/mandos/trunk : revision 833

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2016-03-17 20:40:55 UTC
Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu

Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.

files added:
initramfs-tools-hook-conf

files removed:
debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

* "browse_callback", and parts of "main".

* Everything else is

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _FILE_OFFSET_BITS 64

#endif /* not _FILE_OFFSET_BITS */

#define _GNU_SOURCE /* program_invocation_short_name,

TEMP_FAILURE_RETRY(), O_CLOEXEC,

scandirat(), asprintf() */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t, intptr_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),

strtof(), abort() */

#include <stdbool.h> /* bool, false, true */

#include <argp.h> /* argp_program_version,

argp_program_bug_address,

struct argp_option,

struct argp_state, argp_error(),

argp_state_help,

ARGP_HELP_STD_HELP,

ARGP_HELP_EXIT_ERR,

ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,

argp_err_exit_status,

ARGP_ERR_UNKNOWN, struct argp,

argp_parse(), ARGP_IN_ORDER,

ARGP_NO_HELP */

#include <stddef.h> /* NULL, size_t */

#include <sys/types.h> /* uid_t, gid_t, sig_atomic_t,

seteuid(), setuid(), pid_t,

setgid(), getuid(), getgid() */

#include <unistd.h> /* uid_t, gid_t, TEMP_FAILURE_RETRY(),

seteuid(), setuid(), close(),

ssize_t, read(), fork(), setgid(),

_exit(), dup2(), STDIN_FILENO,

STDERR_FILENO, STDOUT_FILENO,

fexecve(), write(), getuid(),

getgid(), fchown(), symlink(),

sleep(), unlinkat(), pause() */

#include <netinet/in.h> /* in_port_t, struct sockaddr_in6,

sa_family_t, struct sockaddr_in,

htons(), IN6_IS_ADDR_LINKLOCAL,

INET_ADDRSTRLEN, INET6_ADDRSTRLEN,

ntohl(), IPPROTO_IP */

#include <time.h> /* struct timespec, clock_gettime(),

CLOCK_MONOTONIC, time_t, struct tm,

gmtime_r(), clock_settime(),

CLOCK_REALTIME, nanosleep() */

#include <errno.h> /* errno,

program_invocation_short_name,

EINTR, EINVAL, ENETUNREACH,

#include <string.h> /* strcmp(), strlen(), strerror(),

asprintf(), strncpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, uid_t, gid_t, open(),

opendir(), DIR */

#include <sys/stat.h> /* open(), S_ISREG */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

inet_pton(), connect(),

getnameinfo() */

#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */

#include <dirent.h> /* opendir(), struct dirent, readdir()

#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,

strtoimax() */

#include <errno.h> /* perror(), errno, EINTR, EINVAL,

EAI_SYSTEM, ENETUNREACH,

EHOSTUNREACH, ECONNREFUSED, EPROTO,

EIO, ENOENT, ENXIO, error_t,

ENOMEM, EISDIR, ENOTEMPTY */

#include <stdio.h> /* fprintf(), stderr, perror(), FILE,

vfprintf(), off_t, SEEK_SET,

stdout, fwrite(), ferror(),

fflush(), asprintf() */

#include <stdarg.h> /* va_list, va_start(), vfprintf() */

#include <stdlib.h> /* realloc(), free(), malloc(),

getenv(), EXIT_FAILURE, setenv(),

EXIT_SUCCESS, strtof(), strtod(),

srand(), mkdtemp(), abort() */

#include <string.h> /* strdup(), strcmp(), strlen(),

strerror(), strncpy(), strspn(),

memcpy(), strrchr(), strchr(),

strsignal() */

#include <fcntl.h> /* open(), O_RDONLY, O_DIRECTORY,

O_PATH, O_CLOEXEC, openat(),

O_NOFOLLOW, AT_REMOVEDIR */

100

#include <iso646.h> /* or, and, not */

101

#include <sys/stat.h> /* struct stat, fstat(), fstatat(),

102

S_ISREG(), S_IXUSR, S_IXGRP,

103

S_IXOTH, lstat() */

104

#include <net/if.h> /* IF_NAMESIZE, if_indextoname(),

105

if_nametoindex(), SIOCGIFFLAGS,

106

IFF_LOOPBACK, IFF_POINTOPOINT,

107

IFF_BROADCAST, IFF_NOARP, IFF_UP,

108

IFF_RUNNING, SIOCSIFFLAGS */

109

#include <sysexits.h> /* EX_NOPERM, EX_OSERR,

110

EX_UNAVAILABLE, EX_USAGE */

EIO, ENOENT, ENXIO, ENOMEM, EISDIR,

ENOTEMPTY,

program_invocation_short_name */

#include <time.h> /* nanosleep(), time(), sleep() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,

