To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 951
- compare with another revision
- download diff
- download tarball
- view history from revision 951
- Committer: Teddy Hogeborn
- Date: 2018-08-15 09:26:02 UTC
- Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
mandos-client: Set system clock if necessary
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2012 Teddy Hogeborn
13
* Copyright © 2008-2012 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2018 Teddy Hogeborn
13
* Copyright © 2008-2018 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
32
33
/* Needed by GPGME, specifically gpgme_data_seek() */
33
34
#ifndef _LARGEFILE_SOURCE
34
35
#define _LARGEFILE_SOURCE
35
#endif
36
#endif /* not _LARGEFILE_SOURCE */
36
37
#ifndef _FILE_OFFSET_BITS
37
38
#define _FILE_OFFSET_BITS 64
38
#endif
39
#endif /* not _FILE_OFFSET_BITS */
39
40
40
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
42
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
stdout, ferror() */
44
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
45
46
#include <stddef.h> /* NULL, size_t, ssize_t */
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
55
57
opendir(), DIR */
56
58
#include <sys/stat.h> /* open(), S_ISREG */
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect() */
59
#include <fcntl.h> /* open() */
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
60
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
61
64
*/
62
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
66
strtoimax() */
64
#include <assert.h> /* assert() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
73
79
*/
74
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
75
81
getuid(), getgid(), seteuid(),
76
setgid(), pause(), _exit() */
77
#include <arpa/inet.h> /* inet_pton(), htons, inet_ntop() */
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
78
85
#include <iso646.h> /* not, or, and */
79
86
#include <argp.h> /* struct argp_option, error_t, struct
80
87
argp_state, struct argp,
88
95
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
89
96
WEXITSTATUS(), WTERMSIG() */
90
97
#include <grp.h> /* setgroups() */
98
#include <argz.h> /* argz_add_sep(), argz_next(),
99
argz_delete(), argz_append(),
100
argz_stringify(), argz_add(),
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
91
104
92
105
#ifdef __linux__
93
106
#include <sys/klog.h> /* klogctl() */
135
148
static const char sys_class_net[] = "/sys/class/net";
136
149
char *connect_to = NULL;
137
150
const char *hookdir = HOOKDIR;
151
int hookdir_fd = -1;
152
uid_t uid = 65534;
153
gid_t gid = 65534;
138
154
139
155
/* Doubly linked list that need to be circularly linked when used */
140
156
typedef struct server{
141
157
const char *ip;
142
uint16_t port;
158
in_port_t port;
143
159
AvahiIfIndex if_index;
144
160
int af;
145
161
struct timespec last_seen;
149
165
150
166
/* Used for passing in values through the Avahi callback functions */
151
167
typedef struct {
152
AvahiSimplePoll *simple_poll;
153
168
AvahiServer *server;
154
169
gnutls_certificate_credentials_t cred;
155
170
unsigned int dh_bits;
157
172
const char *priority;
158
173
gpgme_ctx_t ctx;
159
174
server *current_server;
175
char *interfaces;
176
size_t interfaces_size;
160
177
} mandos_context;
161
178
162
/* global context so signal handler can reach it*/
163
mandos_context mc = { .simple_poll = NULL, .server = NULL,
164
.dh_bits = 1024, .priority = "SECURE256"
165
":!CTYPE-X.509:+CTYPE-OPENPGP",
166
.current_server = NULL };
179
/* global so signal handler can reach it*/
180
AvahiSimplePoll *simple_poll;
167
181
168
182
sig_atomic_t quit_now = 0;
169
183
int signal_received = 0;
177
191
perror(print_text);
178
192
}
179
193
180
__attribute__((format (gnu_printf, 2, 3)))
194
__attribute__((format (gnu_printf, 2, 3), nonnull))
181
195
int fprintf_plus(FILE *stream, const char *format, ...){
182
196
va_list ap;
183
197
va_start (ap, format);
184
198
185
199
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
186
200
program_invocation_short_name));
187
return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
201
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
188
202
}
189
203
190
204
/*
192
206
* bytes. "buffer_capacity" is how much is currently allocated,
193
207
* "buffer_length" is how much is already used.
194
208
*/
209
__attribute__((nonnull, warn_unused_result))
195
210
size_t incbuffer(char **buffer, size_t buffer_length,
196
211
size_t buffer_capacity){
197
212
if(buffer_length + BUFFER_SIZE > buffer_capacity){
198
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
199
if(buffer == NULL){
213
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
214
if(new_buf == NULL){
215
int old_errno = errno;
216
free(*buffer);
217
errno = old_errno;
218
*buffer = NULL;
200
219
return 0;
201
220
}
221
*buffer = new_buf;
202
222
buffer_capacity += BUFFER_SIZE;
203
223
}
204
224
return buffer_capacity;
205
225
}
206
226
207
227
/* Add server to set of servers to retry periodically */
208
bool add_server(const char *ip, uint16_t port, AvahiIfIndex if_index,
209
int af){
228
__attribute__((nonnull, warn_unused_result))
229
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
230
int af, server **current_server){
210
231
int ret;
211
232
server *new_server = malloc(sizeof(server));
212
233
if(new_server == NULL){
219
240
.af = af };
220
241
if(new_server->ip == NULL){
221
242
perror_plus("strdup");
243
free(new_server);
244
return false;
245
}
246
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
247
if(ret == -1){
248
perror_plus("clock_gettime");
249
#ifdef __GNUC__
250
#pragma GCC diagnostic push
251
#pragma GCC diagnostic ignored "-Wcast-qual"
252
#endif
253
free((char *)(new_server->ip));
254
#ifdef __GNUC__
255
#pragma GCC diagnostic pop
256
#endif
257
free(new_server);
222
258
return false;
223
259
}
224
260
/* Special case of first server */
225
if (mc.current_server == NULL){
261
if(*current_server == NULL){
226
262
new_server->next = new_server;
227
263
new_server->prev = new_server;
228
mc.current_server = new_server;
229
/* Place the new server last in the list */
264
*current_server = new_server;
230
265
} else {
231
new_server->next = mc.current_server;
232
new_server->prev = mc.current_server->prev;
266
/* Place the new server last in the list */
267
new_server->next = *current_server;
268
new_server->prev = (*current_server)->prev;
233
269
new_server->prev->next = new_server;
234
mc.current_server->prev = new_server;
235
}
236
ret = clock_gettime(CLOCK_MONOTONIC, &mc.current_server->last_seen);
237
if(ret == -1){
238
perror_plus("clock_gettime");
239
return false;
270
(*current_server)->prev = new_server;
240
271
}
241
272
return true;
242
273
}
243
274
275
/* Set effective uid to 0, return errno */
276
__attribute__((warn_unused_result))
277
int raise_privileges(void){
278
int old_errno = errno;
279
int ret = 0;
280
if(seteuid(0) == -1){
281
ret = errno;
282
}
283
errno = old_errno;
284
return ret;
285
}
286
287
/* Set effective and real user ID to 0. Return errno. */
288
__attribute__((warn_unused_result))
289
int raise_privileges_permanently(void){
290
int old_errno = errno;
291
int ret = raise_privileges();
292
if(ret != 0){
293
errno = old_errno;
294
return ret;
295
}
296
if(setuid(0) == -1){
297
ret = errno;
298
}
299
errno = old_errno;
300
return ret;
301
}
302
303
/* Set effective user ID to unprivileged saved user ID */
304
__attribute__((warn_unused_result))
305
int lower_privileges(void){
306
int old_errno = errno;
307
int ret = 0;
308
if(seteuid(uid) == -1){
309
ret = errno;
310
}
311
errno = old_errno;
312
return ret;
313
}
314
315
/* Lower privileges permanently */
316
__attribute__((warn_unused_result))
317
int lower_privileges_permanently(void){
318
int old_errno = errno;
319
int ret = 0;
320
if(setuid(uid) == -1){
321
ret = errno;
322
}
323
errno = old_errno;
324
return ret;
325
}
326
244
327
/*
245
328
* Initialize GPGME.
