To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 777
- compare with another revision
- download diff
- download tarball
- view history from revision 777
- Committer: Teddy Hogeborn
- Date: 2015-07-20 03:03:33 UTC
- Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
- files added:
- plugin-helpers/mandos-client-iprouteadddel.c
- files modified:
- DBUS-API
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
14
14
*
15
15
* This program is free software: you can redistribute it and/or
16
16
* modify it under the terms of the GNU General Public License as
46
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
47
strtof(), abort() */
48
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strcpy() */
51
51
#include <sys/ioctl.h> /* ioctl */
52
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
53
sockaddr_in6, PF_INET6,
305
305
return false;
306
306
}
307
307
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
308
ret = close(fd);
309
309
if(ret == -1){
310
310
perror_plus("close");
311
311
}
493
493
return plaintext_length;
494
494
}
495
495
496
__attribute__((warn_unused_result, const))
497
static const char *safe_string(const char *str){
498
if(str == NULL)
499
return "(unknown)";
500
return str;
501
}
502
496
503
__attribute__((warn_unused_result))
497
504
static const char *safer_gnutls_strerror(int value){
498
505
const char *ret = gnutls_strerror(value);
499
if(ret == NULL)
500
ret = "(unknown)";
501
return ret;
506
return safe_string(ret);
502
507
}
503
508
504
509
/* GnuTLS log function callback */
511
516
__attribute__((nonnull, warn_unused_result))
512
517
static int init_gnutls_global(const char *pubkeyfilename,
513
518
const char *seckeyfilename,
519
const char *dhparamsfilename,
514
520
mandos_context *mc){
515
521
int ret;
522
unsigned int uret;
516
523
517
524
if(debug){
518
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
569
576
safer_gnutls_strerror(ret));
570
577
goto globalfail;
571
578
}
572
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
573
if(ret != GNUTLS_E_SUCCESS){
574
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
575
safer_gnutls_strerror(ret));
576
goto globalfail;
577
}
578
579
/* If a Diffie-Hellman parameters file was given, try to use it */
580
if(dhparamsfilename != NULL){
581
gnutls_datum_t params = { .data = NULL, .size = 0 };
582
do {
583
int dhpfile = open(dhparamsfilename, O_RDONLY);
584
if(dhpfile == -1){
585
perror_plus("open");
586
dhparamsfilename = NULL;
587
break;
588
}
589
size_t params_capacity = 0;
590
while(true){
591
params_capacity = incbuffer((char **)¶ms.data,
592
(size_t)params.size,
593
(size_t)params_capacity);
594
if(params_capacity == 0){
595
perror_plus("incbuffer");
596
free(params.data);
597
params.data = NULL;
598
dhparamsfilename = NULL;
599
break;
600
}
601
ssize_t bytes_read = read(dhpfile,
602
params.data + params.size,
603
BUFFER_SIZE);
604
/* EOF */
605
if(bytes_read == 0){
606
break;
607
}
608
/* check bytes_read for failure */
609
if(bytes_read < 0){
610
perror_plus("read");
611
free(params.data);
612
params.data = NULL;
613
dhparamsfilename = NULL;
614
break;
615
}
616
params.size += (unsigned int)bytes_read;
617
}
618
if(params.data == NULL){
619
dhparamsfilename = NULL;
620
}
621
if(dhparamsfilename == NULL){
622
break;
623
}
624
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
625
GNUTLS_X509_FMT_PEM);
626
if(ret != GNUTLS_E_SUCCESS){
627
fprintf_plus(stderr, "Failed to parse DH parameters in file"
628
" \"%s\": %s\n", dhparamsfilename,
629
safer_gnutls_strerror(ret));
630
dhparamsfilename = NULL;
631
}
632
} while(false);
633
}
634
if(dhparamsfilename == NULL){
635
if(mc->dh_bits == 0){
636
/* Find out the optimal number of DH bits */
637
/* Try to read the private key file */
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
639
do {
640
int secfile = open(seckeyfilename, O_RDONLY);
641
if(secfile == -1){
642
perror_plus("open");
643
break;
644
}
645
size_t buffer_capacity = 0;
646
while(true){
647
buffer_capacity = incbuffer((char **)&buffer.data,
648
(size_t)buffer.size,
649
