To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 777
- compare with another revision
- download diff
- download tarball
- view history from revision 777
- Committer: Teddy Hogeborn
- Date: 2015-07-20 03:03:33 UTC
- Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2021 Teddy Hogeborn
13
* Copyright © 2008-2021 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2015 Teddy Hogeborn
13
* Copyright © 2008-2015 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
23
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
23
* General Public License for more details.
26
24
*
27
25
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
29
28
*
30
29
* Contact the authors at <mandos@recompile.se>.
31
30
*/
38
37
#define _FILE_OFFSET_BITS 64
39
38
#endif /* not _FILE_OFFSET_BITS */
40
39
41
#define _GNU_SOURCE /* program_invocation_short_name,
42
TEMP_FAILURE_RETRY(), O_CLOEXEC,
43
scandirat(), asprintf() */
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror() */
44
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
44
48
#include <stdbool.h> /* bool, false, true */
45
#include <argp.h> /* argp_program_version,
46
argp_program_bug_address,
47
struct argp_option,
48
struct argp_state, argp_error(),
49
argp_state_help,
50
ARGP_HELP_STD_HELP,
51
ARGP_HELP_EXIT_ERR,
52
ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,
53
argp_err_exit_status,
54
ARGP_ERR_UNKNOWN, struct argp,
55
argp_parse(), ARGP_IN_ORDER,
56
ARGP_NO_HELP */
57
#include <stddef.h> /* NULL, size_t */
58
#include <sys/types.h> /* uid_t, gid_t, sig_atomic_t,
59
seteuid(), setuid(), pid_t,
60
setgid(), getuid(), getgid() */
61
#include <unistd.h> /* uid_t, gid_t, TEMP_FAILURE_RETRY(),
62
seteuid(), setuid(), close(),
63
ssize_t, read(), fork(), setgid(),
64
_exit(), dup2(), STDIN_FILENO,
65
STDERR_FILENO, STDOUT_FILENO,
66
fexecve(), write(), getuid(),
67
getgid(), fchown(), symlink(),
68
sleep(), unlinkat(), pause() */
69
#include <netinet/in.h> /* in_port_t, struct sockaddr_in6,
70
sa_family_t, struct sockaddr_in,
71
htons(), IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN,
73
ntohl(), IPPROTO_IP */
74
#include <time.h> /* struct timespec, clock_gettime(),
75
CLOCK_MONOTONIC, time_t, struct tm,
76
gmtime_r(), clock_settime(),
77
CLOCK_REALTIME, nanosleep() */
78
#include <errno.h> /* errno,
79
program_invocation_short_name,
80
EINTR, EINVAL, ENETUNREACH,
81
EHOSTUNREACH, ECONNREFUSED, EPROTO,
82
EIO, ENOENT, ENXIO, error_t,
83
ENOMEM, EISDIR, ENOTEMPTY */
84
#include <stdio.h> /* fprintf(), stderr, perror(), FILE,
85
vfprintf(), off_t, SEEK_SET,
86
stdout, fwrite(), ferror(),
87
fflush(), asprintf() */
88
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
89
#include <stdlib.h> /* realloc(), free(), malloc(),
90
getenv(), EXIT_FAILURE, setenv(),
91
EXIT_SUCCESS, strtof(), strtod(),
92
srand(), mkdtemp(), abort() */
93
#include <string.h> /* strdup(), strcmp(), strlen(),
94
strerror(), strncpy(), strspn(),
95
memcpy(), strrchr(), strchr(),
96
strsignal() */
97
#include <fcntl.h> /* open(), O_RDONLY, O_DIRECTORY,
98
O_PATH, O_CLOEXEC, openat(),
99
O_NOFOLLOW, AT_REMOVEDIR */
100
#include <iso646.h> /* or, and, not */
101
#include <sys/stat.h> /* struct stat, fstat(), fstatat(),
102
S_ISREG(), S_IXUSR, S_IXGRP,
103
S_IXOTH, lstat() */
104
#include <net/if.h> /* IF_NAMESIZE, if_indextoname(),
105
if_nametoindex(), SIOCGIFFLAGS,
106
IFF_LOOPBACK, IFF_POINTOPOINT,
107
IFF_BROADCAST, IFF_NOARP, IFF_UP,
108
IFF_RUNNING, SIOCSIFFLAGS */
109
#include <sysexits.h> /* EX_NOPERM, EX_OSERR,
110
EX_UNAVAILABLE, EX_USAGE */
49
#include <string.h> /* strcmp(), strlen(), strerror(),
50
asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open(), S_ISREG */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect(),
59
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
*/
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
strtoimax() */
65
#include <errno.h> /* perror(), errno,
66
program_invocation_short_name */
67
#include <time.h> /* nanosleep(), time(), sleep() */
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
69
SIOCSIFFLAGS, if_indextoname(),
70
if_nametoindex(), IF_NAMESIZE */
71
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
72
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
73
*/
74