246
329
*/
247
static bool init_gpgme(const char *seckey, const char *pubkey,
248
const char *tempdir){
330
__attribute__((nonnull, warn_unused_result))
331
static bool init_gpgme(const char * const seckey,
332
const char * const pubkey,
333
const char * const tempdir,
334
mandos_context *mc){
249
335
gpgme_error_t rc;
250
336
gpgme_engine_info_t engine_info;
251
337
252
253
338
/*
254
339
* Helper function to insert pub and seckey to the engine keyring.
255
340
*/
256
bool import_key(const char *filename){
341
bool import_key(const char * const filename){
257
342
int ret;
258
343
int fd;
259
344
gpgme_data_t pgp_data;
264
349
return false;
265
350
}
266
351
352
/* Workaround for systems without a real-time clock; see also
353
Debian bug #894495: <https://bugs.debian.org/894495> */
354
do {
355
{
356
time_t currtime = time(NULL);
357
if(currtime != (time_t)-1){
358
struct tm tm;
359
if(gmtime_r(&currtime, &tm) == NULL) {
360
perror_plus("gmtime_r");
361
break;
362
}
363
if(tm.tm_year != 70 or tm.tm_mon != 0){
364
break;
365
}
366
if(debug){
367
fprintf_plus(stderr, "System clock is January 1970");
368
}
369
} else {
370
if(debug){
371
fprintf_plus(stderr, "System clock is invalid");
372
}
373
}
374
}
375
struct stat keystat;
376
ret = fstat(fd, &keystat);
377
if(ret != 0){
378
perror_plus("fstat");
379
break;
380
}
381
ret = raise_privileges();
382
if(ret != 0){
383
errno = ret;
384
perror_plus("Failed to raise privileges");
385
break;
386
}
387
if(debug){
388
fprintf_plus(stderr,
389
"Setting system clock to key file mtime");
390
}
391
time_t keytime = keystat.st_mtim.tv_sec;
392
if(stime(&keytime) != 0){
393
perror_plus("stime");
394
}
395
ret = lower_privileges();
396
if(ret != 0){
397
errno = ret;
398
perror_plus("Failed to lower privileges");
399
}
400
} while(false);
401
267
402
rc = gpgme_data_new_from_fd(&pgp_data, fd);
268
403
if(rc != GPG_ERR_NO_ERROR){
269
404
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
271
406
return false;
272
407
}
273
408
274
rc = gpgme_op_import(mc.ctx, pgp_data);
409
rc = gpgme_op_import(mc->ctx, pgp_data);
275
410
if(rc != GPG_ERR_NO_ERROR){
276
411
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
277
412
gpgme_strsource(rc), gpgme_strerror(rc));
278
413
return false;
279
414
}
415
{
416
gpgme_import_result_t import_result
417
= gpgme_op_import_result(mc->ctx);
418
if((import_result->imported < 1
419
or import_result->not_imported > 0)
420
and import_result->unchanged == 0){
421
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
422
fprintf_plus(stderr,
423
"The total number of considered keys: %d\n",
424
import_result->considered);
425
fprintf_plus(stderr,
426
"The number of keys without user ID: %d\n",
427
import_result->no_user_id);
428
fprintf_plus(stderr,
429
"The total number of imported keys: %d\n",
430
import_result->imported);
431
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
432
import_result->imported_rsa);
433
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
434
import_result->unchanged);
435
fprintf_plus(stderr, "The number of new user IDs: %d\n",
436
import_result->new_user_ids);
437
fprintf_plus(stderr, "The number of new sub keys: %d\n",
438
import_result->new_sub_keys);
439
fprintf_plus(stderr, "The number of new signatures: %d\n",
440
import_result->new_signatures);
441
fprintf_plus(stderr, "The number of new revocations: %d\n",
442
import_result->new_revocations);
443
fprintf_plus(stderr,
444
"The total number of secret keys read: %d\n",
445
import_result->secret_read);
446
fprintf_plus(stderr,
447
"The number of imported secret keys: %d\n",
448
import_result->secret_imported);
449
fprintf_plus(stderr,
450
"The number of unchanged secret keys: %d\n",
451
import_result->secret_unchanged);
452
fprintf_plus(stderr, "The number of keys not imported: %d\n",
453
import_result->not_imported);
454
for(gpgme_import_status_t import_status
455
= import_result->imports;
456
import_status != NULL;
457
import_status = import_status->next){
458
fprintf_plus(stderr, "Import status for key: %s\n",
459
import_status->fpr);
460
if(import_status->result != GPG_ERR_NO_ERROR){
461
fprintf_plus(stderr, "Import result: %s: %s\n",
462
gpgme_strsource(import_status->result),
463
gpgme_strerror(import_status->result));
464
}
465
fprintf_plus(stderr, "Key status:\n");
466
fprintf_plus(stderr,
467
import_status->status & GPGME_IMPORT_NEW
468
? "The key was new.\n"
469
: "The key was not new.\n");
470
fprintf_plus(stderr,
471
import_status->status & GPGME_IMPORT_UID
472
? "The key contained new user IDs.\n"
473
: "The key did not contain new user IDs.\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_SIG
476
? "The key contained new signatures.\n"
477
: "The key did not contain new signatures.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_SUBKEY
480
? "The key contained new sub keys.\n"
481
: "The key did not contain new sub keys.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SECRET
484
? "The key contained a secret key.\n"
485
: "The key did not contain a secret key.\n");
486
}
487
return false;
488
}
489
}
280
490
281
ret = (int)TEMP_FAILURE_RETRY(close(fd));
491
ret = close(fd);
282
492
if(ret == -1){
283
493
perror_plus("close");
284
494
}
321
531
}
322
532
323
533
/* Create new GPGME "context" */
324
rc = gpgme_new(&(mc.ctx));
534
rc = gpgme_new(&(mc->ctx));
325
535
if(rc != GPG_ERR_NO_ERROR){
326
fprintf_plus(stderr, "Mandos plugin mandos-client: "
327
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
328
gpgme_strerror(rc));
536
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
537
gpgme_strsource(rc), gpgme_strerror(rc));
329
538
return false;
330
539
}
331
540
340
549
* Decrypt OpenPGP data.