(size_t)buffer_capacity);
650
if(buffer_capacity == 0){
651
perror_plus("incbuffer");
652
free(buffer.data);
653
buffer.data = NULL;
654
break;
655
}
656
ssize_t bytes_read = read(secfile,
657
buffer.data + buffer.size,
658
BUFFER_SIZE);
659
/* EOF */
660
if(bytes_read == 0){
661
break;
662
}
663
/* check bytes_read for failure */
664
if(bytes_read < 0){
665
perror_plus("read");
666
free(buffer.data);
667
buffer.data = NULL;
668
break;
669
}
670
buffer.size += (unsigned int)bytes_read;
671
}
672
close(secfile);
673
} while(false);
674
/* If successful, use buffer to parse private key */
675
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
676
if(buffer.data != NULL){
677
{
678
gnutls_openpgp_privkey_t privkey = NULL;
679
ret = gnutls_openpgp_privkey_init(&privkey);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error initializing OpenPGP key"
682
" structure: %s",
683
safer_gnutls_strerror(ret));
684
free(buffer.data);
685
buffer.data = NULL;
686
} else {
687
ret = gnutls_openpgp_privkey_import
688
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
689
if(ret != GNUTLS_E_SUCCESS){
690
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
691
safer_gnutls_strerror(ret));
692
privkey = NULL;
693
}
694
free(buffer.data);
695
buffer.data = NULL;
696
if(privkey != NULL){
697
/* Use private key to suggest an appropriate
698
sec_param */
699
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
700
gnutls_openpgp_privkey_deinit(privkey);
701
if(debug){
702
fprintf_plus(stderr, "This OpenPGP key implies using"
703
" a GnuTLS security parameter \"%s\".\n",
704
safe_string(gnutls_sec_param_get_name
705
(sec_param)));
706
}
707
}
708
}
709
}
710
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
711
/* Err on the side of caution */
712
sec_param = GNUTLS_SEC_PARAM_ULTRA;
713
if(debug){
714
fprintf_plus(stderr, "Falling back to security parameter"
715
" \"%s\"\n",
716
safe_string(gnutls_sec_param_get_name
717
(sec_param)));
718
}
719
}
720
}
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
722
if(uret != 0){
723
mc->dh_bits = uret;
724
if(debug){
725
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
726
" implies %u DH bits; using that.\n",
727
safe_string(gnutls_sec_param_get_name
728
(sec_param)),
729
mc->dh_bits);
730
}
731
} else {
732
fprintf_plus(stderr, "Failed to get implied number of DH"
733
" bits for security parameter \"%s\"): %s\n",
734
safe_string(gnutls_sec_param_get_name
735
(sec_param)),
736
safer_gnutls_strerror(ret));
737
goto globalfail;
738
}
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
749
}
750
}
579
751
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
580
752
581
753
return 0;
641
813
/* ignore client certificate if any. */
642
814
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
643
815
644
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
645
646
816
return 0;
647
817
}
648
818
650
820
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
651
821
__attribute__((unused)) const char *txt){}
652
822
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
875
/* Helper function to add_local_route() and delete_local_route() */
876
__attribute__((nonnull, warn_unused_result))
877
static bool add_delete_local_route(const bool add,
878
const char *address,
879
AvahiIfIndex if_index){
880
int ret;
881
char helper[] = "mandos-client-iprouteadddel";
882
char add_arg[] = "add";
883
char delete_arg[] = "delete";
884
char debug_flag[] = "--debug";
885
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
886
if(pluginhelperdir == NULL){
887
if(debug){
888
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
889
" variable not set; cannot run helper\n");
890
}
891
return false;
892
}
893
894
char interface[IF_NAMESIZE];
895
if(if_indextoname((unsigned int)if_index, interface) == NULL){
896
perror_plus("if_indextoname");
897
return false;
898
}
899
900
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
901
if(devnull == -1){
902
perror_plus("open(\"/dev/null\", O_RDONLY)");
903
return false;
904
}
905
pid_t pid = fork();
906
if(pid == 0){
907
/* Child */
