENO);
2020
if(ret == -1){
2021
perror_plus("dup2(devnull, STDIN_FILENO)");
2022
_exit(EX_OSERR);
2023
}
2024
ret = close(devnull);
2025
if(ret == -1){
2026
perror_plus("close");
2027
_exit(EX_OSERR);
2028
}
2029
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2030
if(ret == -1){
2031
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2032
_exit(EX_OSERR);
2033
}
1646
2034
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1647
2035
environ) == -1){
1648
2036
perror_plus("fexecve");
1649
2037
_exit(EXIT_FAILURE);
1650
2038
}
1651
2039
} else {
2040
if(hook_pid == -1){
2041
perror_plus("fork");
2042
free(direntry);
2043
continue;
2044
}
1652
2045
int status;
1653
2046
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1654
2047
perror_plus("waitpid");
2048
free(direntry);
1655
2049
continue;
1656
2050
}
1657
2051
if(WIFEXITED(status)){
1659
2053
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1660
2054
" with status %d\n", direntry->d_name,
1661
2055
WEXITSTATUS(status));
2056
free(direntry);
1662
2057
continue;
1663
2058
}
1664
2059
} else if(WIFSIGNALED(status)){
1665
2060
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1666
2061
" signal %d\n", direntry->d_name,
1667
2062
WTERMSIG(status));
2063
free(direntry);
1668
2064
continue;
1669
2065
} else {
1670
2066
fprintf_plus(stderr, "Warning: network hook \"%s\""
1671
2067
" crashed\n", direntry->d_name);
2068
free(direntry);
1672
2069
continue;
1673
2070
}
1674
2071
}
1676
2073
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1677
2074
direntry->d_name);
1678
2075
}
2076
free(direntry);
1679
2077
}
1680
2078
free(direntries);
1681
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2079
if(close(hookdir_fd) == -1){
1682
2080
perror_plus("close");
1683
2081
} else {
1684
2082
hookdir_fd = -1;
1724
2122
}
1725
2123
1726
2124
if(quit_now){
1727
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2125
ret = close(sd);
1728
2126
if(ret == -1){
1729
2127
perror_plus("close");
1730
2128
}
1780
2178
}
1781
2179
1782
2180
/* Close the socket */
1783
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2181
ret = close(sd);
1784
2182
if(ret == -1){
1785
2183
perror_plus("close");
1786
2184
}
1868
2266
}
1869
2267
1870
2268
/* Close the socket */
1871
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2269
int ret = close(sd);
1872
2270
if(ret == -1){
1873
2271
perror_plus("close");
1874
2272
}
1889
2287
}
1890
2288
1891
2289
int main(int argc, char *argv[]){
1892
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1893
.priority = "SECURE256:!CTYPE-X.509:"
1894
"+CTYPE-OPENPGP", .current_server = NULL,
1895
.interfaces = NULL, .interfaces_size = 0 };
2290
mandos_context mc = { .server = NULL, .dh_bits = 0,
2291
.priority = "SECURE256:!CTYPE-X.509"
2292
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2293
.current_server = NULL, .interfaces = NULL,
2294
.interfaces_size = 0 };
1896
2295
AvahiSServiceBrowser *sb = NULL;
1897
2296
error_t ret_errno;
1898
2297
int ret;
1907
2306
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1908
2307
const char *seckey = PATHDIR "/" SECKEY;
1909
2308
const char *pubkey = PATHDIR "/" PUBKEY;
2309
const char *dh_params_file = NULL;
1910
2310
char *interfaces_hooks = NULL;
1911
2311
1912
2312
bool gnutls_initialized = false;
1965
2365
.doc = "Bit length of the prime number used in the"
1966
2366
" Diffie-Hellman key exchange",
1967
2367
.group = 2 },
2368
{ .name = "dh-params", .key = 134,
2369
.arg = "FILE",
2370
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2371