341
550
* Returns -1 on error
342
551
*/
552
__attribute__((nonnull, warn_unused_result))
343
553
static ssize_t pgp_packet_decrypt(const char *cryptotext,
344
554
size_t crypto_size,
345
char **plaintext){
555
char **plaintext,
556
mandos_context *mc){
346
557
gpgme_data_t dh_crypto, dh_plain;
347
558
gpgme_error_t rc;
348
559
ssize_t ret;
365
576
/* Create new empty GPGME data buffer for the plaintext */
366
577
rc = gpgme_data_new(&dh_plain);
367
578
if(rc != GPG_ERR_NO_ERROR){
368
fprintf_plus(stderr, "Mandos plugin mandos-client: "
369
"bad gpgme_data_new: %s: %s\n",
579
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
370
580
gpgme_strsource(rc), gpgme_strerror(rc));
371
581
gpgme_data_release(dh_crypto);
372
582
return -1;
374
584
375
585
/* Decrypt data from the cryptotext data buffer to the plaintext
376
586
data buffer */
377
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
587
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
378
588
if(rc != GPG_ERR_NO_ERROR){
379
589
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
380
590
gpgme_strsource(rc), gpgme_strerror(rc));
381
591
plaintext_length = -1;
382
592
if(debug){
383
593
gpgme_decrypt_result_t result;
384
result = gpgme_op_decrypt_result(mc.ctx);
594
result = gpgme_op_decrypt_result(mc->ctx);
385
595
if(result == NULL){
386
596
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
387
597
} else {
388
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
389
result->unsupported_algorithm);
390
fprintf_plus(stderr, "Wrong key usage: %u\n",
391
result->wrong_key_usage);
598
if(result->unsupported_algorithm != NULL) {
599
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
600
result->unsupported_algorithm);
601
}
602
fprintf_plus(stderr, "Wrong key usage: %s\n",
603
result->wrong_key_usage ? "Yes" : "No");
392
604
if(result->file_name != NULL){
393
605
fprintf_plus(stderr, "File name: %s\n", result->file_name);
394
606
}
395
gpgme_recipient_t recipient;
396
recipient = result->recipients;
397
while(recipient != NULL){
607
608
for(gpgme_recipient_t r = result->recipients; r != NULL;
609
r = r->next){
398
610
fprintf_plus(stderr, "Public key algorithm: %s\n",
399
gpgme_pubkey_algo_name
400
(recipient->pubkey_algo));
401
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
611
gpgme_pubkey_algo_name(r->pubkey_algo));
612
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
402
613
fprintf_plus(stderr, "Secret key available: %s\n",
403
recipient->status == GPG_ERR_NO_SECKEY
404
? "No" : "Yes");
405
recipient = recipient->next;
614
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
406
615
}
407
616
}
408
617
}
464
673
return plaintext_length;
465
674
}
466
675
467
static const char * safer_gnutls_strerror(int value){
468
const char *ret = gnutls_strerror(value); /* Spurious warning from
469
-Wunreachable-code */
470
if(ret == NULL)
471
ret = "(unknown)";
472
return ret;
676
__attribute__((warn_unused_result, const))
677
static const char *safe_string(const char *str){
678
if(str == NULL)
679
return "(unknown)";
680
return str;
681
}
682
683
__attribute__((warn_unused_result))
684
static const char *safer_gnutls_strerror(int value){
685
const char *ret = gnutls_strerror(value);
686
return safe_string(ret);
473
687
}
474
688
475
689
/* GnuTLS log function callback */
690
__attribute__((nonnull))
476
691
static void debuggnutls(__attribute__((unused)) int level,
477
692
const char* string){
478
693
fprintf_plus(stderr, "GnuTLS: %s", string);
479
694
}
480
695
696
__attribute__((nonnull(1, 2, 4), warn_unused_result))
481
697
static int init_gnutls_global(const char *pubkeyfilename,
482
const char *seckeyfilename){
698
const char *seckeyfilename,
699
const char *dhparamsfilename,
700
mandos_context *mc){
483
701
int ret;
702
unsigned int uret;
484
703
485
704
if(debug){
486
705
fprintf_plus(stderr, "Initializing GnuTLS\n");
487
706
}
488
707
489
ret = gnutls_global_init();
490
if(ret != GNUTLS_E_SUCCESS){
491
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
492
safer_gnutls_strerror(ret));
493
return -1;
494
}
495
496
708
if(debug){
497
709
/* "Use a log level over 10 to enable all debugging options."
498
710
* - GnuTLS manual
502
714
}
503
715
504
716
/* OpenPGP credentials */
505
ret = gnutls_certificate_allocate_credentials(&mc.cred);
717
ret = gnutls_certificate_allocate_credentials(&mc->cred);
506
718
if(ret != GNUTLS_E_SUCCESS){
507
719
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
508
720
safer_gnutls_strerror(ret));
509
gnutls_global_deinit();
510
721
return -1;
511
722
}
512
723
518
729
}
519
730
520
731
ret = gnutls_certificate_set_openpgp_key_file
521
(mc.cred, pubkeyfilename, seckeyfilename,
732
(mc->cred, pubkeyfilename, seckeyfilename,
522
733
GNUTLS_OPENPGP_FMT_BASE64);
523
734
if(ret != GNUTLS_E_SUCCESS){
524
735
fprintf_plus(stderr,
530
741
}
531
742
532
743
/* GnuTLS server initialization */
533
ret = gnutls_dh_params_init(&mc.dh_params);
744
ret = gnutls_dh_params_init(&mc->dh_params);
534
745
if(ret != GNUTLS_E_SUCCESS){
535
746
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
536
747
" initialization: %s\n",
537
748
safer_gnutls_strerror(ret));
538
749
goto globalfail;
539
750
}
540
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
541
if(ret != GNUTLS_E_SUCCESS){
542
fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
543
safer_gnutls_strerror(ret));
544
goto globalfail;
545
}
546
547
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
751
/* If a Diffie-Hellman parameters file was given, try to use it */
752
if(dhparamsfilename != NULL){
753
gnutls_datum_t params = { .data = NULL, .size = 0 };
754
do {
755
int dhpfile = open(dhparamsfilename, O_RDONLY);
756
if(dhpfile == -1){
757
perror_plus("open");
758
dhparamsfilename = NULL;
759
break;
760
}
761
size_t params_capacity = 0;
762
while(true){
763
params_capacity = incbuffer((char **)¶ms.data,
764
(size_t)params.size,
765
(size_t)params_capacity);
766
if(params_capacity == 0){
767
perror_plus("incbuffer");
768
free(params.data);
769
params.data = NULL;
770
dhparamsfilename = NULL;
771
break;
772
}
773
ssize_t bytes_read = read(dhpfile,
774
params.data + params.size,
775
BUFFER_SIZE);
776
/* EOF */
777
if(bytes_read == 0){
778
break;
779
}
780
/* check bytes_read for failure */
781
if(bytes_read < 0){
782
perror_plus("read");
783
free(params.data);
784
params.data = NULL;
785
dhparamsfilename = NULL;
786
break;
787
}
788
params.size += (unsigned int)bytes_read;
789
}
790
ret = close(dhpfile);
791
if(ret == -1){
792
perror_plus("close");
793
}
794
if(params.data == NULL){
795
dhparamsfilename = NULL;
796
}
797
if(dhparamsfilename == NULL){
798
break;
799
}
800
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
801
GNUTLS_X509_FMT_PEM);
802
if(ret != GNUTLS_E_SUCCESS){
803