908
/* Raise privileges */
909
errno = raise_privileges_permanently();
910
if(errno != 0){
911
perror_plus("Failed to raise privileges");
912
/* _exit(EX_NOPERM); */
913
} else {
914
/* Set group */
915
errno = 0;
916
ret = setgid(0);
917
if(ret == -1){
918
perror_plus("setgid");
919
_exit(EX_NOPERM);
920
}
921
/* Reset supplementary groups */
922
errno = 0;
923
ret = setgroups(0, NULL);
924
if(ret == -1){
925
perror_plus("setgroups");
926
_exit(EX_NOPERM);
927
}
928
}
929
ret = dup2(devnull, STDIN_FILENO);
930
if(ret == -1){
931
perror_plus("dup2(devnull, STDIN_FILENO)");
932
_exit(EX_OSERR);
933
}
934
ret = close(devnull);
935
if(ret == -1){
936
perror_plus("close");
937
_exit(EX_OSERR);
938
}
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
940
if(ret == -1){
941
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
942
_exit(EX_OSERR);
943
}
944
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
945
O_RDONLY
946
| O_DIRECTORY
947
| O_PATH
948
| O_CLOEXEC));
949
if(helperdir_fd == -1){
950
perror_plus("open");
951
_exit(EX_UNAVAILABLE);
952
}
953
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
954
helper, O_RDONLY));
955
if(helper_fd == -1){
956
perror_plus("openat");
957
close(helperdir_fd);
958
_exit(EX_UNAVAILABLE);
959
}
960
close(helperdir_fd);
961
#ifdef __GNUC__
962
#pragma GCC diagnostic push
963
#pragma GCC diagnostic ignored "-Wcast-qual"
964
#endif
965
if(fexecve(helper_fd, (char *const [])
966
{ helper, add ? add_arg : delete_arg, (char *)address,
967
interface, debug ? debug_flag : NULL, NULL },
968
environ) == -1){
969
#ifdef __GNUC__
970
#pragma GCC diagnostic pop
971
#endif
972
perror_plus("fexecve");
973
_exit(EXIT_FAILURE);
974
}
975
}
976
if(pid == -1){
977
perror_plus("fork");
978
return false;
979
}
980
int status;
981
pid_t pret = -1;
982
errno = 0;
983
do {
984
pret = waitpid(pid, &status, 0);
985
if(pret == -1 and errno == EINTR and quit_now){
986
int errno_raising = 0;
987
if((errno = raise_privileges()) != 0){
988
errno_raising = errno;
989
perror_plus("Failed to raise privileges in order to"
990
" kill helper program");
991
}
992
if(kill(pid, SIGTERM) == -1){
993
perror_plus("kill");
994
}
995
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
996
perror_plus("Failed to lower privileges after killing"
997
" helper program");
998
}
999
return false;
1000
}
1001
} while(pret == -1 and errno == EINTR);
1002
if(pret == -1){
1003
perror_plus("waitpid");
1004
return false;
1005
}
1006
if(WIFEXITED(status)){
1007
if(WEXITSTATUS(status) != 0){
1008
fprintf_plus(stderr, "Error: iprouteadddel exited"
1009
" with status %d\n", WEXITSTATUS(status));
1010
return false;
1011
}
1012
return true;
1013
}
1014
if(WIFSIGNALED(status)){
1015
fprintf_plus(stderr, "Error: iprouteadddel died by"
1016
" signal %d\n", WTERMSIG(status));
1017
return false;
1018
}
1019
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1020
return false;
1021
}
1022
1023
__attribute__((nonnull, warn_unused_result))
1024
static bool add_local_route(const char *address,
1025
AvahiIfIndex if_index){
1026
if(debug){
1027
fprintf_plus(stderr, "Adding route to %s\n", address);
1028
}
1029
return add_delete_local_route(true, address, if_index);
1030
}
1031
1032
__attribute__((nonnull, warn_unused_result))
1033
static bool delete_local_route(const char *address,
1034
AvahiIfIndex if_index){
1035
if(debug){
1036
fprintf_plus(stderr, "Removing route to %s\n", address);
1037
}
1038
return add_delete_local_route(false, address, if_index);
1039
}
1040
653
1041
/* Called when a Mandos server is found */
654
1042
__attribute__((nonnull, warn_unused_result))
655
1043
static int start_mandos_communication(const char *ip, in_port_t port,
666
1054
int retval = -1;
667
1055
gnutls_session_t session;
668
1056
int pf; /* Protocol family */
1057
bool route_added = false;
669
1058
670
1059
errno = 0;
671
1060
729
1118
PRIuMAX "\n", ip, (uintmax_t)port);
730
1119
}
731
1120
732
tcp_sd = socket(pf, SOCK_STREAM, 0);
1121
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
733
1122
if(tcp_sd < 0){
734
1123
int e = errno;
