To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 810
- compare with another revision
- download diff
- download tarball
- view history from revision 810
- Committer: Teddy Hogeborn
- Date: 2016-02-28 20:26:27 UTC
- Revision ID: teddy@recompile.se-20160228202627-vls5dia6repq6ks2
Depend on the GNU C Library 2.16 or later
* INSTALL: Document dependency.
* plugin-runner.c: Remove #ifdefs for scandirat() and adding of
-Wsign-conversion for FD_SET, FD_CLR, and FD_ISSET.
* plugins.d/mandos-client.c: - '' -
* INSTALL: Document dependency.
* plugin-runner.c: Remove #ifdefs for scandirat() and adding of
-Wsign-conversion for FD_SET, FD_CLR, and FD_ISSET.
* plugins.d/mandos-client.c: - '' -
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2018 Teddy Hogeborn
13
* Copyright © 2008-2018 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2016 Teddy Hogeborn
13
* Copyright © 2008-2016 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
23
21
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
22
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
23
* General Public License for more details.
26
24
*
27
25
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
29
28
*
30
29
* Contact the authors at <mandos@recompile.se>.
31
30
*/
48
47
strtof(), abort() */
49
48
#include <stdbool.h> /* bool, false, true */
50
49
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
50
asprintf(), strncpy() */
53
51
#include <sys/ioctl.h> /* ioctl */
54
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
53
sockaddr_in6, PF_INET6,
59
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
58
inet_pton(), connect(),
61
59
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
#include <fcntl.h> /* open(), unlinkat() */
63
61
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
62
*/
65
63
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
64
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
65
#include <errno.h> /* perror(), errno,
72
66
program_invocation_short_name */
73
67
#include <time.h> /* nanosleep(), time(), sleep() */
74
68
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
356
350
/* Create new GPGME "context" */
357
351
rc = gpgme_new(&(mc->ctx));
358
352
if(rc != GPG_ERR_NO_ERROR){
359
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
360
gpgme_strsource(rc), gpgme_strerror(rc));
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
361
356
return false;
362
357
}
363
358
399
394
/* Create new empty GPGME data buffer for the plaintext */
400
395
rc = gpgme_data_new(&dh_plain);
401
396
if(rc != GPG_ERR_NO_ERROR){
402
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
403
399
gpgme_strsource(rc), gpgme_strerror(rc));
404
400
gpgme_data_release(dh_crypto);
405
401
return -1;
418
414
if(result == NULL){
419
415
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
420
416
} else {
421
if(result->unsupported_algorithm != NULL) {
422
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
423
result->unsupported_algorithm);
424
}
425
fprintf_plus(stderr, "Wrong key usage: %s\n",
426
result->wrong_key_usage ? "Yes" : "No");
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
427
421
if(result->file_name != NULL){
428
422
fprintf_plus(stderr, "File name: %s\n", result->file_name);
429
423
}
519
513
fprintf_plus(stderr, "GnuTLS: %s", string);
520
514
}
521
515
522
__attribute__((nonnull(1, 2, 4), warn_unused_result))
516
__attribute__((nonnull, warn_unused_result))
523
517
static int init_gnutls_global(const char *pubkeyfilename,
524
518
const char *seckeyfilename,
525
519
const char *dhparamsfilename,
531
525
fprintf_plus(stderr, "Initializing GnuTLS\n");
532
526
}
533
527
528
ret = gnutls_global_init();
529
if(ret != GNUTLS_E_SUCCESS){
530
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
531
safer_gnutls_strerror(ret));
532
return -1;
533
}
534
534
535
if(debug){
535
536
/* "Use a log level over 10 to enable all debugging options."