fprintf_plus(stderr, "Failed to parse DH parameters in file"
804
" \"%s\": %s\n", dhparamsfilename,
805
safer_gnutls_strerror(ret));
806
dhparamsfilename = NULL;
807
}
808
free(params.data);
809
} while(false);
810
}
811
if(dhparamsfilename == NULL){
812
if(mc->dh_bits == 0){
813
/* Find out the optimal number of DH bits */
814
/* Try to read the private key file */
815
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
816
do {
817
int secfile = open(seckeyfilename, O_RDONLY);
818
if(secfile == -1){
819
perror_plus("open");
820
break;
821
}
822
size_t buffer_capacity = 0;
823
while(true){
824
buffer_capacity = incbuffer((char **)&buffer.data,
825
(size_t)buffer.size,
826
(size_t)buffer_capacity);
827
if(buffer_capacity == 0){
828
perror_plus("incbuffer");
829
free(buffer.data);
830
buffer.data = NULL;
831
break;
832
}
833
ssize_t bytes_read = read(secfile,
834
buffer.data + buffer.size,
835
BUFFER_SIZE);
836
/* EOF */
837
if(bytes_read == 0){
838
break;
839
}
840
/* check bytes_read for failure */
841
if(bytes_read < 0){
842
perror_plus("read");
843
free(buffer.data);
844
buffer.data = NULL;
845
break;
846
}
847
buffer.size += (unsigned int)bytes_read;
848
}
849
close(secfile);
850
} while(false);
851
/* If successful, use buffer to parse private key */
852
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
853
if(buffer.data != NULL){
854
{
855
gnutls_openpgp_privkey_t privkey = NULL;
856
ret = gnutls_openpgp_privkey_init(&privkey);
857
if(ret != GNUTLS_E_SUCCESS){
858
fprintf_plus(stderr, "Error initializing OpenPGP key"
859
" structure: %s",
860
safer_gnutls_strerror(ret));
861
free(buffer.data);
862
buffer.data = NULL;
863
} else {
864
ret = gnutls_openpgp_privkey_import
865
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
866
if(ret != GNUTLS_E_SUCCESS){
867
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
868
safer_gnutls_strerror(ret));
869
privkey = NULL;
870
}
871
free(buffer.data);
872
buffer.data = NULL;
873
if(privkey != NULL){
874
/* Use private key to suggest an appropriate
875
sec_param */
876
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
877
gnutls_openpgp_privkey_deinit(privkey);
878
if(debug){
879
fprintf_plus(stderr, "This OpenPGP key implies using"
880
" a GnuTLS security parameter \"%s\".\n",
881
safe_string(gnutls_sec_param_get_name
882
(sec_param)));
883
}
884
}
885
}
886
}
887
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
888
/* Err on the side of caution */
889
sec_param = GNUTLS_SEC_PARAM_ULTRA;
890
if(debug){
891
fprintf_plus(stderr, "Falling back to security parameter"
892
" \"%s\"\n",
893
safe_string(gnutls_sec_param_get_name
894
(sec_param)));
895
}
896
}
897
}
898
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
899
if(uret != 0){
900
mc->dh_bits = uret;
901
if(debug){
902
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
903
" implies %u DH bits; using that.\n",
904
safe_string(gnutls_sec_param_get_name
905
(sec_param)),
906
mc->dh_bits);
907
}
908
} else {
909
fprintf_plus(stderr, "Failed to get implied number of DH"
910
" bits for security parameter \"%s\"): %s\n",
911
safe_string(gnutls_sec_param_get_name
912
(sec_param)),
913
safer_gnutls_strerror(ret));
914
goto globalfail;
915
}
916
} else if(debug){
917
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
918
mc->dh_bits);
919
}
920
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
921
if(ret != GNUTLS_E_SUCCESS){
922
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
923
" bits): %s\n", mc->dh_bits,
924
safer_gnutls_strerror(ret));
925
goto globalfail;
926
}
927
}
928
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
548
929
549
930
return 0;
550
931
551
932
globalfail:
552
933
553
gnutls_certificate_free_credentials(mc.cred);
554
gnutls_global_deinit();
555
gnutls_dh_params_deinit(mc.dh_params);
934
gnutls_certificate_free_credentials(mc->cred);
935
gnutls_dh_params_deinit(mc->dh_params);
556
936
return -1;
557
937
}
558
938
559
static int init_gnutls_session(gnutls_session_t *session){
939
__attribute__((nonnull, warn_unused_result))
940
static int init_gnutls_session(gnutls_session_t *session,
941
mandos_context *mc){
560
942
int ret;
561
943
/* GnuTLS session creation */
562
944
do {
574
956
{
575
957
const char *err;
576
958
do {
577
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
959
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
578
960
if(quit_now){
579
961
gnutls_deinit(*session);
580
962
return -1;
591
973
592
974
do {
593
975
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
594
mc.cred);
976
mc->cred);
595
977
if(quit_now){
596
978
gnutls_deinit(*session);
597
979
return -1;
607
989
/* ignore client certificate if any. */
608
990
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
609
991
610
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
611
612
992
return 0;
613
993
}
614
994
616
996
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
617
997
__attribute__((unused)) const char *txt){}
618
998
999
/* Helper function to add_local_route() and delete_local_route() */
1000
__attribute__((nonnull, warn_unused_result))
1001
static bool add_delete_local_route(const bool add,
1002
const char *address,
1003
AvahiIfIndex if_index){
1004
int ret;
1005
char helper[] = "mandos-client-iprouteadddel";
1006
char add_arg[] = "add";
1007
char delete_arg[] = "delete";
1008
char debug_flag[] = "--debug";
1009
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1010
if(pluginhelperdir == NULL){
1011
if(debug){
1012
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1013
" variable not set; cannot run helper\n");
1014
}
1015
return false;
1016
}
1017
1018
char interface[IF_NAMESIZE];
1019
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1020
perror_plus("if_indextoname");
1021
return false;
1022
}
1023
1024
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1025
if(devnull == -1){
1026
perror_plus("open(\"/dev/null\", O_RDONLY)");
1027
return false;
1028
}
1029
pid_t pid = fork();
1030
if(pid == 0){
1031
/* Child */
1032
/* Raise privileges */
1033
errno = raise_privileges_permanently();
1034
if(errno != 0){
1035
perror_plus("Failed to raise privileges");
1036
/* _exit(EX_NOPERM); */
1037
} else {
1038
/* Set group */
1039
errno = 0;
1040
ret = setgid(0);
1041
if(ret == -1){
1042
perror_plus("setgid");
1043
_exit(EX_NOPERM);
1044
}
1045
/* Reset supplementary groups */
1046
errno = 0;
1047
ret = setgroups(0, NULL);
1048
if(ret == -1){
1049
perror_plus("setgroups");
1050
_exit(EX_NOPERM);
1051
}
1052
}
1053
ret = dup2(devnull, STDIN_FILENO);
1054
if(ret == -1){
1055
perror_plus("dup2(devnull, STDIN_FILENO)");
1056
_exit(EX_OSERR);
1057
}
1058
ret = close(devnull);
1059
if(ret == -1){
1060
perror_plus("close");
1061
_exit(EX_OSERR);
1062
}
1063
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1064
if(ret == -1){