INET_ADDRSTRLEN, INET6_ADDRSTRLEN

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), seteuid(),

setgid(), pause(), _exit(),

unlinkat() */

#include <arpa/inet.h> /* inet_pton(), htons() */

#include <iso646.h> /* not, or, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

#include <signal.h> /* sigemptyset(), sigaddset(),

sigaction(), SIGTERM, sig_atomic_t,

raise() */

#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,

EX_NOHOST, EX_IOERR, EX_PROTOCOL */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS(), WTERMSIG() */

111

#include <grp.h> /* setgroups() */

112

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

113

WEXITSTATUS(), WIFSIGNALED(),

114

WTERMSIG() */

115

#include <signal.h> /* kill(), SIGTERM, struct sigaction,

116

SIG_DFL, sigemptyset(),

117

sigaddset(), SIGINT, SIGHUP,

118

SIG_IGN, raise() */

119

#include <sys/socket.h> /* struct sockaddr_storage, AF_INET6,

120

PF_INET6, AF_INET, PF_INET,

121

socket(), SOCK_STREAM,

122

SOCK_CLOEXEC, struct sockaddr,

123

connect(), SOCK_DGRAM */

124

#include <argz.h> /* argz_next(), argz_add_sep(),

125

argz_delete(), argz_stringify(),

126

argz_add(), argz_count() */

127

#include <inttypes.h> /* PRIuMAX, uintmax_t, uint32_t,

128

PRIdMAX, PRIu16, intmax_t,

129

strtoimax() */

130

#include <arpa/inet.h> /* inet_pton() */

131

#include <stdint.h> /* uint32_t, intptr_t, uint16_t */

#include <argz.h> /* argz_add_sep(), argz_next(),

argz_delete(), argz_append(),

argz_stringify(), argz_add(),

argz_count() */

132

100

#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,

133

101

EAI_SYSTEM, gai_strerror() */

134

#include <sys/ioctl.h> /* ioctl() */

135

#include <dirent.h> /* struct dirent, scandirat(),

136

alphasort(), scandir() */

137

#include <limits.h> /* INT_MAX */

138

102

139

103

#ifdef __linux__

140

104

#include <sys/klog.h> /* klogctl() */

153

117

154

118

/* GnuTLS */

155

119

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

156

functions: gnutls_*, GNUTLS_* */

157

#if GNUTLS_VERSION_NUMBER < 0x030600

120

functions:

121

gnutls_*

122

init_gnutls_session(),

123

GNUTLS_* */

158

124

#include <gnutls/openpgp.h>

159

125

/* gnutls_certificate_set_openpgp_key_file(),

160

126

GNUTLS_OPENPGP_FMT_BASE64 */

161

#elif GNUTLS_VERSION_NUMBER >= 0x030606

162

#include <gnutls/x509.h> /* GNUTLS_PKCS_PLAIN,

163

GNUTLS_PKCS_NULL_PASSWORD */

164

#endif

165

127

166

128

/* GPGME */

167

129

#include <gpgme.h> /* All GPGME types, constants and

168

130

functions:

169

gpgme_*, GPG_ERR_NO_*,

170

GPGME_IMPORT_*

171

GPGME_PROTOCOL_OpenPGP */

131

gpgme_*

132

GPGME_PROTOCOL_OpenPGP,

133

GPG_ERR_NO_* */

172

134

173

135

#define BUFFER_SIZE 256

174

136

175

137

#define PATHDIR "/conf/conf.d/mandos"

176

138

#define SECKEY "seckey.txt"

177

139

#define PUBKEY "pubkey.txt"

178

#define TLS_PRIVKEY "tls-privkey.pem"

179

#define TLS_PUBKEY "tls-pubkey.pem"

180

140

#define HOOKDIR "/lib/mandos/network-hooks.d"

181

141

182

142

bool debug = false;

310

270

return true;

311

271

}

312

272

313

/* Set effective uid to 0, return errno */

314

__attribute__((warn_unused_result))

315

int raise_privileges(void){

316

int old_errno = errno;

317

int ret = 0;