" for the Diffie-Hellman key exchange",
2372
.group = 2 },
1968
2373
{ .name = "priority", .key = 130,
1969
2374
.arg = "STRING",
1970
2375
.doc = "GnuTLS priority string for the TLS handshake",
2025
2430
}
2026
2431
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2027
2432
break;
2433
case 134: /* --dh-params */
2434
dh_params_file = arg;
2435
break;
2028
2436
case 130: /* --priority */
2029
2437
mc.priority = arg;
2030
2438
break;
2086
2494
goto end;
2087
2495
}
2088
2496
}
2089
2497
2090
2498
{
2091
2499
/* Work around Debian bug #633582:
2092
2500
<http://bugs.debian.org/633582> */
2116
2524
}
2117
2525
}
2118
2526
}
2119
TEMP_FAILURE_RETRY(close(seckey_fd));
2527
close(seckey_fd);
2120
2528
}
2121
2529
}
2122
2530
2123
2531
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2124
2532
int pubkey_fd = open(pubkey, O_RDONLY);
2125
2533
if(pubkey_fd == -1){
2137
2545
}
2138
2546
}
2139
2547
}
2140
TEMP_FAILURE_RETRY(close(pubkey_fd));
2141
}
2142
}
2143
2548
close(pubkey_fd);
2549
}
2550
}
2551
2552
if(dh_params_file != NULL
2553
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2554
int dhparams_fd = open(dh_params_file, O_RDONLY);
2555
if(dhparams_fd == -1){
2556
perror_plus("open");
2557
} else {
2558
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2559
if(ret == -1){
2560
perror_plus("fstat");
2561
} else {
2562
if(S_ISREG(st.st_mode)
2563
and st.st_uid == 0 and st.st_gid == 0){
2564
ret = fchown(dhparams_fd, uid, gid);
2565
if(ret == -1){
2566
perror_plus("fchown");
2567
}
2568
}
2569
}
2570
close(dhparams_fd);
2571
}
2572
}
2573
2144
2574
/* Lower privileges */
2145
2575
ret_errno = lower_privileges();
2146
2576
if(ret_errno != 0){
2275
2705
if(ret_errno != 0){
2276
2706
errno = ret_errno;
2277
2707
perror_plus("argz_add");
2708
free(direntries[i]);
2278
2709
continue;
2279
2710
}
2280
2711
if(debug){
2281
2712
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2282
2713
direntries[i]->d_name);
2283
2714
}
2715
free(direntries[i]);
2284
2716
}
2285
2717
free(direntries);
2286
2718
} else {
2318
2750
errno = bring_up_interface(interface, delay);
2319
2751
if(not interface_was_up){
2320
2752
if(errno != 0){
2321
perror_plus("Failed to bring up interface");
2753
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2754
" %s\n", interface, strerror(errno));
2322
2755
} else {
2323
2756
errno = argz_add(&interfaces_to_take_down,
2324
2757
&interfaces_to_take_down_size,
2347
2780
goto end;
2348
2781
}
2349
2782
2350
ret = init_gnutls_global(pubkey, seckey, &mc);
2783
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2351
2784
if(ret == -1){
2352
2785
fprintf_plus(stderr, "init_gnutls_global failed\n");
2353
2786
exitcode = EX_UNAVAILABLE;
2613
3046
/* Removes the GPGME temp directory and all files inside */
2614
3047
if(tempdir != NULL){
2615
3048
struct dirent **direntries = NULL;
2616
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2617
O_NOFOLLOW));
3049
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3050
| O_NOFOLLOW
3051
| O_DIRECTORY
3052
| O_PATH));
2618
3053
if(tempdir_fd == -1){
2619
3054
perror_plus("open");
2620
3055
} else {
2638
3073
" \"%s\", 0): %s\n", tempdir,
2639
3074
direntries[i]->d_name, strerror(errno));
2640
3075
}
3076
free(direntries[i]);
2641
3077
}
2642
3078
2643
3079
/* need to clean even if 0 because man page doesn't specify */
2650
3086
perror_plus("rmdir");
2651
3087
}
2652
3088
}
2653
TEMP_FAILURE_RETRY(close(tempdir_fd));
3089
close(tempdir_fd);
2654
3090
}
2655
3091
}
2656
3092
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0