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit(),
77
unlinkat() */
78
#include <arpa/inet.h> /* inet_pton(), htons() */
79
#include <iso646.h> /* not, or, and */
80
#include <argp.h> /* struct argp_option, error_t, struct
81
argp_state, struct argp,
82
argp_parse(), ARGP_KEY_ARG,
83
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
84
#include <signal.h> /* sigemptyset(), sigaddset(),
85
sigaction(), SIGTERM, sig_atomic_t,
86
raise() */
87
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
88
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
89
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
90
WEXITSTATUS(), WTERMSIG() */
111
91
#include <grp.h> /* setgroups() */
112
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
113
WEXITSTATUS(), WIFSIGNALED(),
114
WTERMSIG() */
115
#include <signal.h> /* kill(), SIGTERM, struct sigaction,
116
SIG_DFL, sigemptyset(),
117
sigaddset(), SIGINT, SIGHUP,
118
SIG_IGN, raise() */
119
#include <sys/socket.h> /* struct sockaddr_storage, AF_INET6,
120
PF_INET6, AF_INET, PF_INET,
121
socket(), SOCK_STREAM,
122
SOCK_CLOEXEC, struct sockaddr,
123
connect(), SOCK_DGRAM */
124
#include <argz.h> /* argz_next(), argz_add_sep(),
125
argz_delete(), argz_stringify(),
126
argz_add(), argz_count() */
127
#include <inttypes.h> /* PRIuMAX, uintmax_t, uint32_t,
128
PRIdMAX, PRIu16, intmax_t,
129
strtoimax() */
130
#include <arpa/inet.h> /* inet_pton() */
131
#include <stdint.h> /* uint32_t, intptr_t, uint16_t */
92
#include <argz.h> /* argz_add_sep(), argz_next(),
93
argz_delete(), argz_append(),
94
argz_stringify(), argz_add(),
95
argz_count() */
132
96
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
133
97
EAI_SYSTEM, gai_strerror() */
134
#include <sys/ioctl.h> /* ioctl() */
135
#include <dirent.h> /* struct dirent, scandirat(),
136
alphasort(), scandir() */
137
#include <limits.h> /* INT_MAX */
138
98
139
99
#ifdef __linux__
140
100
#include <sys/klog.h> /* klogctl() */
153
113
154
114
/* GnuTLS */
155
115
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
156
functions: gnutls_*, GNUTLS_* */
157
#if GNUTLS_VERSION_NUMBER < 0x030600
116
functions:
117
gnutls_*
118
init_gnutls_session(),
119
GNUTLS_* */
158
120
#include <gnutls/openpgp.h>
159
121
/* gnutls_certificate_set_openpgp_key_file(),
160
122
GNUTLS_OPENPGP_FMT_BASE64 */
161
#elif GNUTLS_VERSION_NUMBER >= 0x030606
162
#include <gnutls/x509.h> /* GNUTLS_PKCS_PLAIN,
163
GNUTLS_PKCS_NULL_PASSWORD */
164
#endif
165
123
166
124
/* GPGME */
167
125
#include <gpgme.h> /* All GPGME types, constants and
168
126
functions:
169
gpgme_*, GPG_ERR_NO_*,
170
GPGME_IMPORT_*
171
GPGME_PROTOCOL_OpenPGP */
127
gpgme_*
128
GPGME_PROTOCOL_OpenPGP,
129
GPG_ERR_NO_* */
172
130
173
131
#define BUFFER_SIZE 256
174
132
175
133
#define PATHDIR "/conf/conf.d/mandos"
176
134
#define SECKEY "seckey.txt"
177
135
#define PUBKEY "pubkey.txt"
178
#define TLS_PRIVKEY "tls-privkey.pem"
179
#define TLS_PUBKEY "tls-pubkey.pem"
180
136
#define HOOKDIR "/lib/mandos/network-hooks.d"
181
137
182
138
bool debug = false;
310
266
return true;
311
267
}
312
268
313
/* Set effective uid to 0, return errno */
314
__attribute__((warn_unused_result))
315
int raise_privileges(void){
316
int old_errno = errno;
317
int ret = 0;
318
if(seteuid(0) == -1){
319
ret = errno;
320
}
321
errno = old_errno;
322
return ret;
323
}
324
325
/* Set effective and real user ID to 0. Return errno. */
326
__attribute__((warn_unused_result))
327
int raise_privileges_permanently(void){
328
int old_errno = errno;
329
int ret = raise_privileges();
330
if(ret != 0){
331
errno = old_errno;
332
return ret;
333
}
334
if(setuid(0) == -1){
335
ret = errno;
336
}
337
errno = old_errno;
338
return ret;
339
}
340
341
/* Set effective user ID to unprivileged saved user ID */
342
__attribute__((warn_unused_result))
343
int lower_privileges(void){
344
int old_errno = errno;
345
int ret = 0;
346
if(seteuid(uid) == -1){
347
ret = errno;
348
}
349
errno = old_errno;
350
return ret;
351
}
352
353
/* Lower privileges permanently */
354
__attribute__((warn_unused_result))
355
int lower_privileges_permanently(void){
356
int old_errno = errno;
357
int ret = 0;
358
if(setuid(uid) == -1){
359
ret = errno;
360
}
361
errno = old_errno;
362
return ret;
363
}
364
365
269
/*
366
270
* Initialize GPGME.