318

if(seteuid(0) == -1){

319

ret = errno;

320

}

321

errno = old_errno;

322

return ret;

323

}

324

325

/* Set effective and real user ID to 0. Return errno. */

326

__attribute__((warn_unused_result))

327

int raise_privileges_permanently(void){

328

int old_errno = errno;

329

int ret = raise_privileges();

330

if(ret != 0){

331

errno = old_errno;

332

return ret;

333

}

334

if(setuid(0) == -1){

335

ret = errno;

336

}

337

errno = old_errno;

338

return ret;

339

}

340

341

/* Set effective user ID to unprivileged saved user ID */

342

__attribute__((warn_unused_result))

343

int lower_privileges(void){

344

int old_errno = errno;

345

int ret = 0;

346

if(seteuid(uid) == -1){

347

ret = errno;

348

}

349

errno = old_errno;

350

return ret;

351

}

352

353

/* Lower privileges permanently */

354

__attribute__((warn_unused_result))

355

int lower_privileges_permanently(void){

356

int old_errno = errno;

357

int ret = 0;

358

if(setuid(uid) == -1){

359

ret = errno;

360

}

361

errno = old_errno;

362

return ret;

363

}

364

365

273

366

274

* Initialize GPGME.

367

275

387

295

return false;

388

296

}

389

297

390

/* Workaround for systems without a real-time clock; see also

391

Debian bug #894495: <https://bugs.debian.org/894495> */

392

do {

393

{

394

time_t currtime = time(NULL);

395

if(currtime != (time_t)-1){

396

struct tm tm;

397

if(gmtime_r(&currtime, &tm) == NULL) {

398

perror_plus("gmtime_r");

399

break;

400

}

401

if(tm.tm_year != 70 or tm.tm_mon != 0){

402

break;

403

}

404

if(debug){

405

fprintf_plus(stderr, "System clock is January 1970");

406

}

407

} else {

408

if(debug){

409

fprintf_plus(stderr, "System clock is invalid");

410

}

411

}

412

}

413

struct stat keystat;

414

ret = fstat(fd, &keystat);

415

if(ret != 0){

416

perror_plus("fstat");

417

break;

418

}

419

ret = raise_privileges();

420

if(ret != 0){

421

errno = ret;

422

perror_plus("Failed to raise privileges");

423

break;

424

}

425

if(debug){

426

fprintf_plus(stderr,

427

"Setting system clock to key file mtime");

428

}

429

if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){

430

perror_plus("clock_settime");

431

}

432

ret = lower_privileges();

433

if(ret != 0){

434

errno = ret;

435

perror_plus("Failed to lower privileges");

436

}

437

} while(false);

438

439

298

rc = gpgme_data_new_from_fd(&pgp_data, fd);

440

299

if(rc != GPG_ERR_NO_ERROR){

441

300

fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

449

308

gpgme_strsource(rc), gpgme_strerror(rc));

450

309

return false;

451

310

}

452

{

453

gpgme_import_result_t import_result

454

= gpgme_op_import_result(mc->ctx);

455

if((import_result->imported < 1

456

or import_result->not_imported > 0)

457

and import_result->unchanged == 0){

458

fprintf_plus(stderr, "bad gpgme_op_import_results:\n");

459

fprintf_plus(stderr,

460

"The total number of considered keys: %d\n",

461

import_result->considered);

462

fprintf_plus(stderr,

463

"The number of keys without user ID: %d\n",

464

import_result->no_user_id);

465

fprintf_plus(stderr,

466

"The total number of imported keys: %d\n",

467

import_result->imported);

468

fprintf_plus(stderr, "The number of imported RSA keys: %d\n",

469

import_result->imported_rsa);

470

fprintf_plus(stderr, "The number of unchanged keys: %d\n",

471

import_result->unchanged);

472

fprintf_plus(stderr, "The number of new user IDs: %d\n",

473

import_result->new_user_ids);

474

fprintf_plus(stderr, "The number of new sub keys: %d\n",

475

import_result->new_sub_keys);

476

fprintf_plus(stderr, "The number of new signatures: %d\n",

477

import_result->new_signatures);

478

fprintf_plus(stderr, "The number of new revocations: %d\n",

479

import_result->new_revocations);

480

fprintf_plus(stderr,

481

"The total number of secret keys read: %d\n",

482

import_result->secret_read);