1065
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1066
_exit(EX_OSERR);
1067
}
1068
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1069
O_RDONLY
1070
| O_DIRECTORY
1071
| O_PATH
1072
| O_CLOEXEC));
1073
if(helperdir_fd == -1){
1074
perror_plus("open");
1075
_exit(EX_UNAVAILABLE);
1076
}
1077
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1078
helper, O_RDONLY));
1079
if(helper_fd == -1){
1080
perror_plus("openat");
1081
close(helperdir_fd);
1082
_exit(EX_UNAVAILABLE);
1083
}
1084
close(helperdir_fd);
1085
#ifdef __GNUC__
1086
#pragma GCC diagnostic push
1087
#pragma GCC diagnostic ignored "-Wcast-qual"
1088
#endif
1089
if(fexecve(helper_fd, (char *const [])
1090
{ helper, add ? add_arg : delete_arg, (char *)address,
1091
interface, debug ? debug_flag : NULL, NULL },
1092
environ) == -1){
1093
#ifdef __GNUC__
1094
#pragma GCC diagnostic pop
1095
#endif
1096
perror_plus("fexecve");
1097
_exit(EXIT_FAILURE);
1098
}
1099
}
1100
if(pid == -1){
1101
perror_plus("fork");
1102
return false;
1103
}
1104
int status;
1105
pid_t pret = -1;
1106
errno = 0;
1107
do {
1108
pret = waitpid(pid, &status, 0);
1109
if(pret == -1 and errno == EINTR and quit_now){
1110
int errno_raising = 0;
1111
if((errno = raise_privileges()) != 0){
1112
errno_raising = errno;
1113
perror_plus("Failed to raise privileges in order to"
1114
" kill helper program");
1115
}
1116
if(kill(pid, SIGTERM) == -1){
1117
perror_plus("kill");
1118
}
1119
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1120
perror_plus("Failed to lower privileges after killing"
1121
" helper program");
1122
}
1123
return false;
1124
}
1125
} while(pret == -1 and errno == EINTR);
1126
if(pret == -1){
1127
perror_plus("waitpid");
1128
return false;
1129
}
1130
if(WIFEXITED(status)){
1131
if(WEXITSTATUS(status) != 0){
1132
fprintf_plus(stderr, "Error: iprouteadddel exited"
1133
" with status %d\n", WEXITSTATUS(status));
1134
return false;
1135
}
1136
return true;
1137
}
1138
if(WIFSIGNALED(status)){
1139
fprintf_plus(stderr, "Error: iprouteadddel died by"
1140
" signal %d\n", WTERMSIG(status));
1141
return false;
1142
}
1143
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1144
return false;
1145
}
1146
1147
__attribute__((nonnull, warn_unused_result))
1148
static bool add_local_route(const char *address,
1149
AvahiIfIndex if_index){
1150
if(debug){
1151
fprintf_plus(stderr, "Adding route to %s\n", address);
1152
}
1153
return add_delete_local_route(true, address, if_index);
1154
}
1155
1156
__attribute__((nonnull, warn_unused_result))
1157
static bool delete_local_route(const char *address,
1158
AvahiIfIndex if_index){
1159
if(debug){
1160
fprintf_plus(stderr, "Removing route to %s\n", address);
1161
}
1162
return add_delete_local_route(false, address, if_index);
1163
}
1164
619
1165
/* Called when a Mandos server is found */
620
static int start_mandos_communication(const char *ip, uint16_t port,
1166
__attribute__((nonnull, warn_unused_result))
1167
static int start_mandos_communication(const char *ip, in_port_t port,
621
1168
AvahiIfIndex if_index,
622
int af){
1169
int af, mandos_context *mc){
623
1170
int ret, tcp_sd = -1;
624
1171
ssize_t sret;
625
union {
626
struct sockaddr_in in;
627
struct sockaddr_in6 in6;
628
} to;
1172
struct sockaddr_storage to;
629
1173
char *buffer = NULL;
630
1174
char *decrypted_buffer = NULL;
631
1175
size_t buffer_length = 0;
634
1178
int retval = -1;
635
1179
gnutls_session_t session;
636
1180
int pf; /* Protocol family */
1181
bool route_added = false;
637
1182
638
1183
errno = 0;
639
1184
655
1200
return -1;
656
1201
}
657
1202
658
ret = init_gnutls_session(&session);
1203
/* If the interface is specified and we have a list of interfaces */
1204
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1205
/* Check if the interface is one of the interfaces we are using */
1206
bool match = false;
1207
{
1208
char *interface = NULL;
1209
while((interface = argz_next(mc->interfaces,
1210
mc->interfaces_size,
1211
interface))){
1212
if(if_nametoindex(interface) == (unsigned int)if_index){
1213
match = true;
1214
break;
1215
}
1216
}
1217
}
1218
if(not match){
1219
/* This interface does not match any in the list, so we don't
1220
connect to the server */
1221
if(debug){
1222
char interface[IF_NAMESIZE];
1223
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1224
perror_plus("if_indextoname");
1225
} else {
1226
fprintf_plus(stderr, "Skipping server on non-used interface"
1227
" \"%s\"\n",
1228
if_indextoname((unsigned int)if_index,
1229
interface));
1230
}
1231
}
1232
return -1;
1233
}
1234
}
1235
1236
ret = init_gnutls_session(&session, mc);
659
1237
if(ret != 0){
660
1238
return -1;
661
1239
}
662
1240
663
1241
if(debug){
664
1242
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
665
PRIu16 "\n", ip, port);
1243
PRIuMAX "\n", ip, (uintmax_t)port);
666
1244
}
667
1245
668
tcp_sd = socket(pf, SOCK_STREAM, 0);
1246
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
669
1247
if(tcp_sd < 0){
670
1248
int e = errno;
671
1249
perror_plus("socket");
678
1256
goto mandos_end;
679
1257
}
680
1258
681
memset(&to, 0, sizeof(to));
682
1259
if(af == AF_INET6){
683
to.in6.sin6_family = (sa_family_t)af;
684
ret = inet_pton(af, ip, &to.in6.sin6_addr);
1260
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1261
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1262
ret = inet_pton(af, ip, &to6->sin6_addr);
685
1263
} else { /* IPv4 */
686
to.in.sin_family = (sa_family_t)af;
687
ret = inet_pton(af, ip, &to.in.sin_addr);
1264
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1265
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1266
ret = inet_pton(af, ip, &to4->sin_addr);
688
1267
}
689
1268
if(ret < 0 ){
690
1269
int e = errno;
699
1278
goto mandos_end;
700
1279
}
701
1280
if(af == AF_INET6){
702
to.in6.sin6_port = htons(port); /* Spurious warnings from
703
-Wconversion and
704
-Wunreachable-code */
705
706
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
707
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
708
-Wunreachable-code*/
1281
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1282
if(IN6_IS_ADDR_LINKLOCAL
1283
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
709
1284
if(if_index == AVAHI_IF_UNSPEC){
710
1285
fprintf_plus(stderr, "An IPv6 link-local address is"
711
1286
" incomplete without a network interface\n");
713
1288
goto mandos_end;
714
1289
}
715
1290
/* Set the network interface number as scope */
716
to.in6.sin6_scope_id = (uint32_t)if_index;
1291
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
717
1292
}
718
1293
} else {
719
to.in.sin_port = htons(port); /* Spurious warnings from
720
-Wconversion and
721
-Wunreachable-code */
1294
((struct sockaddr_in *)&to)->sin_port = htons(port);
722
1295
}
723
1296
724
1297
if(quit_now){