367
271
*/
387
291
return false;
388
292
}
389
293
390
/* Workaround for systems without a real-time clock; see also
391
Debian bug #894495: <https://bugs.debian.org/894495> */
392
do {
393
{
394
time_t currtime = time(NULL);
395
if(currtime != (time_t)-1){
396
struct tm tm;
397
if(gmtime_r(&currtime, &tm) == NULL) {
398
perror_plus("gmtime_r");
399
break;
400
}
401
if(tm.tm_year != 70 or tm.tm_mon != 0){
402
break;
403
}
404
if(debug){
405
fprintf_plus(stderr, "System clock is January 1970");
406
}
407
} else {
408
if(debug){
409
fprintf_plus(stderr, "System clock is invalid");
410
}
411
}
412
}
413
struct stat keystat;
414
ret = fstat(fd, &keystat);
415
if(ret != 0){
416
perror_plus("fstat");
417
break;
418
}
419
ret = raise_privileges();
420
if(ret != 0){
421
errno = ret;
422
perror_plus("Failed to raise privileges");
423
break;
424
}
425
if(debug){
426
fprintf_plus(stderr,
427
"Setting system clock to key file mtime");
428
}
429
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
430
perror_plus("clock_settime");
431
}
432
ret = lower_privileges();
433
if(ret != 0){
434
errno = ret;
435
perror_plus("Failed to lower privileges");
436
}
437
} while(false);
438
439
294
rc = gpgme_data_new_from_fd(&pgp_data, fd);
440
295
if(rc != GPG_ERR_NO_ERROR){
441
296
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
449
304
gpgme_strsource(rc), gpgme_strerror(rc));
450
305
return false;
451
306
}
452
{
453
gpgme_import_result_t import_result
454
= gpgme_op_import_result(mc->ctx);
455
if((import_result->imported < 1
456
or import_result->not_imported > 0)
457
and import_result->unchanged == 0){
458
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
459
fprintf_plus(stderr,
460
"The total number of considered keys: %d\n",
461
import_result->considered);
462
fprintf_plus(stderr,
463
"The number of keys without user ID: %d\n",
464
import_result->no_user_id);
465
fprintf_plus(stderr,
466
"The total number of imported keys: %d\n",
467
import_result->imported);
468
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
469
import_result->imported_rsa);
470
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
471
import_result->unchanged);
472
fprintf_plus(stderr, "The number of new user IDs: %d\n",
473
import_result->new_user_ids);
474
fprintf_plus(stderr, "The number of new sub keys: %d\n",
475
import_result->new_sub_keys);
476
fprintf_plus(stderr, "The number of new signatures: %d\n",
477
import_result->new_signatures);
478
fprintf_plus(stderr, "The number of new revocations: %d\n",
479
import_result->new_revocations);
480
fprintf_plus(stderr,
481
"The total number of secret keys read: %d\n",
482
import_result->secret_read);
483
fprintf_plus(stderr,
484
"The number of imported secret keys: %d\n",
485
import_result->secret_imported);
486
fprintf_plus(stderr,
487
"The number of unchanged secret keys: %d\n",
488
import_result->secret_unchanged);
489
fprintf_plus(stderr, "The number of keys not imported: %d\n",
490
import_result->not_imported);
491
for(gpgme_import_status_t import_status
492
= import_result->imports;
493
import_status != NULL;
494
import_status = import_status->next){
495
fprintf_plus(stderr, "Import status for key: %s\n",
496
import_status->fpr);
497
if(import_status->result != GPG_ERR_NO_ERROR){
498
fprintf_plus(stderr, "Import result: %s: %s\n",
499
gpgme_strsource(import_status->result),
500
gpgme_strerror(import_status->result));
501
}
502
fprintf_plus(stderr, "Key status:\n");
503
fprintf_plus(stderr,
504
import_status->status & GPGME_IMPORT_NEW
505
? "The key was new.\n"
506
: "The key was not new.\n");
507
fprintf_plus(stderr,
508
import_status->status & GPGME_IMPORT_UID
509
? "The key contained new user IDs.\n"
510
: "The key did not contain new user IDs.\n");
511
fprintf_plus(stderr,
512
import_status->status & GPGME_IMPORT_SIG
513
? "The key contained new signatures.\n"
514
: "The key did not contain new signatures.\n");
515
fprintf_plus(stderr,
516
import_status->status & GPGME_IMPORT_SUBKEY
517
? "The key contained new sub keys.\n"
518
: "The key did not contain new sub keys.\n");
519
fprintf_plus(stderr,
520
import_status->status & GPGME_IMPORT_SECRET
521
? "The key contained a secret key.\n"
522
: "The key did not contain a secret key.\n");
523
}
524
return false;
525
}
526
}
527
307
528
308
ret = close(fd);
529
309
if(ret == -1){
570
350
/* Create new GPGME "context" */
571
351
rc = gpgme_new(&(mc->ctx));
572
352
if(rc != GPG_ERR_NO_ERROR){
573
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
574
gpgme_strsource(rc), gpgme_strerror(rc));
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
575
356
return false;
576
357
}
577
358
613
394
/* Create new empty GPGME data buffer for the plaintext */
614
395
rc = gpgme_data_new(&dh_plain);
615
396
if(rc != GPG_ERR_NO_ERROR){
616
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
617
399
gpgme_strsource(rc), gpgme_strerror(rc));
618
400
gpgme_data_release(dh_crypto);
619
401
return -1;
632
414
if(result == NULL){
633
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
634
416
} else {
635
if(result->unsupported_algorithm != NULL) {
636
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
637
result->unsupported_algorithm);
638
}
639
fprintf_plus(stderr, "Wrong key usage: %s\n",
640
result->wrong_key_usage ? "Yes" : "No");
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
641
421
if(result->file_name != NULL){
642
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
643
423
}
644
645
for(gpgme_recipient_t r = result->recipients; r != NULL;
646
r = r->next){
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
647
427
fprintf_plus(stderr, "Public key algorithm: %s\n",
648
gpgme_pubkey_algo_name(r->pubkey_algo));
649
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
650
431
fprintf_plus(stderr, "Secret key available: %s\n",
651
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
652
435
}
653
436
}
654
437
}
730
513
fprintf_plus(stderr, "GnuTLS: %s", string);
731
514
}
732
515
733
__attribute__((nonnull(1, 2, 4), warn_unused_result))
516
__attribute__((nonnull, warn_unused_result))
734
517
static int init_gnutls_global(const char *pubkeyfilename,
735
518
const char *seckeyfilename,
736
519
const char *dhparamsfilename,
737
520
mandos_context *mc){
738
521
int ret;
522
unsigned int uret;
739
523
740
524
if(debug){
741
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
742
526
}
743
527
528
ret = gnutls_global_init();
529
if(ret != GNUTLS_E_SUCCESS){
530
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
531
safer_gnutls_strerror(ret));
532
return -1;
533
}
534
744
535
if(debug){
745
536
/* "Use a log level over 10 to enable all debugging options."