483

fprintf_plus(stderr,

484

"The number of imported secret keys: %d\n",

485

import_result->secret_imported);

486

fprintf_plus(stderr,

487

"The number of unchanged secret keys: %d\n",

488

import_result->secret_unchanged);

489

fprintf_plus(stderr, "The number of keys not imported: %d\n",

490

import_result->not_imported);

491

for(gpgme_import_status_t import_status

492

= import_result->imports;

493

import_status != NULL;

494

import_status = import_status->next){

495

fprintf_plus(stderr, "Import status for key: %s\n",

496

import_status->fpr);

497

if(import_status->result != GPG_ERR_NO_ERROR){

498

fprintf_plus(stderr, "Import result: %s: %s\n",

499

gpgme_strsource(import_status->result),

500

gpgme_strerror(import_status->result));

501

}

502

fprintf_plus(stderr, "Key status:\n");

503

fprintf_plus(stderr,

504

import_status->status & GPGME_IMPORT_NEW

505

? "The key was new.\n"

506

: "The key was not new.\n");

507

fprintf_plus(stderr,

508

import_status->status & GPGME_IMPORT_UID

509

? "The key contained new user IDs.\n"

510

: "The key did not contain new user IDs.\n");

511

fprintf_plus(stderr,

512

import_status->status & GPGME_IMPORT_SIG

513

? "The key contained new signatures.\n"

514

: "The key did not contain new signatures.\n");

515

fprintf_plus(stderr,

516

import_status->status & GPGME_IMPORT_SUBKEY

517

? "The key contained new sub keys.\n"

518

: "The key did not contain new sub keys.\n");

519

fprintf_plus(stderr,

520

import_status->status & GPGME_IMPORT_SECRET

521

? "The key contained a secret key.\n"

522

: "The key did not contain a secret key.\n");

523

}

524

return false;

525

}

526

}

527

311

528

312

ret = close(fd);

529

313

if(ret == -1){

570

354

/* Create new GPGME "context" */

571

355

rc = gpgme_new(&(mc->ctx));

572

356

if(rc != GPG_ERR_NO_ERROR){

573

fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",

574

gpgme_strsource(rc), gpgme_strerror(rc));

357

fprintf_plus(stderr, "Mandos plugin mandos-client: "

358

"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),

359

gpgme_strerror(rc));

575

360

return false;

576

361

}

577

362

613

398

/* Create new empty GPGME data buffer for the plaintext */

614

399

rc = gpgme_data_new(&dh_plain);

615

400

if(rc != GPG_ERR_NO_ERROR){

616

fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",

401

fprintf_plus(stderr, "Mandos plugin mandos-client: "

402

"bad gpgme_data_new: %s: %s\n",

617

403

gpgme_strsource(rc), gpgme_strerror(rc));

618

404

gpgme_data_release(dh_crypto);

619

405

return -1;

632

418

if(result == NULL){

633

419

fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");

634

420

} else {

635

if(result->unsupported_algorithm != NULL) {

636

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

637

result->unsupported_algorithm);

638

}

639

fprintf_plus(stderr, "Wrong key usage: %s\n",

640

result->wrong_key_usage ? "Yes" : "No");

421

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

422

result->unsupported_algorithm);

423

fprintf_plus(stderr, "Wrong key usage: %u\n",

424

result->wrong_key_usage);

641

425

if(result->file_name != NULL){

642

426

fprintf_plus(stderr, "File name: %s\n", result->file_name);

643

427

}

644

645

for(gpgme_recipient_t r = result->recipients; r != NULL;

646

r = r->next){

428

gpgme_recipient_t recipient;

429

recipient = result->recipients;

430

while(recipient != NULL){

647

431

fprintf_plus(stderr, "Public key algorithm: %s\n",

648

gpgme_pubkey_algo_name(r->pubkey_algo));

649

fprintf_plus(stderr, "Key ID: %s\n", r->keyid);

432

gpgme_pubkey_algo_name

433

(recipient->pubkey_algo));

434

fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);

650

435

fprintf_plus(stderr, "Secret key available: %s\n",

651

r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

436

recipient->status == GPG_ERR_NO_SECKEY

437

? "No" : "Yes");

438

recipient = recipient->next;

652

439

}

653

440

}

654

441

}

736

523

const char *dhparamsfilename,

737

524

mandos_context *mc){

738

525

int ret;

526

unsigned int uret;

739

527

740

528

if(debug){

741

529

fprintf_plus(stderr, "Initializing GnuTLS\n");