732
1305
if(if_indextoname((unsigned int)if_index, interface) == NULL){
733
1306
perror_plus("if_indextoname");
734
1307
} else {
735
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIu16
736
"\n", ip, interface, port);
1308
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1309
"\n", ip, interface, (uintmax_t)port);
737
1310
}
738
1311
} else {
739
fprintf_plus(stderr, "Connection to: %s, port %" PRIu16 "\n",
740
ip, port);
1312
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1313
ip, (uintmax_t)port);
741
1314
}
742
1315
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
743
1316
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
744
const char *pcret;
745
if(af == AF_INET6){
746
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
747
sizeof(addrstr));
748
} else {
749
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
750
sizeof(addrstr));
751
}
752
if(pcret == NULL){
753
perror_plus("inet_ntop");
754
} else {
755
if(strcmp(addrstr, ip) != 0){
756
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
757
}
758
}
759
}
760
761
if(quit_now){
762
errno = EINTR;
763
goto mandos_end;
764
}
765
766
if(af == AF_INET6){
767
ret = connect(tcp_sd, &to.in6, sizeof(to));
768
} else {
769
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
770
}
771
if(ret < 0){
772
if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
773
int e = errno;
774
perror_plus("connect");
775
errno = e;
776
}
777
goto mandos_end;
778
}
779
780
if(quit_now){
781
errno = EINTR;
782
goto mandos_end;
1317
if(af == AF_INET6){
1318
ret = getnameinfo((struct sockaddr *)&to,
1319
sizeof(struct sockaddr_in6),
1320
addrstr, sizeof(addrstr), NULL, 0,
1321
NI_NUMERICHOST);
1322
} else {
1323
ret = getnameinfo((struct sockaddr *)&to,
1324
sizeof(struct sockaddr_in),
1325
addrstr, sizeof(addrstr), NULL, 0,
1326
NI_NUMERICHOST);
1327
}
1328
if(ret == EAI_SYSTEM){
1329
perror_plus("getnameinfo");
1330
} else if(ret != 0) {
1331
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1332
} else if(strcmp(addrstr, ip) != 0){
1333
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1334
}
1335
}
1336
1337
if(quit_now){
1338
errno = EINTR;
1339
goto mandos_end;
1340
}
1341
1342
while(true){
1343
if(af == AF_INET6){
1344
ret = connect(tcp_sd, (struct sockaddr *)&to,
1345
sizeof(struct sockaddr_in6));
1346
} else {
1347
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1348
sizeof(struct sockaddr_in));
1349
}
1350
if(ret < 0){
1351
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1352
and if_index != AVAHI_IF_UNSPEC
1353
and connect_to == NULL
1354
and not route_added and
1355
((af == AF_INET6 and not
1356
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1357
&to)->sin6_addr)))
1358
or (af == AF_INET and
1359
/* Not a a IPv4LL address */
1360
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1361
& 0xFFFF0000L) != 0xA9FE0000L))){
1362
/* Work around Avahi bug - Avahi does not announce link-local
1363
addresses if it has a global address, so local hosts with
1364
*only* a link-local address (e.g. Mandos clients) cannot
1365
connect to a Mandos server announced by Avahi on a server
1366
host with a global address. Work around this by retrying
1367
with an explicit route added with the server's address.
1368
1369
Avahi bug reference:
1370
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1371
https://bugs.debian.org/587961
1372
*/
1373
if(debug){
1374
fprintf_plus(stderr, "Mandos server unreachable, trying"
1375
" direct route\n");
1376
}
1377
int e = errno;
1378
route_added = add_local_route(ip, if_index);
1379
if(route_added){
1380
continue;
1381
}
1382
errno = e;
1383
}
1384
if(errno != ECONNREFUSED or debug){
1385
int e = errno;
1386
perror_plus("connect");
1387
errno = e;
1388
}
1389
goto mandos_end;
1390
}
1391
1392
if(quit_now){
1393
errno = EINTR;
1394
goto mandos_end;
1395
}
1396
break;
783
1397
}
784
1398
785
1399
const char *out = mandos_protocol_version;
936
1550
if(buffer_length > 0){
937
1551
ssize_t decrypted_buffer_size;
938
1552
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
939
&decrypted_buffer);
1553
&decrypted_buffer, mc);
940
1554
if(decrypted_buffer_size >= 0){
941
1555
1556
clearerr(stdout);
942
1557
written = 0;
943
1558
while(written < (size_t) decrypted_buffer_size){
944
1559
if(quit_now){
960
1575
}
961
1576
written += (size_t)ret;
962
1577
}
1578
ret = fflush(stdout);
1579
if(ret != 0){
1580
int e = errno;
1581
if(debug){
1582
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1583
strerror(errno));
1584
}
1585
errno = e;
1586
goto mandos_end;
1587
}
963
1588
retval = 0;
964
1589
}
965
1590
}
968
1593
969
1594
mandos_end:
970
1595
{
1596
if(route_added){
1597
if(not delete_local_route(ip, if_index)){
1598
fprintf_plus(stderr, "Failed to delete local route to %s on"
1599
" interface %d", ip, if_index);
1600
}
1601
}
971
1602
int e = errno;
972
1603
free(decrypted_buffer);
973
1604
free(buffer);
974
1605
if(tcp_sd >= 0){
975
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1606
ret = close(tcp_sd);
976
1607
}
977
1608
if(ret == -1){
978
1609
if(e == 0){
1003
1634
AVAHI_GCC_UNUSED AvahiStringList *txt,
1004
1635
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1005
1636
flags,
1006
AVAHI_GCC_UNUSED void* userdata){
1007
assert(r);
1637
void *mc){
1638
if(r == NULL){
1639
return;
1640
}
1008
1641
1009
1642
/* Called whenever a service has been resolved successfully or
1010
1643
timed out */
1011
1644
1012
1645
if(quit_now){
1646
avahi_s_service_resolver_free(r);
1013
1647
return;
1014
1648
}
1015
1649
1019
1653
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1020
1654
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1021
1655
domain,
1022
avahi_strerror(avahi_server_errno(mc.server)));
1656
avahi_strerror(avahi_server_errno
1657
(((mandos_context*)mc)->server)));
1023
1658
break;
1024
1659
1025
1660
case AVAHI_RESOLVER_FOUND:
1031
1666
PRIdMAX ") on port %" PRIu16 "\n", name,
1032
1667
host_name, ip, (intmax_t)interface, port);
1033
1668
}
1034
int ret = start_mandos_communication(ip, port, interface,
1035
avahi_proto_to_af(proto));
1669
int ret = start_mandos_communication(ip, (in_port_t)port,
1670
interface,
1671
avahi_proto_to_af(proto),
1672
mc);
1036
1673
if(ret == 0){
1037
avahi_simple_poll_quit(mc.simple_poll);
1674
avahi_simple_poll_quit(simple_poll);
1038
1675
} else {
1039
if(not add_server(ip, port, interface,
1040
avahi_proto_to_af(proto))){
1676
if(not add_server(ip, (in_port_t)port, interface,
1677
avahi_proto_to_af(proto),
1678
&((mandos_context*)mc)->current_server)){
1041
1679
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1042
1680
" list\n", name);
1043
1681
}
1056
1694
const char *domain,
1057
1695
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1058
1696
flags,
1059
AVAHI_GCC_UNUSED void* userdata){