536
537
* - GnuTLS manual
544
545
if(ret != GNUTLS_E_SUCCESS){
545
546
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
546
547
safer_gnutls_strerror(ret));
548
gnutls_global_deinit();
547
549
return -1;
548
550
}
549
551
613
615
}
614
616
params.size += (unsigned int)bytes_read;
615
617
}
616
ret = close(dhpfile);
617
if(ret == -1){
618
perror_plus("close");
619
}
620
618
if(params.data == NULL){
621
619
dhparamsfilename = NULL;
622
620
}
631
629
safer_gnutls_strerror(ret));
632
630
dhparamsfilename = NULL;
633
631
}
634
free(params.data);
635
632
} while(false);
636
633
}
637
634
if(dhparamsfilename == NULL){
758
755
globalfail:
759
756
760
757
gnutls_certificate_free_credentials(mc->cred);
758
gnutls_global_deinit();
761
759
gnutls_dh_params_deinit(mc->dh_params);
762
760
return -1;
763
761
}
824
822
825
823
/* Set effective uid to 0, return errno */
826
824
__attribute__((warn_unused_result))
827
int raise_privileges(void){
828
int old_errno = errno;
829
int ret = 0;
825
error_t raise_privileges(void){
826
error_t old_errno = errno;
827
error_t ret_errno = 0;
830
828
if(seteuid(0) == -1){
831
ret = errno;
829
ret_errno = errno;
832
830
}
833
831
errno = old_errno;
834
return ret;
832
return ret_errno;
835
833
}
836
834
837
835
/* Set effective and real user ID to 0. Return errno. */
838
836
__attribute__((warn_unused_result))
839
int raise_privileges_permanently(void){
840
int old_errno = errno;
841
int ret = raise_privileges();
842
if(ret != 0){
837
error_t raise_privileges_permanently(void){
838
error_t old_errno = errno;
839
error_t ret_errno = raise_privileges();
840
if(ret_errno != 0){
843
841
errno = old_errno;
844
return ret;
842
return ret_errno;
845
843
}
846
844
if(setuid(0) == -1){
847
ret = errno;
845
ret_errno = errno;
848
846
}
849
847
errno = old_errno;
850
return ret;
848
return ret_errno;
851
849
}
852
850
853
851
/* Set effective user ID to unprivileged saved user ID */
854
852
__attribute__((warn_unused_result))
855
int lower_privileges(void){
856
int old_errno = errno;
857
int ret = 0;
853
error_t lower_privileges(void){
854
error_t old_errno = errno;
855
error_t ret_errno = 0;
858
856
if(seteuid(uid) == -1){
859
ret = errno;
857
ret_errno = errno;
860
858
}
861
859
errno = old_errno;
862
return ret;
860
return ret_errno;
863
861
}
864
862
865
863
/* Lower privileges permanently */
866
864
__attribute__((warn_unused_result))
867
int lower_privileges_permanently(void){
868
int old_errno = errno;
869
int ret = 0;
865
error_t lower_privileges_permanently(void){
866
error_t old_errno = errno;
867
error_t ret_errno = 0;
870
868
if(setuid(uid) == -1){
871
ret = errno;
869
ret_errno = errno;
872
870
}
873
871
errno = old_errno;
874
return ret;
872
return ret_errno;
875
873
}
876
874
877
875
/* Helper function to add_local_route() and delete_local_route() */
1084
1082
bool match = false;
1085
1083
{
1086
1084
char *interface = NULL;
1087
while((interface = argz_next(mc->interfaces,
1088
mc->interfaces_size,
1089
interface))){
1085
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
1086
interface))){
1090
1087
if(if_nametoindex(interface) == (unsigned int)if_index){
1091
1088
match = true;
1092
1089
break;
1245
1242
with an explicit route added with the server's address.