735
1124
perror_plus("socket");
742
1131
goto mandos_end;
743
1132
}
744
1133
745
memset(&to, 0, sizeof(to));
746
1134
if(af == AF_INET6){
747
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
748
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1135
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1136
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1137
ret = inet_pton(af, ip, &to6->sin6_addr);
749
1138
} else { /* IPv4 */
750
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
751
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1139
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1140
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1141
ret = inet_pton(af, ip, &to4->sin_addr);
752
1142
}
753
1143
if(ret < 0 ){
754
1144
int e = errno;
824
1214
goto mandos_end;
825
1215
}
826
1216
827
if(af == AF_INET6){
828
ret = connect(tcp_sd, (struct sockaddr *)&to,
829
sizeof(struct sockaddr_in6));
830
} else {
831
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
832
sizeof(struct sockaddr_in));
833
}
834
if(ret < 0){
835
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
836
int e = errno;
837
perror_plus("connect");
838
errno = e;
839
}
840
goto mandos_end;
841
}
842
843
if(quit_now){
844
errno = EINTR;
845
goto mandos_end;
1217
while(true){
1218
if(af == AF_INET6){
1219
ret = connect(tcp_sd, (struct sockaddr *)&to,
1220
sizeof(struct sockaddr_in6));
1221
} else {
1222
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1223
sizeof(struct sockaddr_in));
1224
}
1225
if(ret < 0){
1226
if(errno == ENETUNREACH
1227
and if_index != AVAHI_IF_UNSPEC
1228
and connect_to == NULL
1229
and not route_added and
1230
((af == AF_INET6 and not
1231
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1232
&to)->sin6_addr)))
1233
or (af == AF_INET and
1234
/* Not a a IPv4LL address */
1235
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1236
& 0xFFFF0000L) != 0xA9FE0000L))){
1237
/* Work around Avahi bug - Avahi does not announce link-local
1238
addresses if it has a global address, so local hosts with
1239
*only* a link-local address (e.g. Mandos clients) cannot
1240
connect to a Mandos server announced by Avahi on a server
1241
host with a global address. Work around this by retrying
1242
with an explicit route added with the server's address.
1243
1244
Avahi bug reference:
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1246
https://bugs.debian.org/587961
1247
*/
1248
if(debug){
1249
fprintf_plus(stderr, "Mandos server unreachable, trying"
1250
" direct route\n");
1251
}
1252
int e = errno;
1253
route_added = add_local_route(ip, if_index);
1254
if(route_added){
1255
continue;
1256
}
1257
errno = e;
1258
}
1259
if(errno != ECONNREFUSED or debug){
1260
int e = errno;
1261
perror_plus("connect");
1262
errno = e;
1263
}
1264
goto mandos_end;
1265
}
1266
1267
if(quit_now){
1268
errno = EINTR;
1269
goto mandos_end;
1270
}
1271
break;
846
1272
}
847
1273
848
1274
const char *out = mandos_protocol_version;
1031
1457
1032
1458
mandos_end:
1033
1459
{
1460
if(route_added){
1461
if(not delete_local_route(ip, if_index)){
1462
fprintf_plus(stderr, "Failed to delete local route to %s on"
1463
" interface %d", ip, if_index);
1464
}
1465
}
1034
1466
int e = errno;
1035
1467
free(decrypted_buffer);
1036
1468
free(buffer);
1037
1469
if(tcp_sd >= 0){
1038
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1470
ret = close(tcp_sd);
1039
1471
}
1040
1472
if(ret == -1){
1041
1473
if(e == 0){
1462
1894
}
1463
1895
}
1464
1896
1465
/* Set effective uid to 0, return errno */
1466
__attribute__((warn_unused_result))
1467
error_t raise_privileges(void){
1468
error_t old_errno = errno;
1469
error_t ret_errno = 0;
1470
if(seteuid(0) == -1){
1471
ret_errno = errno;
1472
}
1473
errno = old_errno;
1474
return ret_errno;
1475
}
1476
1477
/* Set effective and real user ID to 0. Return errno. */
1478
__attribute__((warn_unused_result))
1479
error_t raise_privileges_permanently(void){
1480
error_t old_errno = errno;
1481
error_t ret_errno = raise_privileges();
1482
if(ret_errno != 0){
1483