1060
assert(b);
1697
void *mc){
1698
if(b == NULL){
1699
return;
1700
}
1061
1701
1062
1702
/* Called whenever a new services becomes available on the LAN or
1063
1703
is removed from the LAN */
1071
1711
case AVAHI_BROWSER_FAILURE:
1072
1712
1073
1713
fprintf_plus(stderr, "(Avahi browser) %s\n",
1074
avahi_strerror(avahi_server_errno(mc.server)));
1075
avahi_simple_poll_quit(mc.simple_poll);
1714
avahi_strerror(avahi_server_errno
1715
(((mandos_context*)mc)->server)));
1716
avahi_simple_poll_quit(simple_poll);
1076
1717
return;
1077
1718
1078
1719
case AVAHI_BROWSER_NEW:
1081
1722
the callback function is called the Avahi server will free the
1082
1723
resolver for us. */
1083
1724
1084
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
1085
name, type, domain, protocol, 0,
1086
resolve_callback, NULL) == NULL)
1725
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1726
interface, protocol, name, type,
1727
domain, protocol, 0,
1728
resolve_callback, mc) == NULL)
1087
1729
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1088
1730
" %s\n", name,
1089
avahi_strerror(avahi_server_errno(mc.server)));
1731
avahi_strerror(avahi_server_errno
1732
(((mandos_context*)mc)->server)));
1090
1733
break;
1091
1734
1092
1735
case AVAHI_BROWSER_REMOVE:
1111
1754
signal_received = sig;
1112
1755
int old_errno = errno;
1113
1756
/* set main loop to exit */
1114
if(mc.simple_poll != NULL){
1115
avahi_simple_poll_quit(mc.simple_poll);
1757
if(simple_poll != NULL){
1758
avahi_simple_poll_quit(simple_poll);
1116
1759
}
1117
1760
errno = old_errno;
1118
1761
}
1119
1762
1763
__attribute__((nonnull, warn_unused_result))
1120
1764
bool get_flags(const char *ifname, struct ifreq *ifr){
1121
1765
int ret;
1766
int old_errno;
1122
1767
1123
1768
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1124
1769
if(s < 0){
1770
old_errno = errno;
1125
1771
perror_plus("socket");
1772
errno = old_errno;
1126
1773
return false;
1127
1774
}
1128
strcpy(ifr->ifr_name, ifname);
1775
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1776
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1129
1777
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1130
1778
if(ret == -1){
1131
1779
if(debug){
1780
old_errno = errno;
1132
1781
perror_plus("ioctl SIOCGIFFLAGS");
1782
errno = old_errno;
1783
}
1784
if((close(s) == -1) and debug){
1785
old_errno = errno;
1786
perror_plus("close");
1787
errno = old_errno;
1133
1788
}
1134
1789
return false;
1135
1790
}
1791
if((close(s) == -1) and debug){
1792
old_errno = errno;
1793
perror_plus("close");
1794
errno = old_errno;
1795
}
1136
1796
return true;
1137
1797
}
1138
1798
1799
__attribute__((nonnull, warn_unused_result))
1139
1800
bool good_flags(const char *ifname, const struct ifreq *ifr){
1140
1801
1141
1802
/* Reject the loopback device */
1183
1844
* corresponds to an acceptable network device.
1184
1845
* (This function is passed to scandir(3) as a filter function.)
1185
1846
*/
1847
__attribute__((nonnull, warn_unused_result))
1186
1848
int good_interface(const struct dirent *if_entry){
1187
1849
if(if_entry->d_name[0] == '.'){
1188
1850
return 0;
1204
1866
}
1205
1867
1206
1868
/*
1207
* This function determines if a directory entry in /sys/class/net
1208
* corresponds to an acceptable network device which is up.
1209
* (This function is passed to scandir(3) as a filter function.)
1210
*/
1211
int up_interface(const struct dirent *if_entry){
1212
if(if_entry->d_name[0] == '.'){
1213
return 0;
1214
}
1215
1216
struct ifreq ifr;
1217
if(not get_flags(if_entry->d_name, &ifr)){
1218
if(debug){
1219
fprintf_plus(stderr, "Failed to get flags for interface "
1220
"\"%s\"\n", if_entry->d_name);
1221
}
1222
return 0;
1223
}
1224
1225
/* Reject down interfaces */
1226
if(not (ifr.ifr_flags & IFF_UP)){
1227
if(debug){
1228
fprintf_plus(stderr, "Rejecting down interface \"%s\"\n",
1229
if_entry->d_name);
1230
}
1231
return 0;
1232
}
1233
1234
/* Reject non-running interfaces */
1235
if(not (ifr.ifr_flags & IFF_RUNNING)){
1236
if(debug){
1237
fprintf_plus(stderr, "Rejecting non-running interface \"%s\"\n",
1238
if_entry->d_name);
1239
}
1240
return 0;
1241
}
1242
1243
if(not good_flags(if_entry->d_name, &ifr)){
1244
return 0;
1245
}
1246
return 1;
1247
}
1248
1869
* This function determines if a network interface is up.
1870
*/
1871
__attribute__((nonnull, warn_unused_result))
1872
bool interface_is_up(const char *interface){
1873
struct ifreq ifr;
1874
if(not get_flags(interface, &ifr)){
1875
if(debug){
1876
fprintf_plus(stderr, "Failed to get flags for interface "
1877
"\"%s\"\n", interface);
1878
}
1879
return false;
1880
}
1881
1882
return (bool)(ifr.ifr_flags & IFF_UP);
1883
}
1884
1885
/*
1886
* This function determines if a network interface is running
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1889
bool interface_is_running(const char *interface){
1890
struct ifreq ifr;
1891
if(not get_flags(interface, &ifr)){
1892
if(debug){
1893
fprintf_plus(stderr, "Failed to get flags for interface "
1894
"\"%s\"\n", interface);
1895
}
1896
return false;
1897
}
1898
1899
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1900
}
1901
1902
__attribute__((nonnull, pure, warn_unused_result))
1249
1903
int notdotentries(const struct dirent *direntry){
1250
1904
/* Skip "." and ".." */
1251
1905
if(direntry->d_name[0] == '.'
1258
1912
}
1259
1913
1260
1914
/* Is this directory entry a runnable program? */
1915
__attribute__((nonnull, warn_unused_result))
1261
1916
int runnable_hook(const struct dirent *direntry){
1262
1917
int ret;
1263
1918
size_t sret;
1271
1926
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1272
1927
"abcdefghijklmnopqrstuvwxyz"
1273
1928
"0123456789"
1274
"_-");
1929
"_.-");
1275
1930
if((direntry->d_name)[sret] != '\0'){
1276
1931
/* Contains non-allowed characters */
1277
1932
if(debug){
1281
1936
return 0;
1282
1937
}
1283
1938
1284
char *fullname = NULL;
1285
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1286
if(ret < 0){
1287
perror_plus("asprintf");
1288
return 0;
1289
}
1290
1291
ret = stat(fullname, &st);
1939
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1292
1940
if(ret == -1){
1293
1941
if(debug){
1294
1942
perror_plus("Could not stat hook");
1318
1966
return 1;
1319
1967
}
1320
1968
1321
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval){
1969
__attribute__((nonnull, warn_unused_result))
1970
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1971
mandos_context *mc){
1322
1972
int ret;
1323
1973
struct timespec now;
1324
1974
struct timespec waited_time;
1325
1975
intmax_t block_time;
1326
1976
1327
1977
while(true){
1328
if(mc.current_server == NULL){
1329
if (debug){
1978
if(mc->current_server == NULL){
1979
if(debug){
1330
1980
fprintf_plus(stderr, "Wait until first server is found."