1246
1243
1247
1244
Avahi bug reference:
1248
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1245
http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1249
1246
https://bugs.debian.org/587961
1250
1247
*/
1251
1248
if(debug){
1431
1428
&decrypted_buffer, mc);
1432
1429
if(decrypted_buffer_size >= 0){
1433
1430
1434
clearerr(stdout);
1435
1431
written = 0;
1436
1432
while(written < (size_t) decrypted_buffer_size){
1437
1433
if(quit_now){
1453
1449
}
1454
1450
written += (size_t)ret;
1455
1451
}
1456
ret = fflush(stdout);
1457
if(ret != 0){
1458
int e = errno;
1459
if(debug){
1460
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1461
strerror(errno));
1462
}
1463
errno = e;
1464
goto mandos_end;
1465
}
1466
1452
retval = 0;
1467
1453
}
1468
1454
}
1499
1485
return retval;
1500
1486
}
1501
1487
1488
__attribute__((nonnull))
1502
1489
static void resolve_callback(AvahiSServiceResolver *r,
1503
1490
AvahiIfIndex interface,
1504
1491
AvahiProtocol proto,
1641
1628
__attribute__((nonnull, warn_unused_result))
1642
1629
bool get_flags(const char *ifname, struct ifreq *ifr){
1643
1630
int ret;
1644
int old_errno;
1631
error_t ret_errno;
1645
1632
1646
1633
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1647
1634
if(s < 0){
1648
old_errno = errno;
1635
ret_errno = errno;
1649
1636
perror_plus("socket");
1650
errno = old_errno;
1637
errno = ret_errno;
1651
1638
return false;
1652
1639
}
1653
1640
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1655
1642
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1656
1643
if(ret == -1){
1657
1644
if(debug){
1658
old_errno = errno;
1645
ret_errno = errno;
1659
1646
perror_plus("ioctl SIOCGIFFLAGS");
1660
errno = old_errno;
1661
}
1662
if((close(s) == -1) and debug){
1663
old_errno = errno;
1664
perror_plus("close");
1665
errno = old_errno;
1647
errno = ret_errno;
1666
1648
}
1667
1649
return false;
1668
1650
}
1669
if((close(s) == -1) and debug){
1670
old_errno = errno;
1671
perror_plus("close");
1672
errno = old_errno;
1673
}
1674
1651
return true;
1675
1652
}
1676
1653
1937
1914
return;
1938
1915
}
1939
1916
}
1940
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1941
if(devnull == -1){
1942
perror_plus("open(\"/dev/null\", O_RDONLY)");
1943
return;
1944
}
1945
1917
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1946
1918
runnable_hook, alphasort);
1947
1919
if(numhooks == -1){
1948
1920
perror_plus("scandir");
1949
close(devnull);
1950
1921
return;
1951
1922
}
1952
1923
struct dirent *direntry;
1953
1924
int ret;
1925
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1926
if(devnull == -1){
1927
perror_plus("open(\"/dev/null\", O_RDONLY)");
1928
return;
1929
}
1954
1930
for(int i = 0; i < numhooks; i++){
1955
1931
direntry = direntries[i];
1956
1932
if(debug){
2100
2076
}
2101
2077
2102
2078
__attribute__((nonnull, warn_unused_result))
2103
int bring_up_interface(const char *const interface,
2104
const float delay){
2105
int old_errno = errno;
2079
error_t bring_up_interface(const char *const interface,
2080
const float delay){
2081
error_t old_errno = errno;
2106
2082
int ret;
2107
2083
struct ifreq network;
2108
2084
unsigned int if_index = if_nametoindex(interface);
2118
2094
}
2119
2095
2120
2096
if(not interface_is_up(interface)){
2121
int ret_errno = 0;
2122
int ioctl_errno = 0;
2097
error_t ret_errno = 0, ioctl_errno = 0;
2123
2098
if(not get_flags(interface, &network)){
2124
2099
ret_errno = errno;
2125
2100
fprintf_plus(stderr, "Failed to get flags for interface "
2212
2187
2213
2188
/* Sleep checking until interface is running.
