/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files removed:
bugs.xml

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

strtof(), abort() */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strcmp(), strlen(), strerror(),

asprintf(), strncpy() */

asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

inet_pton(), connect(),

getnameinfo() */

#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */

#include <fcntl.h> /* open(), unlinkat() */

#include <dirent.h> /* opendir(), struct dirent, readdir()

#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,

strtoimax() */

#include <errno.h> /* perror(), errno, EINTR, EINVAL,

EAI_SYSTEM, ENETUNREACH,

EHOSTUNREACH, ECONNREFUSED, EPROTO,

EIO, ENOENT, ENXIO, ENOMEM, EISDIR,

ENOTEMPTY,

#include <errno.h> /* perror(), errno,

program_invocation_short_name */

#include <time.h> /* nanosleep(), time(), sleep() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

517

513

fprintf_plus(stderr, "GnuTLS: %s", string);

518

514

}

519

515

520

__attribute__((nonnull(1, 2, 4), warn_unused_result))

516

__attribute__((nonnull, warn_unused_result))

521

517

static int init_gnutls_global(const char *pubkeyfilename,

522

518

const char *seckeyfilename,

523

519

const char *dhparamsfilename,

529

525

fprintf_plus(stderr, "Initializing GnuTLS\n");

530

526

}

531

527

528

ret = gnutls_global_init();

529

if(ret != GNUTLS_E_SUCCESS){

530

fprintf_plus(stderr, "GnuTLS global_init: %s\n",

531

safer_gnutls_strerror(ret));

532

return -1;

533

}

534

532

535

if(debug){

533

536

/* "Use a log level over 10 to enable all debugging options."

534

537

* - GnuTLS manual

542

545

if(ret != GNUTLS_E_SUCCESS){

543

546

fprintf_plus(stderr, "GnuTLS memory error: %s\n",

544

547

safer_gnutls_strerror(ret));

548

gnutls_global_deinit();

545

549

return -1;

546

550

}

547

551

751

755

globalfail:

752

756

753

757

gnutls_certificate_free_credentials(mc->cred);

758

gnutls_global_deinit();

754

759

gnutls_dh_params_deinit(mc->dh_params);

755

760

return -1;

756

761

}

817

822

818

823

/* Set effective uid to 0, return errno */

819

824

__attribute__((warn_unused_result))

820

int raise_privileges(void){

821

int old_errno = errno;

822

int ret = 0;

825

error_t raise_privileges(void){

826

error_t old_errno = errno;

827

error_t ret_errno = 0;

823

828

if(seteuid(0) == -1){

824

ret = errno;

829

ret_errno = errno;

825

830

}

826

831

errno = old_errno;

827

return ret;

832

return ret_errno;

828

833

}

829

834

830

835

/* Set effective and real user ID to 0. Return errno. */

831

836

__attribute__((warn_unused_result))

832

int raise_privileges_permanently(void){

833

int old_errno = errno;

834

int ret = raise_privileges();

835

if(ret != 0){

837

error_t raise_privileges_permanently(void){

838

error_t old_errno = errno;

839

error_t ret_errno = raise_privileges();

840

if(ret_errno != 0){

836

841

errno = old_errno;

837

return ret;

842

return ret_errno;

838

843

}

839

844

if(setuid(0) == -1){

840

ret = errno;

845

ret_errno = errno;

841

846

}

842

847

errno = old_errno;

843

return ret;

848

return ret_errno;

844

849

}

845

850

846

851

/* Set effective user ID to unprivileged saved user ID */

847

852

__attribute__((warn_unused_result))

848

int lower_privileges(void){

849

int old_errno = errno;

850

int ret = 0;

853

error_t lower_privileges(void){

854

error_t old_errno = errno;

855

error_t ret_errno = 0;

851

856

if(seteuid(uid) == -1){

852

ret = errno;

857

ret_errno = errno;

853

858

}

854

859

errno = old_errno;

855

return ret;

860

return ret_errno;

856

861

}

857

862

858

863

/* Lower privileges permanently */

859

864

__attribute__((warn_unused_result))

860

int lower_privileges_permanently(void){

861

int old_errno = errno;

862

int ret = 0;

865

error_t lower_privileges_permanently(void){

866

error_t old_errno = errno;

867

error_t ret_errno = 0;

863

868

if(setuid(uid) == -1){

864

ret = errno;

869

ret_errno = errno;

865

870

}

866

871

errno = old_errno;

867

return ret;

872

return ret_errno;

868

873

}

869

874

870

875

/* Helper function to add_local_route() and delete_local_route() */

1218

1223

sizeof(struct sockaddr_in));

1219

1224

}

1220

1225

if(ret < 0){

1221

if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))

1226

if(errno == ENETUNREACH

1222

1227

and if_index != AVAHI_IF_UNSPEC

1223

1228

and connect_to == NULL

1224

1229

and not route_added and

1237

1242

with an explicit route added with the server's address.