746
537
* - GnuTLS manual
754
545
if(ret != GNUTLS_E_SUCCESS){
755
546
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
756
547
safer_gnutls_strerror(ret));
548
gnutls_global_deinit();
757
549
return -1;
758
550
}
759
551
760
552
if(debug){
761
fprintf_plus(stderr, "Attempting to use public key %s and"
762
" private key %s as GnuTLS credentials\n",
553
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
554
" secret key %s as GnuTLS credentials\n",
763
555
pubkeyfilename,
764
556
seckeyfilename);
765
557
}
766
558
767
#if GNUTLS_VERSION_NUMBER >= 0x030606
768
ret = gnutls_certificate_set_rawpk_key_file
769
(mc->cred, pubkeyfilename, seckeyfilename,
770
GNUTLS_X509_FMT_PEM, /* format */
771
NULL, /* pass */
772
/* key_usage */
773
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
774
NULL, /* names */
775
0, /* names_length */
776
/* privkey_flags */
777
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
778
0); /* pkcs11_flags */
779
#elif GNUTLS_VERSION_NUMBER < 0x030600
780
559
ret = gnutls_certificate_set_openpgp_key_file
781
560
(mc->cred, pubkeyfilename, seckeyfilename,
782
561
GNUTLS_OPENPGP_FMT_BASE64);
783
#else
784
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
785
#endif
786
562
if(ret != GNUTLS_E_SUCCESS){
787
563
fprintf_plus(stderr,
788
"Error[%d] while reading the key pair ('%s',"
564
"Error[%d] while reading the OpenPGP key pair ('%s',"
789
565
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
790
566
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
791
567
safer_gnutls_strerror(ret));
839
615
}
840
616
params.size += (unsigned int)bytes_read;
841
617
}
842
ret = close(dhpfile);
843
if(ret == -1){
844
perror_plus("close");
845
}
846
618
if(params.data == NULL){
847
619
dhparamsfilename = NULL;
848
620
}
857
629
safer_gnutls_strerror(ret));
858
630
dhparamsfilename = NULL;
859
631
}
860
free(params.data);
861
632
} while(false);
862
633
}
863
634
if(dhparamsfilename == NULL){
864
635
if(mc->dh_bits == 0){
865
#if GNUTLS_VERSION_NUMBER < 0x030600
866
636
/* Find out the optimal number of DH bits */
867
637
/* Try to read the private key file */
868
638
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
948
718
}
949
719
}
950
720
}
951
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
721
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
952
722
if(uret != 0){
953
723
mc->dh_bits = uret;
954
724
if(debug){
966
736
safer_gnutls_strerror(ret));
967
737
goto globalfail;
968
738
}
969
#endif
970
} else { /* dh_bits != 0 */
971
if(debug){
972
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
973
mc->dh_bits);
974
}
975
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
976
if(ret != GNUTLS_E_SUCCESS){
977
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
978
" bits): %s\n", mc->dh_bits,
979
safer_gnutls_strerror(ret));
980
goto globalfail;
981
}
982
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
739
} else if(debug){
740
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
741
mc->dh_bits);
742
}
743
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
744
if(ret != GNUTLS_E_SUCCESS){
745
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
746
" bits): %s\n", mc->dh_bits,
747
safer_gnutls_strerror(ret));
748
goto globalfail;
983
749
}
984
750
}
751
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
985
752
986
753
return 0;
987
754
988
755
globalfail:
989
756
990
757
gnutls_certificate_free_credentials(mc->cred);
758
gnutls_global_deinit();
991
759
gnutls_dh_params_deinit(mc->dh_params);
992
760
return -1;
993
761
}
998
766
int ret;
999
767
/* GnuTLS session creation */
1000
768
do {
1001
ret = gnutls_init(session, (GNUTLS_SERVER
1002
#if GNUTLS_VERSION_NUMBER >= 0x030506
1003
| GNUTLS_NO_TICKETS
1004
#endif
1005
#if GNUTLS_VERSION_NUMBER >= 0x030606
1006
| GNUTLS_ENABLE_RAWPK
1007
#endif
1008
));
769
ret = gnutls_init(session, GNUTLS_SERVER);
1009
770
if(quit_now){
1010
771
return -1;
1011
772
}
1059
820
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1060
821
__attribute__((unused)) const char *txt){}
1061
822
823
/* Set effective uid to 0, return errno */
824
__attribute__((warn_unused_result))
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
828
if(seteuid(0) == -1){
829
ret_errno = errno;
830
}
831
errno = old_errno;
832
return ret_errno;
833
}
834
835
/* Set effective and real user ID to 0. Return errno. */
836
__attribute__((warn_unused_result))
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
841
errno = old_errno;
842