758

546

}

759

547

760

548

if(debug){

761

fprintf_plus(stderr, "Attempting to use public key %s and"

762

" private key %s as GnuTLS credentials\n",

549

fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"

550

" secret key %s as GnuTLS credentials\n",

763

551

pubkeyfilename,

764

552

seckeyfilename);

765

553

}

766

554

767

#if GNUTLS_VERSION_NUMBER >= 0x030606

768

ret = gnutls_certificate_set_rawpk_key_file

769

(mc->cred, pubkeyfilename, seckeyfilename,

770

GNUTLS_X509_FMT_PEM, /* format */

771

NULL, /* pass */

772

/* key_usage */

773

GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,

774

NULL, /* names */

775

0, /* names_length */

776

/* privkey_flags */

777

GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,

778

0); /* pkcs11_flags */

779

#elif GNUTLS_VERSION_NUMBER < 0x030600

780

555

ret = gnutls_certificate_set_openpgp_key_file

781

556

(mc->cred, pubkeyfilename, seckeyfilename,

782

557

GNUTLS_OPENPGP_FMT_BASE64);

783

#else

784

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

785

#endif

786

558

if(ret != GNUTLS_E_SUCCESS){

787

559

fprintf_plus(stderr,

788

"Error[%d] while reading the key pair ('%s',"

560

"Error[%d] while reading the OpenPGP key pair ('%s',"

789

561

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

790

562

fprintf_plus(stderr, "The GnuTLS error is: %s\n",

791

563

safer_gnutls_strerror(ret));

839

611

}

840

612

params.size += (unsigned int)bytes_read;

841

613

}

842

ret = close(dhpfile);

843

if(ret == -1){

844

perror_plus("close");

845

}

846

614

if(params.data == NULL){

847

615

dhparamsfilename = NULL;

848

616

}

857

625

safer_gnutls_strerror(ret));

858

626

dhparamsfilename = NULL;

859

627

}

860

free(params.data);

861

628

} while(false);

862

629

}

863

630

if(dhparamsfilename == NULL){

864

631

if(mc->dh_bits == 0){

865

#if GNUTLS_VERSION_NUMBER < 0x030600

866

632

/* Find out the optimal number of DH bits */

867

633

/* Try to read the private key file */

868

634

gnutls_datum_t buffer = { .data = NULL, .size = 0 };

948

714

}

949

715

}

950

716

}

951

unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);

717

uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);

952

718

if(uret != 0){

953

719

mc->dh_bits = uret;

954

720

if(debug){

966

732

safer_gnutls_strerror(ret));

967

733

goto globalfail;

968

734

}

969

#endif

970

} else { /* dh_bits != 0 */

971

if(debug){

972

fprintf_plus(stderr, "DH bits explicitly set to %u\n",

973

mc->dh_bits);

974

}

975

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

976

if(ret != GNUTLS_E_SUCCESS){

977

fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"

978

" bits): %s\n", mc->dh_bits,

979

safer_gnutls_strerror(ret));

980

goto globalfail;

981

}

982

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

735

} else if(debug){

736

fprintf_plus(stderr, "DH bits explicitly set to %u\n",

737

mc->dh_bits);

738

}

739

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

740

if(ret != GNUTLS_E_SUCCESS){

741

fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"

742

" bits): %s\n", mc->dh_bits,

743

safer_gnutls_strerror(ret));

744

goto globalfail;

983

745

}

984

746

}

747

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

985

748

986

749

return 0;

987

750

998

761

int ret;

999

762

/* GnuTLS session creation */

1000

763

do {

1001

ret = gnutls_init(session, (GNUTLS_SERVER

1002

#if GNUTLS_VERSION_NUMBER >= 0x030506

1003

| GNUTLS_NO_TICKETS

1004

#endif

1005

#if GNUTLS_VERSION_NUMBER >= 0x030606

1006

| GNUTLS_ENABLE_RAWPK

1007

#endif

1008

));

764

ret = gnutls_init(session, GNUTLS_SERVER);

1009

765

if(quit_now){

1010

766

return -1;

1011

767

}

1059

815

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

1060

816

__attribute__((unused)) const char *txt){}

1061

817

818

/* Set effective uid to 0, return errno */

819

__attribute__((warn_unused_result))

820

int raise_privileges(void){

821

int old_errno = errno;

822

int ret = 0;