1238

1243

1239

1244

Avahi bug reference:

1240

https://lists.freedesktop.org/archives/avahi/2010-February/001833.html

1245

http://lists.freedesktop.org/archives/avahi/2010-February/001833.html

1241

1246

https://bugs.debian.org/587961

1242

1247

1243

1248

if(debug){

1423

1428

&decrypted_buffer, mc);

1424

1429

if(decrypted_buffer_size >= 0){

1425

1430

1426

clearerr(stdout);

1427

1431

written = 0;

1428

1432

while(written < (size_t) decrypted_buffer_size){

1429

1433

if(quit_now){

1445

1449

}

1446

1450

written += (size_t)ret;

1447

1451

}

1448

ret = fflush(stdout);

1449

if(ret != 0){

1450

int e = errno;

1451

if(debug){

1452

fprintf_plus(stderr, "Error writing encrypted data: %s\n",

1453

strerror(errno));

1454

}

1455

errno = e;

1456

goto mandos_end;

1457

}

1458

1452

retval = 0;

1459

1453

}

1460

1454

}

1634

1628

__attribute__((nonnull, warn_unused_result))

1635

1629

bool get_flags(const char *ifname, struct ifreq *ifr){

1636

1630

int ret;

1637

int old_errno;

1631

error_t ret_errno;

1638

1632

1639

1633

int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

1640

1634

if(s < 0){

1641

old_errno = errno;

1635

ret_errno = errno;

1642

1636

perror_plus("socket");

1643

errno = old_errno;

1637

errno = ret_errno;

1644

1638

return false;

1645

1639

}

1646

strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);

1647

ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */

1640

strcpy(ifr->ifr_name, ifname);

1648

1641

ret = ioctl(s, SIOCGIFFLAGS, ifr);

1649

1642

if(ret == -1){

1650

1643

if(debug){

1651

old_errno = errno;

1644

ret_errno = errno;

1652

1645

perror_plus("ioctl SIOCGIFFLAGS");

1653

errno = old_errno;

1646

errno = ret_errno;

1654

1647

}

1655

1648

return false;

1656

1649

}

1920

1913

return;

1921

1914

}

1922

1915

}

1916

#ifdef __GLIBC__

1917

#if __GLIBC_PREREQ(2, 15)

1923

1918

int numhooks = scandirat(hookdir_fd, ".", &direntries,

1924

1919

runnable_hook, alphasort);

1920

#else /* not __GLIBC_PREREQ(2, 15) */

1921

int numhooks = scandir(hookdir, &direntries, runnable_hook,

1922

alphasort);

1923

#endif /* not __GLIBC_PREREQ(2, 15) */

1924

#else /* not __GLIBC__ */

1925

int numhooks = scandir(hookdir, &direntries, runnable_hook,

1926

alphasort);

1927

#endif /* not __GLIBC__ */

1925

1928

if(numhooks == -1){

1926

1929

perror_plus("scandir");

1927

1930

return;

2082

2085

}

2083

2086

2084

2087

__attribute__((nonnull, warn_unused_result))

2085

int bring_up_interface(const char *const interface,

2086

const float delay){

2087

int old_errno = errno;

2088

error_t bring_up_interface(const char *const interface,

2089

const float delay){

2090

error_t old_errno = errno;

2088

2091

int ret;

2089

2092

struct ifreq network;

2090

2093

unsigned int if_index = if_nametoindex(interface);

2100

2103

}

2101

2104

2102

2105

if(not interface_is_up(interface)){

2103

int ret_errno = 0;

2104

int ioctl_errno = 0;

2106

error_t ret_errno = 0, ioctl_errno = 0;

2105

2107

if(not get_flags(interface, &network)){

2106

2108

ret_errno = errno;