return ret_errno;
843
}
844
if(setuid(0) == -1){
845
ret_errno = errno;
846
}
847
errno = old_errno;
848
return ret_errno;
849
}
850
851
/* Set effective user ID to unprivileged saved user ID */
852
__attribute__((warn_unused_result))
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
856
if(seteuid(uid) == -1){
857
ret_errno = errno;
858
}
859
errno = old_errno;
860
return ret_errno;
861
}
862
863
/* Lower privileges permanently */
864
__attribute__((warn_unused_result))
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
868
if(setuid(uid) == -1){
869
ret_errno = errno;
870
}
871
errno = old_errno;
872
return ret_errno;
873
}
874
1062
875
/* Helper function to add_local_route() and delete_local_route() */
1063
876
__attribute__((nonnull, warn_unused_result))
1064
877
static bool add_delete_local_route(const bool add,
1103
916
ret = setgid(0);
1104
917
if(ret == -1){
1105
918
perror_plus("setgid");
1106
close(devnull);
1107
919
_exit(EX_NOPERM);
1108
920
}
1109
921
/* Reset supplementary groups */
1111
923
ret = setgroups(0, NULL);
1112
924
if(ret == -1){
1113
925
perror_plus("setgroups");
1114
close(devnull);
1115
926
_exit(EX_NOPERM);
1116
927
}
1117
928
}
1118
929
ret = dup2(devnull, STDIN_FILENO);
1119
930
if(ret == -1){
1120
931
perror_plus("dup2(devnull, STDIN_FILENO)");
1121
close(devnull);
1122
932
_exit(EX_OSERR);
1123
933
}
1124
934
ret = close(devnull);
1125
935
if(ret == -1){
1126
936
perror_plus("close");
937
_exit(EX_OSERR);
1127
938
}
1128
939
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1129
940
if(ret == -1){
1164
975
}
1165
976
if(pid == -1){
1166
977
perror_plus("fork");
1167
close(devnull);
1168
978
return false;
1169
979
}
1170
ret = close(devnull);
1171
if(ret == -1){
1172
perror_plus("close");
1173
}
1174
980
int status;
1175
981
pid_t pret = -1;
1176
982
errno = 0;
1276
1082
bool match = false;
1277
1083
{
1278
1084
char *interface = NULL;
1279
while((interface = argz_next(mc->interfaces,
1280
mc->interfaces_size,
1281
interface))){
1085
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1086
interface))){
1282
1087
if(if_nametoindex(interface) == (unsigned int)if_index){
1283
1088
match = true;
1284
1089
break;
1418
1223
sizeof(struct sockaddr_in));
1419
1224
}
1420
1225
if(ret < 0){
1421
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1226
if(errno == ENETUNREACH
1422
1227
and if_index != AVAHI_IF_UNSPEC
1423
1228
and connect_to == NULL
1424
1229
and not route_added and
1437
1242
with an explicit route added with the server's address.
1438
1243
1439
1244
Avahi bug reference:
1440
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1441
1246
https://bugs.debian.org/587961
1442
1247
*/
1443
1248
if(debug){
1623
1428
&decrypted_buffer, mc);
1624
1429
if(decrypted_buffer_size >= 0){
1625
1430
1626
clearerr(stdout);
1627
1431
written = 0;
1628
1432
while(written < (size_t) decrypted_buffer_size){
1629
1433
if(quit_now){
1645
1449
}
1646
1450
written += (size_t)ret;
1647
1451
}
1648
ret = fflush(stdout);
1649
if(ret != 0){
1650
int e = errno;
1651
if(debug){
1652
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1653
strerror(errno));
1654
}
1655
errno = e;
1656
goto mandos_end;
1657
}
1658
1452
retval = 0;
1659
1453
}
1660
1454
}
1691
1485
return retval;
1692
1486
}
1693
1487
1488
__attribute__((nonnull))
1694
1489
static void resolve_callback(AvahiSServiceResolver *r,
1695
1490
AvahiIfIndex interface,
1696
1491
AvahiProtocol proto,
1833
1628
__attribute__((nonnull, warn_unused_result))
1834
1629
bool get_flags(const char *ifname, struct ifreq *ifr){
1835
1630
int ret;
1836
int old_errno;
1631
error_t ret_errno;
1837
1632
1838
1633
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1839
1634
if(s < 0){
1840
old_errno = errno;
1635
ret_errno = errno;
1841
1636
perror_plus("socket");
1842
errno = old_errno;
1637
errno = ret_errno;
1843
1638
return false;
1844
1639
}
1845
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1846
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1640
strcpy(ifr->ifr_name, ifname);
1847
1641
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1848
1642
if(ret == -1){
1849
1643
if(debug){
1850
old_errno = errno;
1644
ret_errno = errno;
1851
1645
perror_plus("ioctl SIOCGIFFLAGS");
1852
errno = old_errno;
1853
}
1854
if((close(s) == -1) and debug){
1855
old_errno = errno;
1856
perror_plus("close");
1857
errno = old_errno;
1646
errno = ret_errno;
1858
1647
}
1859
1648
return false;
1860
1649
}
1861
if((close(s) == -1) and debug){
1862
old_errno = errno;