errno = old_errno;
1484
return ret_errno;
1485
}
1486
if(setuid(0) == -1){
1487
ret_errno = errno;
1488
}
1489
errno = old_errno;
1490
return ret_errno;
1491
}
1492
1493
/* Set effective user ID to unprivileged saved user ID */
1494
__attribute__((warn_unused_result))
1495
error_t lower_privileges(void){
1496
error_t old_errno = errno;
1497
error_t ret_errno = 0;
1498
if(seteuid(uid) == -1){
1499
ret_errno = errno;
1500
}
1501
errno = old_errno;
1502
return ret_errno;
1503
}
1504
1505
/* Lower privileges permanently */
1506
__attribute__((warn_unused_result))
1507
error_t lower_privileges_permanently(void){
1508
error_t old_errno = errno;
1509
error_t ret_errno = 0;
1510
if(setuid(uid) == -1){
1511
ret_errno = errno;
1512
}
1513
errno = old_errno;
1514
return ret_errno;
1515
}
1516
1517
1897
__attribute__((nonnull))
1518
1898
void run_network_hooks(const char *mode, const char *interface,
1519
1899
const float delay){
1520
1900
struct dirent **direntries = NULL;
1521
1901
if(hookdir_fd == -1){
1522
hookdir_fd = open(hookdir, O_RDONLY);
1902
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
1903
| O_CLOEXEC);
1523
1904
if(hookdir_fd == -1){
1524
1905
if(errno == ENOENT){
1525
1906
if(debug){
1550
1931
}
1551
1932
struct dirent *direntry;
1552
1933
int ret;
1553
int devnull = open("/dev/null", O_RDONLY);
1934
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
if(devnull == -1){
1936
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
return;
1938
}
1554
1939
for(int i = 0; i < numhooks; i++){
1555
1940
direntry = direntries[i];
1556
1941
if(debug){
1580
1965
perror_plus("setgroups");
1581
1966
_exit(EX_NOPERM);
1582
1967
}
1583
ret = dup2(devnull, STDIN_FILENO);
1584
if(ret == -1){
1585
perror_plus("dup2(devnull, STDIN_FILENO)");
1586
_exit(EX_OSERR);
1587
}
1588
ret = close(devnull);
1589
if(ret == -1){
1590
perror_plus("close");
1591
_exit(EX_OSERR);
1592
}
1593
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1594
if(ret == -1){
1595
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1596
_exit(EX_OSERR);
1597
}
1598
1968
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1599
1969
if(ret == -1){
1600
1970
perror_plus("setenv");
1635
2005
_exit(EX_OSERR);
1636
2006
}
1637
2007
}
1638
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2008
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2009
direntry->d_name,
2010
O_RDONLY));
1639
2011
if(hook_fd == -1){
1640
2012
perror_plus("openat");
1641
2013
_exit(EXIT_FAILURE);
1642
2014
}
1643
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2015
if(close(hookdir_fd) == -1){
1644
2016
perror_plus("close");
1645
2017
_exit(EXIT_FAILURE);
1646
2018
}
2019
ret = dup2(devnull, STDIN_FILENO);
2020
if(ret == -1){
2021
perror_plus("dup2(devnull, STDIN_FILENO)");
2022
_exit(EX_OSERR);
2023
}
2024
ret = close(devnull);
2025
if(ret == -1){
2026
perror_plus("close");
2027
_exit(EX_OSERR);
2028
}
2029
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2030
if(ret == -1){
2031
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2032
_exit(EX_OSERR);
2033
}
1647
2034
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1648
2035
environ) == -1){
1649
2036
perror_plus("fexecve");
1689
2076
free(direntry);
1690
2077
}
1691
2078
free(direntries);
1692
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2079
if(close(hookdir_fd) == -1){
1693
2080
perror_plus("close");
1694
2081
} else {
1695
2082
hookdir_fd = -1;
1735
2122
}
1736
2123
1737
2124
if(quit_now){
1738
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2125
ret = close(sd);
1739
2126
if(ret == -1){
1740
2127
perror_plus("close");
1741
2128
}
1791
2178
}
1792
2179
1793
2180
/* Close the socket */
1794
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2181
ret = close(sd);
1795
2182
if(ret == -1){
1796
2183
perror_plus("close");
1797
2184
}
1879
2266
}
1880
2267
1881
2268
/* Close the socket */
1882
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2269
int ret = close(sd);
1883
2270
if(ret == -1){
1884
2271
perror_plus("close");
1885
2272
}
1900
2287
}
1901
2288
1902
2289