2107

2109

fprintf_plus(stderr, "Failed to get flags for interface "

2210

2212

}

2211

2213

2212

2214

__attribute__((nonnull, warn_unused_result))

2213

int take_down_interface(const char *const interface){

2214

int old_errno = errno;

2215

error_t take_down_interface(const char *const interface){

2216

error_t old_errno = errno;

2215

2217

struct ifreq network;

2216

2218

unsigned int if_index = if_nametoindex(interface);

2217

2219

if(if_index == 0){

2220

2222

return ENXIO;

2221

2223

}

2222

2224

if(interface_is_up(interface)){

2223

int ret_errno = 0;

2224

int ioctl_errno = 0;

2225

error_t ret_errno = 0, ioctl_errno = 0;

2225

2226

if(not get_flags(interface, &network) and debug){

2226

2227

ret_errno = errno;

2227

2228

fprintf_plus(stderr, "Failed to get flags for interface "

2477

2478

.args_doc = "",

2478

2479

.doc = "Mandos client -- Get and decrypt"

2479

2480

" passwords from a Mandos server" };

2480

ret_errno = argp_parse(&argp, argc, argv,

2481

ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);

2482

switch(ret_errno){

2481

ret = argp_parse(&argp, argc, argv,

2482

ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);

2483

switch(ret){

2483

2484

case 0:

2484

2485

break;

2485

2486

case ENOMEM:

2486

2487

default:

2487

errno = ret_errno;

2488

errno = ret;

2488

2489

perror_plus("argp_parse");

2489

2490

exitcode = EX_OSERR;

2490

2491

goto end;

2496

2497

2498

{

2498

2499

/* Work around Debian bug #633582:

2499

<https://bugs.debian.org/633582> */

2500

<http://bugs.debian.org/633582> */

2500

2501

2502

/* Re-raise privileges */

2502

ret = raise_privileges();

2503

if(ret != 0){

2504

errno = ret;

2503

ret_errno = raise_privileges();

2504

if(ret_errno != 0){

2505

errno = ret_errno;

2505

2506

perror_plus("Failed to raise privileges");

2506

2507

} else {

2507

2508

struct stat st;

2571

2572

}

2572

2573

2574

/* Lower privileges */

2574

ret = lower_privileges();

2575

if(ret != 0){

2576

errno = ret;

2575

ret_errno = lower_privileges();

2576

if(ret_errno != 0){

2577

errno = ret_errno;

2577

2578

perror_plus("Failed to lower privileges");

2578

2579

}

2579

2580

}

2907

2908

2909

/* Allocate a new server */

2909

2910

mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),

2910

&config, NULL, NULL, &ret);

2911

&config, NULL, NULL, &ret_errno);

2911

2912

2913

/* Free the Avahi configuration data */

2913

2914

avahi_server_config_free(&config);

2916

2917

/* Check if creating the Avahi server object succeeded */

2917

2918

if(mc.server == NULL){

2918

2919

fprintf_plus(stderr, "Failed to create Avahi server: %s\n",

2919

avahi_strerror(ret));

2920

avahi_strerror(ret_errno));

2920

2921

exitcode = EX_UNAVAILABLE;

2921

2922

goto end;

2922

2923

}

2974

2975

2976

if(gnutls_initialized){

2976

2977

gnutls_certificate_free_credentials(mc.cred);

2978

gnutls_global_deinit();

2977

2979

gnutls_dh_params_deinit(mc.dh_params);

2978

2980

}

2979

2981

3002

3004

3003

3005

/* Re-raise privileges */

3004

3006

{

3005

ret = raise_privileges();

3006

if(ret != 0){

3007

errno = ret;

3007

ret_errno = raise_privileges();

3008

if(ret_errno != 0){

3009

errno = ret_errno;

3008

3010

perror_plus("Failed to raise privileges");

3009

3011

} else {

3010

3012

3018

3020

while((interface=argz_next(interfaces_to_take_down,

3019

3021

interfaces_to_take_down_size,

3020

3022

interface))){

3021

ret = take_down_interface(interface);

3022

if(ret != 0){

3023

errno = ret;

3023

ret_errno = take_down_interface(interface);

3024

if(ret_errno != 0){

3025

errno = ret_errno;

3024

3026

perror_plus("Failed to take down interface");