1863
perror_plus("close");
1864
errno = old_errno;
1865
}
1866
1650
return true;
1867
1651
}
1868
1652
2129
1913
return;
2130
1914
}
2131
1915
}
2132
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2133
if(devnull == -1){
2134
perror_plus("open(\"/dev/null\", O_RDONLY)");
2135
return;
2136
}
1916
#ifdef __GLIBC__
1917
#if __GLIBC_PREREQ(2, 15)
2137
1918
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2138
1919
runnable_hook, alphasort);
1920
#else /* not __GLIBC_PREREQ(2, 15) */
1921
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1922
alphasort);
1923
#endif /* not __GLIBC_PREREQ(2, 15) */
1924
#else /* not __GLIBC__ */
1925
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1926
alphasort);
1927
#endif /* not __GLIBC__ */
2139
1928
if(numhooks == -1){
2140
1929
perror_plus("scandir");
2141
close(devnull);
2142
1930
return;
2143
1931
}
2144
1932
struct dirent *direntry;
2145
1933
int ret;
1934
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1935
if(devnull == -1){
1936
perror_plus("open(\"/dev/null\", O_RDONLY)");
1937
return;
1938
}
2146
1939
for(int i = 0; i < numhooks; i++){
2147
1940
direntry = direntries[i];
2148
1941
if(debug){
2292
2085
}
2293
2086
2294
2087
__attribute__((nonnull, warn_unused_result))
2295
int bring_up_interface(const char *const interface,
2296
const float delay){
2297
int old_errno = errno;
2088
error_t bring_up_interface(const char *const interface,
2089
const float delay){
2090
error_t old_errno = errno;
2298
2091
int ret;
2299
2092
struct ifreq network;
2300
2093
unsigned int if_index = if_nametoindex(interface);
2310
2103
}
2311
2104
2312
2105
if(not interface_is_up(interface)){
2313
int ret_errno = 0;
2314
int ioctl_errno = 0;
2106
error_t ret_errno = 0, ioctl_errno = 0;
2315
2107
if(not get_flags(interface, &network)){
2316
2108
ret_errno = errno;
2317
2109
fprintf_plus(stderr, "Failed to get flags for interface "
2404
2196
2405
2197
/* Sleep checking until interface is running.
2406
2198
Check every 0.25s, up to total time of delay */
2407
for(int i = 0; i < delay * 4; i++){
2199
for(int i=0; i < delay * 4; i++){
2408
2200
if(interface_is_running(interface)){
2409
2201
break;
2410
2202
}
2420
2212
}
2421
2213
2422
2214
__attribute__((nonnull, warn_unused_result))
2423
int take_down_interface(const char *const interface){
2424
int old_errno = errno;
2215
error_t take_down_interface(const char *const interface){
2216
error_t old_errno = errno;
2425
2217
struct ifreq network;
2426
2218
unsigned int if_index = if_nametoindex(interface);
2427
2219
if(if_index == 0){
2430
2222
return ENXIO;
2431
2223
}
2432
2224
if(interface_is_up(interface)){
2433
int ret_errno = 0;
2434
int ioctl_errno = 0;
2225
error_t ret_errno = 0, ioctl_errno = 0;
2435
2226
if(not get_flags(interface, &network) and debug){
2436
2227
ret_errno = errno;
2437
2228
fprintf_plus(stderr, "Failed to get flags for interface "
2497
2288
2498
2289
int main(int argc, char *argv[]){
2499
2290
mandos_context mc = { .server = NULL, .dh_bits = 0,
2500
#if GNUTLS_VERSION_NUMBER >= 0x030606
2501
.priority = "SECURE128:!CTYPE-X.509"
2502
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2503
":%PROFILE_ULTRA",
2504
#elif GNUTLS_VERSION_NUMBER < 0x030600
2505
2291
.priority = "SECURE256:!CTYPE-X.509"
2506
2292
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2507
#else
2508
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2509
#endif
2510
2293
.current_server = NULL, .interfaces = NULL,
2511
2294
.interfaces_size = 0 };
2512
2295
AvahiSServiceBrowser *sb = NULL;
2523
2306
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2524
2307
const char *seckey = PATHDIR "/" SECKEY;
2525
2308
const char *pubkey = PATHDIR "/" PUBKEY;
2526
#if GNUTLS_VERSION_NUMBER >= 0x030606
2527
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2528
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2529
#endif
2530
2309
const char *dh_params_file = NULL;
2531
2310
char *interfaces_hooks = NULL;
2532
2311
2580
2359
{ .name = "pubkey", .key = 'p',
2581
2360
.arg = "FILE",
2582
2361
.doc = "OpenPGP public key file base name",
2583
.group = 1 },
2584
{ .name = "tls-privkey", .key = 't',
2585
.arg = "FILE",
2586
#if GNUTLS_VERSION_NUMBER >= 0x030606
2587
.doc = "TLS private key file base name",
2588
#else
2589
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2590
#endif
2591
.group = 1 },
2592
{ .name = "tls-pubkey", .key = 'T',
2593
.arg = "FILE",
2594
#if GNUTLS_VERSION_NUMBER >= 0x030606
2595
.doc = "TLS public key file base name",