int main(int argc, char *argv[]){
1903
mandos_context mc = { .server = NULL, .dh_bits = 1024,
1904
.priority = "SECURE256:!CTYPE-X.509:"
1905
"+CTYPE-OPENPGP", .current_server = NULL,
1906
.interfaces = NULL, .interfaces_size = 0 };
2290
mandos_context mc = { .server = NULL, .dh_bits = 0,
2291
.priority = "SECURE256:!CTYPE-X.509"
2292
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2293
.current_server = NULL, .interfaces = NULL,
2294
.interfaces_size = 0 };
1907
2295
AvahiSServiceBrowser *sb = NULL;
1908
2296
error_t ret_errno;
1909
2297
int ret;
1918
2306
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1919
2307
const char *seckey = PATHDIR "/" SECKEY;
1920
2308
const char *pubkey = PATHDIR "/" PUBKEY;
2309
const char *dh_params_file = NULL;
1921
2310
char *interfaces_hooks = NULL;
1922
2311
1923
2312
bool gnutls_initialized = false;
1976
2365
.doc = "Bit length of the prime number used in the"
1977
2366
" Diffie-Hellman key exchange",
1978
2367
.group = 2 },
2368
{ .name = "dh-params", .key = 134,
2369
.arg = "FILE",
2370
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2371
" for the Diffie-Hellman key exchange",
2372
.group = 2 },
1979
2373
{ .name = "priority", .key = 130,
1980
2374
.arg = "STRING",
1981
2375
.doc = "GnuTLS priority string for the TLS handshake",
2036
2430
}
2037
2431
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2038
2432
break;
2433
case 134: /* --dh-params */
2434
dh_params_file = arg;
2435
break;
2039
2436
case 130: /* --priority */
2040
2437
mc.priority = arg;
2041
2438
break;
2097
2494
goto end;
2098
2495
}
2099
2496
}
2100
2497
2101
2498
{
2102
2499
/* Work around Debian bug #633582:
2103
2500
<http://bugs.debian.org/633582> */
2127
2524
}
2128
2525
}
2129
2526
}
2130
TEMP_FAILURE_RETRY(close(seckey_fd));
2527
close(seckey_fd);
2131
2528
}
2132
2529
}
2133
2530
2134
2531
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2135
2532
int pubkey_fd = open(pubkey, O_RDONLY);
2136
2533
if(pubkey_fd == -1){
2148
2545
}
2149
2546
}
2150
2547
}
2151
TEMP_FAILURE_RETRY(close(pubkey_fd));
2152
}
2153
}
2154
2548
close(pubkey_fd);
2549
}
2550
}
2551
2552
if(dh_params_file != NULL
2553
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2554
int dhparams_fd = open(dh_params_file, O_RDONLY);
2555
if(dhparams_fd == -1){
2556
perror_plus("open");
2557
} else {
2558
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2559
if(ret == -1){
2560
perror_plus("fstat");
2561
} else {
2562
if(S_ISREG(st.st_mode)
2563
and st.st_uid == 0 and st.st_gid == 0){
2564
ret = fchown(dhparams_fd, uid, gid);
2565
if(ret == -1){
2566
perror_plus("fchown");
2567
}
2568
}
2569
}
2570
close(dhparams_fd);
2571
}
2572
}
2573
2155
2574
/* Lower privileges */
2156
2575
ret_errno = lower_privileges();
2157
2576
if(ret_errno != 0){
2331
2750
errno = bring_up_interface(interface, delay);
2332
2751
if(not interface_was_up){
2333
2752
if(errno != 0){
2334
perror_plus("Failed to bring up interface");
2753
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2754
" %s\n", interface, strerror(errno));
2335
2755
} else {
2336
2756
errno = argz_add(&interfaces_to_take_down,
2337
2757
&interfaces_to_take_down_size,
2360
2780
goto end;
2361
2781
}
2362
2782
2363
ret = init_gnutls_global(pubkey, seckey, &mc);
2783
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2364
2784
if(ret == -1){
2365
2785
fprintf_plus(stderr, "init_gnutls_global failed\n");
2366
2786
exitcode = EX_UNAVAILABLE;
2626
3046
/* Removes the GPGME temp directory and all files inside */
2627
3047
if(tempdir != NULL){
2628
3048
struct dirent **direntries = NULL;
2629
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2630
O_NOFOLLOW));
3049
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3050
| O_NOFOLLOW
3051
| O_DIRECTORY
3052
| O_PATH));
2631
3053
if(tempdir_fd == -1){
2632
3054
perror_plus("open");
2633
3055
} else {
2664
3086
perror_plus("rmdir");
2665
3087
}
2666
3088
}
2667
TEMP_FAILURE_RETRY(close(tempdir_fd));
3089
close(tempdir_fd);
2668
3090
}
2669
3091
}
2670
3092
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0