2214
2189
Check every 0.25s, up to total time of delay */
2215
for(int i = 0; i < delay * 4; i++){
2190
for(int i=0; i < delay * 4; i++){
2216
2191
if(interface_is_running(interface)){
2217
2192
break;
2218
2193
}
2228
2203
}
2229
2204
2230
2205
__attribute__((nonnull, warn_unused_result))
2231
int take_down_interface(const char *const interface){
2232
int old_errno = errno;
2206
error_t take_down_interface(const char *const interface){
2207
error_t old_errno = errno;
2233
2208
struct ifreq network;
2234
2209
unsigned int if_index = if_nametoindex(interface);
2235
2210
if(if_index == 0){
2238
2213
return ENXIO;
2239
2214
}
2240
2215
if(interface_is_up(interface)){
2241
int ret_errno = 0;
2242
int ioctl_errno = 0;
2216
error_t ret_errno = 0, ioctl_errno = 0;
2243
2217
if(not get_flags(interface, &network) and debug){
2244
2218
ret_errno = errno;
2245
2219
fprintf_plus(stderr, "Failed to get flags for interface "
2495
2469
.args_doc = "",
2496
2470
.doc = "Mandos client -- Get and decrypt"
2497
2471
" passwords from a Mandos server" };
2498
ret_errno = argp_parse(&argp, argc, argv,
2499
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2500
switch(ret_errno){
2472
ret = argp_parse(&argp, argc, argv,
2473
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2474
switch(ret){
2501
2475
case 0:
2502
2476
break;
2503
2477
case ENOMEM:
2504
2478
default:
2505
errno = ret_errno;
2479
errno = ret;
2506
2480
perror_plus("argp_parse");
2507
2481
exitcode = EX_OSERR;
2508
2482
goto end;
2514
2488
2515
2489
{
2516
2490
/* Work around Debian bug #633582:
2517
<https://bugs.debian.org/633582> */
2491
<http://bugs.debian.org/633582> */
2518
2492
2519
2493
/* Re-raise privileges */
2520
ret = raise_privileges();
2521
if(ret != 0){
2522
errno = ret;
2494
ret_errno = raise_privileges();
2495
if(ret_errno != 0){
2496
errno = ret_errno;
2523
2497
perror_plus("Failed to raise privileges");
2524
2498
} else {
2525
2499
struct stat st;
2589
2563
}
2590
2564
2591
2565
/* Lower privileges */
2592
ret = lower_privileges();
2593
if(ret != 0){
2594
errno = ret;
2566
ret_errno = lower_privileges();
2567
if(ret_errno != 0){
2568
errno = ret_errno;
2595
2569
perror_plus("Failed to lower privileges");
2596
2570
}
2597
2571
}
2925
2899
2926
2900
/* Allocate a new server */
2927
2901
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2928
&config, NULL, NULL, &ret);
2902
&config, NULL, NULL, &ret_errno);
2929
2903
2930
2904
/* Free the Avahi configuration data */
2931
2905
avahi_server_config_free(&config);
2934
2908
/* Check if creating the Avahi server object succeeded */
2935
2909
if(mc.server == NULL){
2936
2910
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2937
avahi_strerror(ret));
2911
avahi_strerror(ret_errno));
2938
2912
exitcode = EX_UNAVAILABLE;
2939
2913
goto end;
2940
2914
}
2975
2949
end:
2976
2950
2977
2951
if(debug){
2978
if(signal_received){
2979
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2980
argv[0], signal_received,
2981
strsignal(signal_received));
2982
} else {
2983
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2984
}
2952
fprintf_plus(stderr, "%s exiting\n", argv[0]);
2985
2953
}
2986
2954
2987
2955
/* Cleanup things */
2998
2966
2999
2967
if(gnutls_initialized){
3000
2968
gnutls_certificate_free_credentials(mc.cred);
2969
gnutls_global_deinit();
3001
2970
gnutls_dh_params_deinit(mc.dh_params);
3002
2971
}
3003
2972
3026
2995
3027
2996
/* Re-raise privileges */
3028
2997
{
3029
ret = raise_privileges();
3030
if(ret != 0){
3031
errno = ret;
2998
ret_errno = raise_privileges();
2999
if(ret_errno != 0){
3000
errno = ret_errno;
3032
3001
perror_plus("Failed to raise privileges");
3033
3002
} else {
3034
3003
3039
3008