823

if(seteuid(0) == -1){

824

ret = errno;

825

}

826

errno = old_errno;

827

return ret;

828

}

829

830

/* Set effective and real user ID to 0. Return errno. */

831

__attribute__((warn_unused_result))

832

int raise_privileges_permanently(void){

833

int old_errno = errno;

834

int ret = raise_privileges();

835

if(ret != 0){

836

errno = old_errno;

837

return ret;

838

}

839

if(setuid(0) == -1){

840

ret = errno;

841

}

842

errno = old_errno;

843

return ret;

844

}

845

846

/* Set effective user ID to unprivileged saved user ID */

847

__attribute__((warn_unused_result))

848

int lower_privileges(void){

849

int old_errno = errno;

850

int ret = 0;

851

if(seteuid(uid) == -1){

852

ret = errno;

853

}

854

errno = old_errno;

855

return ret;

856

}

857

858

/* Lower privileges permanently */

859

__attribute__((warn_unused_result))

860

int lower_privileges_permanently(void){

861

int old_errno = errno;

862

int ret = 0;

863

if(setuid(uid) == -1){

864

ret = errno;

865

}

866

errno = old_errno;

867

return ret;

868

}

869

1062

870

/* Helper function to add_local_route() and delete_local_route() */

1063

871

__attribute__((nonnull, warn_unused_result))

1064

872

static bool add_delete_local_route(const bool add,

1103

911

ret = setgid(0);

1104

912

if(ret == -1){

1105

913

perror_plus("setgid");

1106

close(devnull);

1107

914

_exit(EX_NOPERM);

1108

915

}

1109

916

/* Reset supplementary groups */

1111

918

ret = setgroups(0, NULL);

1112

919

if(ret == -1){

1113

920

perror_plus("setgroups");

1114

close(devnull);

1115

921

_exit(EX_NOPERM);

1116

922

}

1117

923

}

1118

924

ret = dup2(devnull, STDIN_FILENO);

1119

925

if(ret == -1){

1120

926

perror_plus("dup2(devnull, STDIN_FILENO)");

1121

close(devnull);

1122

927

_exit(EX_OSERR);

1123

928

}

1124

929

ret = close(devnull);

1125

930

if(ret == -1){

1126

931

perror_plus("close");

932

_exit(EX_OSERR);

1127

933

}

1128

934

ret = dup2(STDERR_FILENO, STDOUT_FILENO);

1129

935

if(ret == -1){

1164

970

}

1165

971

if(pid == -1){

1166

972

perror_plus("fork");

1167

close(devnull);

1168

973

return false;

1169

974

}

1170

ret = close(devnull);

1171

if(ret == -1){

1172

perror_plus("close");

1173

}

1174

975

int status;

1175

976

pid_t pret = -1;

1176

977

errno = 0;

1276

1077

bool match = false;

1277

1078

{

1278

1079

char *interface = NULL;

1279

while((interface = argz_next(mc->interfaces,

1280

mc->interfaces_size,

1281

interface))){

1080

while((interface=argz_next(mc->interfaces, mc->interfaces_size,

1081

interface))){

1282

1082

if(if_nametoindex(interface) == (unsigned int)if_index){

1283

1083

match = true;

1284

1084

break;

1437

1237

with an explicit route added with the server's address.

1438

1238

1439

1239

Avahi bug reference:

1440

https://lists.freedesktop.org/archives/avahi/2010-February/001833.html

1240

http://lists.freedesktop.org/archives/avahi/2010-February/001833.html

1441

1241

https://bugs.debian.org/587961

1442

1242

1443

1243

if(debug){

1623

1423

&decrypted_buffer, mc);

1624

1424

if(decrypted_buffer_size >= 0){

1625

1425

1626

clearerr(stdout);

1627

1426

written = 0;

1628

1427

while(written < (size_t) decrypted_buffer_size){

1629

1428

if(quit_now){

1645

1444

}

1646

1445

written += (size_t)ret;

1647

1446

}

1648

ret = fflush(stdout);

1649

if(ret != 0){

1650

int e = errno;

1651

if(debug){

1652

fprintf_plus(stderr, "Error writing encrypted data: %s\n",

1653

strerror(errno));

1654

}

1655

errno = e;

1656

goto mandos_end;

1657

}

1658

1447

retval = 0;

1659

1448

}

1660

1449

}

1691

1480

return retval;