2596
#else
2597
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2598
#endif
2599
.group = 1 },
2362
.group = 2 },
2600
2363
{ .name = "dh-bits", .key = 129,
2601
2364
.arg = "BITS",
2602
2365
.doc = "Bit length of the prime number used in the"
2658
2421
case 'p': /* --pubkey */
2659
2422
pubkey = arg;
2660
2423
break;
2661
case 't': /* --tls-privkey */
2662
#if GNUTLS_VERSION_NUMBER >= 0x030606
2663
tls_privkey = arg;
2664
#endif
2665
break;
2666
case 'T': /* --tls-pubkey */
2667
#if GNUTLS_VERSION_NUMBER >= 0x030606
2668
tls_pubkey = arg;
2669
#endif
2670
break;
2671
2424
case 129: /* --dh-bits */
2672
2425
errno = 0;
2673
2426
tmpmax = strtoimax(arg, &tmp, 10);
2708
2461
argp_state_help(state, state->out_stream,
2709
2462
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2710
2463
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2711
__builtin_unreachable();
2712
2464
case -3: /* --usage */
2713
2465
argp_state_help(state, state->out_stream,
2714
2466
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2715
__builtin_unreachable();
2716
2467
case 'V': /* --version */
2717
2468
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2718
2469
exit(argp_err_exit_status);
2727
2478
.args_doc = "",
2728
2479
.doc = "Mandos client -- Get and decrypt"
2729
2480
" passwords from a Mandos server" };
2730
ret_errno = argp_parse(&argp, argc, argv,
2731
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2732
switch(ret_errno){
2481
ret = argp_parse(&argp, argc, argv,
2482
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2483
switch(ret){
2733
2484
case 0:
2734
2485
break;
2735
2486
case ENOMEM:
2736
2487
default:
2737
errno = ret_errno;
2488
errno = ret;
2738
2489
perror_plus("argp_parse");
2739
2490
exitcode = EX_OSERR;
2740
2491
goto end;
2745
2496
}
2746
2497
2747
2498
{
2499
/* Work around Debian bug #633582:
2500
<http://bugs.debian.org/633582> */
2501
2748
2502
/* Re-raise privileges */
2749
ret = raise_privileges();
2750
if(ret != 0){
2751
errno = ret;
2503
ret_errno = raise_privileges();
2504
if(ret_errno != 0){
2505
errno = ret_errno;
2752
2506
perror_plus("Failed to raise privileges");
2753
2507
} else {
2754
2508
struct stat st;
2755
2509
2756
/* Work around Debian bug #633582:
2757
<https://bugs.debian.org/633582> */
2758
2759
2510
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2760
2511
int seckey_fd = open(seckey, O_RDONLY);
2761
2512
if(seckey_fd == -1){
2820
2571
}
2821
2572
}
2822
2573
2823
/* Work around Debian bug #981302
2824
<https://bugs.debian.org/981302> */
2825
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2826
ret = symlink("/proc/self/fd", "/dev/fd");
2827
if(ret == -1){
2828
perror_plus("Failed to create /dev/fd symlink");
2829
}
2830
}
2831
2832
2574
/* Lower privileges */
2833
ret = lower_privileges();
2834
if(ret != 0){
2835
errno = ret;
2575
ret_errno = lower_privileges();
2576
if(ret_errno != 0){
2577
errno = ret_errno;
2836
2578
perror_plus("Failed to lower privileges");
2837
2579
}
2838
2580
}
3038
2780
goto end;
3039
2781
}
3040
2782
3041
#if GNUTLS_VERSION_NUMBER >= 0x030606
3042
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3043
#elif GNUTLS_VERSION_NUMBER < 0x030600
3044
2783
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3045
#else
3046
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3047
#endif
3048
2784
if(ret == -1){
3049
2785
fprintf_plus(stderr, "init_gnutls_global failed\n");
3050
2786
exitcode = EX_UNAVAILABLE;
3172
2908
3173
2909
/* Allocate a new server */
3174
2910
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3175
&config, NULL, NULL, &ret);
2911
&config, NULL, NULL, &ret_errno);
3176
2912
3177
2913
/* Free the Avahi configuration data */
3178
2914
avahi_server_config_free(&config);
3181
2917
/* Check if creating the Avahi server object succeeded */
3182
2918
if(mc.server == NULL){
3183
2919
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3184
avahi_strerror(ret));
2920
avahi_strerror(ret_errno));
3185
2921
exitcode = EX_UNAVAILABLE;
3186
2922
goto end;
3187
2923
}
3222
2958
end:
3223
2959
3224
2960
if(debug){
3225
if(signal_received){
3226
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3227
argv[0], signal_received,
3228
strsignal(signal_received));
3229
} else {
3230
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3231
}
2961
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3232
2962
}
3233
2963
3234
2964
/* Cleanup things */
3245
2975
3246
2976
if(gnutls_initialized){
3247
2977