/* Take down the network interfaces which were brought up */
3040
3009
{
3041
3010
char *interface = NULL;
3042
while((interface = argz_next(interfaces_to_take_down,
3043
interfaces_to_take_down_size,
3044
interface))){
3045
ret = take_down_interface(interface);
3046
if(ret != 0){
3047
errno = ret;
3011
while((interface=argz_next(interfaces_to_take_down,
3012
interfaces_to_take_down_size,
3013
interface))){
3014
ret_errno = take_down_interface(interface);
3015
if(ret_errno != 0){
3016
errno = ret_errno;
3048
3017
perror_plus("Failed to take down interface");
3049
3018
}
3050
3019
}
3055
3024
}
3056
3025
}
3057
3026
3058
ret = lower_privileges_permanently();
3059
if(ret != 0){
3060
errno = ret;
3027
ret_errno = lower_privileges_permanently();
3028
if(ret_errno != 0){
3029
errno = ret_errno;
3061
3030
perror_plus("Failed to lower privileges permanently");
3062
3031
}
3063
3032
}
3065
3034
free(interfaces_to_take_down);
3066
3035
free(interfaces_hooks);
3067
3036
3068
void clean_dir_at(int base, const char * const dirname,
3069
uintmax_t level){
3070
struct dirent **direntries = NULL;
3071
int dret;
3072
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3073
O_RDONLY
3074
| O_NOFOLLOW
3075
| O_DIRECTORY
3076
| O_PATH));
3077
if(dir_fd == -1){
3078
perror_plus("open");
3079
return;
3080
}
3081
int numentries = scandirat(dir_fd, ".", &direntries,
3082
notdotentries, alphasort);
3083
if(numentries >= 0){
3084
for(int i = 0; i < numentries; i++){
3085
if(debug){
3086
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3087
dirname, direntries[i]->d_name);
3088
}
3089
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3090
if(dret == -1){
3091
if(errno == EISDIR){
3092
dret = unlinkat(dir_fd, direntries[i]->d_name,
3093
AT_REMOVEDIR);
3094
}
3095
if((dret == -1) and (errno == ENOTEMPTY)
3096
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3097
== 0) and (level == 0)){
3098
/* Recurse only in this special case */
3099
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3100
dret = 0;
3101
}
3102
if((dret == -1) and (errno != ENOENT)){
3103
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3104
direntries[i]->d_name, strerror(errno));
3105
}
3106
}
3107
free(direntries[i]);
3108
}
3109
3110
/* need to clean even if 0 because man page doesn't specify */
3111
free(direntries);
3112
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3113
if(dret == -1 and errno != ENOENT){
3114
perror_plus("rmdir");
3115
}
3116
} else {
3117
perror_plus("scandirat");
3118
}
3119
close(dir_fd);
3120
}
3121
3122
3037
/* Removes the GPGME temp directory and all files inside */
3123
3038
if(tempdir != NULL){
3124
clean_dir_at(-1, tempdir, 0);
3039
struct dirent **direntries = NULL;
3040
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY
3041
| O_NOFOLLOW
3042
| O_DIRECTORY
3043
| O_PATH));
3044
if(tempdir_fd == -1){
3045
perror_plus("open");
3046
} else {
3047
int numentries = scandirat(tempdir_fd, ".", &direntries,
3048
notdotentries, alphasort);
3049
if(numentries >= 0){
3050
for(int i = 0; i < numentries; i++){
3051
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
3052
if(ret == -1){
3053
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
3054
" \"%s\", 0): %s\n", tempdir,
3055
direntries[i]->d_name, strerror(errno));
3056
}
3057
free(direntries[i]);
3058
}
3059
3060
/* need to clean even if 0 because man page doesn't specify */
3061
free(direntries);
3062
if(numentries == -1){
3063
perror_plus("scandir");
3064
}
3065
ret = rmdir(tempdir);
3066
if(ret == -1 and errno != ENOENT){
3067
perror_plus("rmdir");
3068
}
3069
}
3070
close(tempdir_fd);
3071
}
3125
3072
}
3126
3073
3127
3074
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0