3025

3027

}

3026

3028

}

3031

3033

}

3032

3034

}

3033

3035

3034

ret = lower_privileges_permanently();

3035

if(ret != 0){

3036

errno = ret;

3036

ret_errno = lower_privileges_permanently();

3037

if(ret_errno != 0){

3038

errno = ret_errno;

3037

3039

perror_plus("Failed to lower privileges permanently");

3038

3040

}

3039

3041

}

3041

3043

free(interfaces_to_take_down);

3042

3044

free(interfaces_hooks);

3043

3045

3044

void clean_dir_at(int base, const char * const dirname,

3045

uintmax_t level){

3046

struct dirent **direntries = NULL;

3047

int dret;

3048

int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,

3049

O_RDONLY

3050

| O_NOFOLLOW

3051

| O_DIRECTORY

3052

| O_PATH));

3053

if(dir_fd == -1){

3054

perror_plus("open");

3055

}

3056

int numentries = scandirat(dir_fd, ".", &direntries,

3057

notdotentries, alphasort);

3058

if(numentries >= 0){

3059

for(int i = 0; i < numentries; i++){

3060

if(debug){

3061

fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",

3062

dirname, direntries[i]->d_name);

3063

}

3064

dret = unlinkat(dir_fd, direntries[i]->d_name, 0);

3065

if(dret == -1){

3066

if(errno == EISDIR){

3067

dret = unlinkat(dir_fd, direntries[i]->d_name,

3068

AT_REMOVEDIR);

3069

}

3070

if((dret == -1) and (errno == ENOTEMPTY)

3071

and (strcmp(direntries[i]->d_name, "private-keys-v1.d")

3072

== 0) and (level == 0)){

3073

/* Recurse only in this special case */

3074

clean_dir_at(dir_fd, direntries[i]->d_name, level+1);

3075

dret = 0;

3076

}

3077

if(dret == -1){

3078

fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,

3079

direntries[i]->d_name, strerror(errno));

3080

}

3081

}

3082

free(direntries[i]);

3083

}

3084

3085

/* need to clean even if 0 because man page doesn't specify */

3086

free(direntries);

3087

if(numentries == -1){

3088

perror_plus("scandirat");

3089

}

3090

dret = unlinkat(base, dirname, AT_REMOVEDIR);

3091

if(dret == -1 and errno != ENOENT){

3092

perror_plus("rmdir");

3093

}

3094

} else {

3095

perror_plus("scandirat");

3096

}

3097

close(dir_fd);

3098

}

3099

3100

3046

/* Removes the GPGME temp directory and all files inside */

3101

3047

if(tempdir != NULL){

3102

clean_dir_at(-1, tempdir, 0);

3048

struct dirent **direntries = NULL;

3049

int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY

3050

| O_NOFOLLOW

3051

| O_DIRECTORY

3052

| O_PATH));

3053

if(tempdir_fd == -1){

3054

perror_plus("open");

3055

} else {

3056

#ifdef __GLIBC__

3057

#if __GLIBC_PREREQ(2, 15)

3058

int numentries = scandirat(tempdir_fd, ".", &direntries,

3059

notdotentries, alphasort);

3060

#else /* not __GLIBC_PREREQ(2, 15) */

3061

int numentries = scandir(tempdir, &direntries, notdotentries,

3062

alphasort);

3063

#endif /* not __GLIBC_PREREQ(2, 15) */

3064

#else /* not __GLIBC__ */

3065

int numentries = scandir(tempdir, &direntries, notdotentries,

3066

alphasort);

3067

#endif /* not __GLIBC__ */

3068

if(numentries >= 0){

3069

for(int i = 0; i < numentries; i++){

3070

ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);

3071

if(ret == -1){

3072

fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"

3073

" \"%s\", 0): %s\n", tempdir,

3074

direntries[i]->d_name, strerror(errno));

3075

}

3076

free(direntries[i]);

3077

}

3078

3079

/* need to clean even if 0 because man page doesn't specify */

3080

free(direntries);

3081

if(numentries == -1){

3082

perror_plus("scandir");

3083

}

3084

ret = rmdir(tempdir);

3085

if(ret == -1 and errno != ENOENT){

3086

perror_plus("rmdir");

3087

}

3088

}

3089

close(tempdir_fd);

3090

}

3103

3091

}

3104

3092

3105

3093

if(quit_now){

Older »