gnutls_certificate_free_credentials(mc.cred);
2978
gnutls_global_deinit();
3248
2979
gnutls_dh_params_deinit(mc.dh_params);
3249
2980
}
3250
2981
3273
3004
3274
3005
/* Re-raise privileges */
3275
3006
{
3276
ret = raise_privileges();
3277
if(ret != 0){
3278
errno = ret;
3007
ret_errno = raise_privileges();
3008
if(ret_errno != 0){
3009
errno = ret_errno;
3279
3010
perror_plus("Failed to raise privileges");
3280
3011
} else {
3281
3012
3286
3017
/* Take down the network interfaces which were brought up */
3287
3018
{
3288
3019
char *interface = NULL;
3289
while((interface = argz_next(interfaces_to_take_down,
3290
interfaces_to_take_down_size,
3291
interface))){
3292
ret = take_down_interface(interface);
3293
if(ret != 0){
3294
errno = ret;
3020
while((interface=argz_next(interfaces_to_take_down,
3021
interfaces_to_take_down_size,
3022
interface))){
3023
ret_errno = take_down_interface(interface);
3024
if(ret_errno != 0){
3025
errno = ret_errno;
3295
3026
perror_plus("Failed to take down interface");
3296
3027
}
3297
3028
}
3302
3033
}
3303
3034
}
3304
3035
3305
ret = lower_privileges_permanently();
3306
if(ret != 0){
3307
errno = ret;
3036
ret_errno = lower_privileges_permanently();
3037
if(ret_errno != 0){
3038
errno = ret_errno;
3308
3039
perror_plus("Failed to lower privileges permanently");
3309
3040
}
3310
3041
}
3312
3043
free(interfaces_to_take_down);
3313
3044
free(interfaces_hooks);
3314
3045
3315
void clean_dir_at(int base, const char * const dirname,
3316
uintmax_t level){
3317
struct dirent **direntries = NULL;
3318
int dret;
3319
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3320
O_RDONLY
3321
| O_NOFOLLOW
3322
| O_DIRECTORY
3323
| O_PATH));
3324
if(dir_fd == -1){
3325
perror_plus("open");
3326
return;
3327
}
3328
int numentries = scandirat(dir_fd, ".", &direntries,
3329
notdotentries, alphasort);
3330
if(numentries >= 0){
3331
for(int i = 0; i < numentries; i++){
3332
if(debug){
3333
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3334
dirname, direntries[i]->d_name);
3335
}
3336
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3337
if(dret == -1){
3338
if(errno == EISDIR){
3339
dret = unlinkat(dir_fd, direntries[i]->d_name,
3340
AT_REMOVEDIR);
3341
}
3342
if((dret == -1) and (errno == ENOTEMPTY)
3343
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3344
== 0) and (level == 0)){
3345
/* Recurse only in this special case */
3346
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3347
dret = 0;
3348
}
3349
if((dret == -1) and (errno != ENOENT)){
3350
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3351
direntries[i]->d_name, strerror(errno));
3352
}
3353
}
3354
free(direntries[i]);
3355
}
3356
3357
/* need to clean even if 0 because man page doesn't specify */
3358
free(direntries);
3359
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3360
if(dret == -1 and errno != ENOENT){
3361
perror_plus("rmdir");
3362
}
3363
} else {
3364
perror_plus("scandirat");
3365
}
3366
close(dir_fd);
3367
}
3368
3369
3046
/* Removes the GPGME temp directory and all files inside */
3370
3047
if(tempdir != NULL){
3371
clean_dir_at(-1, tempdir, 0);
3048
struct dirent **direntries = NULL;
3049
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3050
| O_NOFOLLOW
3051
| O_DIRECTORY
3052
| O_PATH));
3053
if(tempdir_fd == -1){
3054
perror_plus("open");
3055
} else {
3056
#ifdef __GLIBC__
3057
#if __GLIBC_PREREQ(2, 15)
3058
int numentries = scandirat(tempdir_fd, ".", &direntries,
3059
notdotentries, alphasort);
3060
#else /* not __GLIBC_PREREQ(2, 15) */
3061
int numentries = scandir(tempdir, &direntries, notdotentries,
3062
alphasort);
3063
#endif /* not __GLIBC_PREREQ(2, 15) */
3064
#else /* not __GLIBC__ */
3065
int numentries = scandir(tempdir, &direntries, notdotentries,
3066
alphasort);
3067
#endif /* not __GLIBC__ */
3068
if(numentries >= 0){
3069
for(int i = 0; i < numentries; i++){
3070
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
3071
if(ret == -1){
3072
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
3073
" \"%s\", 0): %s\n", tempdir,
3074
direntries[i]->d_name, strerror(errno));
3075
}
3076
free(direntries[i]);
3077
}
3078
3079
/* need to clean even if 0 because man page doesn't specify */
3080
free(direntries);
3081
if(numentries == -1){
3082
perror_plus("scandir");
3083
}
3084
ret = rmdir(tempdir);
3085
if(ret == -1 and errno != ENOENT){
3086
perror_plus("rmdir");
3087
}
3088
}
3089
close(tempdir_fd);
3090
}
3372
3091
}
3373
3092
3374
3093
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0