1692

1481

}

1693

1482

1483

__attribute__((nonnull))

1694

1484

static void resolve_callback(AvahiSServiceResolver *r,

1695

1485

AvahiIfIndex interface,

1696

1486

AvahiProtocol proto,

1851

1641

perror_plus("ioctl SIOCGIFFLAGS");

1852

1642

errno = old_errno;

1853

1643

}

1854

if((close(s) == -1) and debug){

1855

old_errno = errno;

1856

perror_plus("close");

1857

errno = old_errno;

1858

}

1859

1644

return false;

1860

1645

}

1861

if((close(s) == -1) and debug){

1862

old_errno = errno;

1863

perror_plus("close");

1864

errno = old_errno;

1865

}

1866

1646

return true;

1867

1647

}

1868

1648

2129

1909

return;

2130

1910

}

2131

1911

}

2132

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

2133

if(devnull == -1){

2134

perror_plus("open(\"/dev/null\", O_RDONLY)");

2135

return;

2136

}

2137

1912

int numhooks = scandirat(hookdir_fd, ".", &direntries,

2138

1913

runnable_hook, alphasort);

2139

1914

if(numhooks == -1){

2140

1915

perror_plus("scandir");

2141

close(devnull);

2142

1916

return;

2143

1917

}

2144

1918

struct dirent *direntry;

2145

1919

int ret;

1920

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

1921

if(devnull == -1){

1922

perror_plus("open(\"/dev/null\", O_RDONLY)");

1923

return;

1924

}

2146

1925

for(int i = 0; i < numhooks; i++){

2147

1926

direntry = direntries[i];

2148

1927

if(debug){

2404

2183

2405

2184

/* Sleep checking until interface is running.

2406

2185

Check every 0.25s, up to total time of delay */

2407

for(int i = 0; i < delay * 4; i++){

2186

for(int i=0; i < delay * 4; i++){

2408

2187

if(interface_is_running(interface)){

2409

2188

break;

2410

2189

}

2497

2276

2498

2277

int main(int argc, char *argv[]){

2499

2278

mandos_context mc = { .server = NULL, .dh_bits = 0,

2500

#if GNUTLS_VERSION_NUMBER >= 0x030606

2501

.priority = "SECURE128:!CTYPE-X.509"

2502

":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"

2503

":%PROFILE_ULTRA",

2504

#elif GNUTLS_VERSION_NUMBER < 0x030600

2505

2279

.priority = "SECURE256:!CTYPE-X.509"

2506

2280

":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",

2507

#else

2508

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

2509

#endif

2510

2281

.current_server = NULL, .interfaces = NULL,

2511

2282

.interfaces_size = 0 };

2512

2283

AvahiSServiceBrowser *sb = NULL;

2523

2294

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

2524

2295

const char *seckey = PATHDIR "/" SECKEY;

2525

2296

const char *pubkey = PATHDIR "/" PUBKEY;

2526

#if GNUTLS_VERSION_NUMBER >= 0x030606

2527

const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;

2528

const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;

2529

#endif

2530

2297

const char *dh_params_file = NULL;

2531

2298

char *interfaces_hooks = NULL;

2532

2299

2580

2347

{ .name = "pubkey", .key = 'p',

2581

2348

.arg = "FILE",

2582

2349

.doc = "OpenPGP public key file base name",

2583

.group = 1 },

2584

{ .name = "tls-privkey", .key = 't',

2585

.arg = "FILE",

2586

#if GNUTLS_VERSION_NUMBER >= 0x030606

2587

.doc = "TLS private key file base name",

2588

#else

2589

.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",

2590

#endif

2591

.group = 1 },

2592

{ .name = "tls-pubkey", .key = 'T',

2593

.arg = "FILE",

2594

#if GNUTLS_VERSION_NUMBER >= 0x030606

2595

.doc = "TLS public key file base name",

2596

#else

2597

.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",

2598

#endif

2599

.group = 1 },

2350

.group = 2 },

2600

2351

{ .name = "dh-bits", .key = 129,

2601

2352

.arg = "BITS",

2602

2353

.doc = "Bit length of the prime number used in the"

2658

2409

case 'p': /* --pubkey */

2659

2410

pubkey = arg;

2660

2411

break;

2661

case 't': /* --tls-privkey */

2662

#if GNUTLS_VERSION_NUMBER >= 0x030606

2663

tls_privkey = arg;

2664

#endif

2665

break;

2666

case 'T': /* --tls-pubkey */

2667

#if GNUTLS_VERSION_NUMBER >= 0x030606

2668

tls_pubkey = arg;

2669

#endif

2670

break;

2671

2412

case 129: /* --dh-bits */

2672

2413

errno = 0;

2673

2414

tmpmax = strtoimax(arg, &tmp, 10);

2708

2449

argp_state_help(state, state->out_stream,

2709

2450

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

2710

2451

& ~(unsigned int)ARGP_HELP_EXIT_OK);

2711

__builtin_unreachable();

2712

2452

case -3: /* --usage */

2713

2453

argp_state_help(state, state->out_stream,

2714

2454

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

2715

__builtin_unreachable();

2716

2455

case 'V': /* --version */

2717

2456

fprintf_plus(state->out_stream, "%s\n", argp_program_version);

2718

2457

exit(argp_err_exit_status);

2745

2484

}

2746

2485

2747

2486

{

2487

/* Work around Debian bug #633582:

2488

<http://bugs.debian.org/633582> */

2489

2748

2490

/* Re-raise privileges */

2749

2491

ret = raise_privileges();

2750

2492

if(ret != 0){

2753

2495

} else {

2754

2496

struct stat st;

2755

2497

2756

/* Work around Debian bug #633582:

2757

<https://bugs.debian.org/633582> */

2758

2759

2498

if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){

2760

2499

int seckey_fd = open(seckey, O_RDONLY);

2761

2500

if(seckey_fd == -1){

2820

2559

}

2821

2560

}

2822

2561

2823

/* Work around Debian bug #981302

2824

<https://bugs.debian.org/981302> */

2825

if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){

2826

ret = symlink("/proc/self/fd", "/dev/fd");

2827

if(ret == -1){

2828

perror_plus("Failed to create /dev/fd symlink");

2829

}

2830

}

2831

2832

2562

/* Lower privileges */

2833

2563

ret = lower_privileges();

2834

2564

if(ret != 0){

3038

2768

goto end;

3039

2769

}

3040

2770

3041

#if GNUTLS_VERSION_NUMBER >= 0x030606

3042

ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);

3043

#elif GNUTLS_VERSION_NUMBER < 0x030600

3044

2771

ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);

3045

#else

3046

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

3047

#endif

3048

2772

if(ret == -1){

3049

2773

fprintf_plus(stderr, "init_gnutls_global failed\n");

3050

2774

exitcode = EX_UNAVAILABLE;

3222

2946

end:

3223

2947

3224

2948

if(debug){

3225

if(signal_received){

3226

fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",

3227

argv[0], signal_received,

3228

strsignal(signal_received));

3229

} else {

3230

fprintf_plus(stderr, "%s exiting\n", argv[0]);

3231

}

2949

fprintf_plus(stderr, "%s exiting\n", argv[0]);

3232

2950

}

3233

2951

3234

2952

/* Cleanup things */

3286

3004

/* Take down the network interfaces which were brought up */

3287

3005

{

3288

3006

char *interface = NULL;

3289

while((interface = argz_next(interfaces_to_take_down,

3290

interfaces_to_take_down_size,

3291

interface))){

3007

while((interface=argz_next(interfaces_to_take_down,

3008

interfaces_to_take_down_size,

3009

interface))){

3292

3010

ret = take_down_interface(interface);

3293

3011

if(ret != 0){

3294

3012

errno = ret;

3323

3041

| O_PATH));

3324

3042

if(dir_fd == -1){

3325

3043

perror_plus("open");

3326

return;

3327

3044

}

3328

3045

int numentries = scandirat(dir_fd, ".", &direntries,

3329

3046

notdotentries, alphasort);

3346

3063

clean_dir_at(dir_fd, direntries[i]->d_name, level+1);

3347

3064

dret = 0;

3348

3065

}

3349

if((dret == -1) and (errno != ENOENT)){

3066

if(dret == -1){

3350

3067

fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,

3351

3068

direntries[i]->d_name, strerror(errno));

3352

3069

}

3356

3073

3357

3074

/* need to clean even if 0 because man page doesn't specify */

3358

3075

free(direntries);

3076

if(numentries == -1){

3077

perror_plus("scandirat");

3078

}

3359

3079

dret = unlinkat(base, dirname, AT_REMOVEDIR);

3360

3080

if(dret == -1 and errno != ENOENT){

3361

3081

perror_plus("rmdir");

Older »