1331
1981
" No timeout!\n");
1332
1982
}
1333
1983
ret = avahi_simple_poll_iterate(s, -1);
1334
1984
} else {
1335
if (debug){
1985
if(debug){
1336
1986
fprintf_plus(stderr, "Check current_server if we should run"
1337
1987
" it, or wait\n");
1338
1988
}
1345
1995
/* Calculating in ms how long time between now and server
1346
1996
who we visted longest time ago. Now - last seen. */
1347
1997
waited_time.tv_sec = (now.tv_sec
1348
- mc.current_server->last_seen.tv_sec);
1998
- mc->current_server->last_seen.tv_sec);
1349
1999
waited_time.tv_nsec = (now.tv_nsec
1350
- mc.current_server->last_seen.tv_nsec);
2000
- mc->current_server->last_seen.tv_nsec);
1351
2001
/* total time is 10s/10,000ms.
1352
2002
Converting to s from ms by dividing by 1,000,
1353
2003
and ns to ms by dividing by 1,000,000. */
1355
2005
- ((intmax_t)waited_time.tv_sec * 1000))
1356
2006
- ((intmax_t)waited_time.tv_nsec / 1000000));
1357
2007
1358
if (debug){
2008
if(debug){
1359
2009
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1360
2010
block_time);
1361
2011
}
1362
2012
1363
2013
if(block_time <= 0){
1364
ret = start_mandos_communication(mc.current_server->ip,
1365
mc.current_server->port,
1366
mc.current_server->if_index,
1367
mc.current_server->af);
2014
ret = start_mandos_communication(mc->current_server->ip,
2015
mc->current_server->port,
2016
mc->current_server->if_index,
2017
mc->current_server->af, mc);
1368
2018
if(ret == 0){
1369
avahi_simple_poll_quit(mc.simple_poll);
2019
avahi_simple_poll_quit(s);
1370
2020
return 0;
1371
2021
}
1372
2022
ret = clock_gettime(CLOCK_MONOTONIC,
1373
&mc.current_server->last_seen);
2023
&mc->current_server->last_seen);
1374
2024
if(ret == -1){
1375
2025
perror_plus("clock_gettime");
1376
2026
return -1;
1377
2027
}
1378
mc.current_server = mc.current_server->next;
2028
mc->current_server = mc->current_server->next;
1379
2029
block_time = 0; /* Call avahi to find new Mandos
1380
2030
servers, but don't block */
1381
2031
}
1383
2033
ret = avahi_simple_poll_iterate(s, (int)block_time);
1384
2034
}
1385
2035
if(ret != 0){
1386
if (ret > 0 or errno != EINTR){
2036
if(ret > 0 or errno != EINTR){
1387
2037
return (ret != 1) ? ret : 0;
1388
2038
}
1389
2039
}
1390
2040
}
1391
2041
}
1392
2042
1393
bool run_network_hooks(const char *mode, const char *interface,
2043
__attribute__((nonnull))
2044
void run_network_hooks(const char *mode, const char *interface,
1394
2045
const float delay){
1395
struct dirent **direntries;
1396
struct dirent *direntry;
1397
int ret;
1398
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1399
alphasort);
2046
struct dirent **direntries = NULL;
2047
if(hookdir_fd == -1){
2048
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2049
| O_CLOEXEC);
2050
if(hookdir_fd == -1){
2051
if(errno == ENOENT){
2052
if(debug){
2053
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2054
" found\n", hookdir);
2055
}
2056
} else {
2057
perror_plus("open");
2058
}
2059
return;
2060
}
2061
}
2062
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2063
if(devnull == -1){
2064
perror_plus("open(\"/dev/null\", O_RDONLY)");
2065
return;
2066
}
2067
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2068
runnable_hook, alphasort);
1400
2069
if(numhooks == -1){
1401
2070
perror_plus("scandir");
1402
} else {
1403
int devnull = open("/dev/null", O_RDONLY);
1404
for(int i = 0; i < numhooks; i++){
1405
direntry = direntries[i];
1406
char *fullname = NULL;
1407
ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1408
if(ret < 0){
2071
close(devnull);
2072
return;
2073
}
2074
struct dirent *direntry;
2075
int ret;
2076
for(int i = 0; i < numhooks; i++){
2077
direntry = direntries[i];
2078
if(debug){
2079
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2080
direntry->d_name);
2081
}
2082
pid_t hook_pid = fork();
2083
if(hook_pid == 0){
2084
/* Child */
2085
/* Raise privileges */
2086
errno = raise_privileges_permanently();
2087
if(errno != 0){
2088
perror_plus("Failed to raise privileges");
2089
_exit(EX_NOPERM);
2090
}
2091
/* Set group */
2092
errno = 0;
2093
ret = setgid(0);
2094
if(ret == -1){
2095
perror_plus("setgid");
2096
_exit(EX_NOPERM);
2097
}
2098
/* Reset supplementary groups */
2099
errno = 0;
2100
ret = setgroups(0, NULL);
2101
if(ret == -1){
2102
perror_plus("setgroups");
2103
_exit(EX_NOPERM);
2104
}
2105
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2106
if(ret == -1){
2107
perror_plus("setenv");
2108
_exit(EX_OSERR);
2109
}
2110
ret = setenv("DEVICE", interface, 1);
2111
if(ret == -1){
2112
perror_plus("setenv");
2113
_exit(EX_OSERR);
2114
}
2115
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2116
if(ret == -1){
2117
perror_plus("setenv");
2118
_exit(EX_OSERR);
2119
}
2120
ret = setenv("MODE", mode, 1);
2121
if(ret == -1){
2122
perror_plus("setenv");
2123
_exit(EX_OSERR);
2124
}
2125
char *delaystring;
2126
ret = asprintf(&delaystring, "%f", (double)delay);
2127
if(ret == -1){
1409
2128
perror_plus("asprintf");
1410
continue;
1411
}
1412
if(debug){
1413
fprintf_plus(stderr, "Running network hook \"%s\"\n",
1414
direntry->d_name);
1415
}
1416
pid_t hook_pid = fork();
1417
if(hook_pid == 0){
1418
/* Child */
1419
/* Raise privileges */
1420
errno = 0;
1421
ret = seteuid(0);
1422
if(ret == -1){
1423
perror_plus("seteuid");
1424
}
1425
/* Raise privileges even more */
1426
errno = 0;
1427
ret = setuid(0);
1428
if(ret == -1){
1429
perror_plus("setuid");
1430
}
1431
/* Set group */
1432
errno = 0;
1433
ret = setgid(0);
1434
if(ret == -1){
1435
perror_plus("setgid");
1436
}
1437
/* Reset supplementary groups */
1438
errno = 0;
1439
ret = setgroups(0, NULL);
1440
if(ret == -1){
1441
perror_plus("setgroups");
1442
}
1443
dup2(devnull, STDIN_FILENO);
1444
close(devnull);
1445
dup2(STDERR_FILENO, STDOUT_FILENO);
1446
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1447
if(ret == -1){
1448
perror_plus("setenv");
1449
_exit(EX_OSERR);
1450
}
1451
ret = setenv("DEVICE", interface, 1);
1452
if(ret == -1){
1453
perror_plus("setenv");
1454
_exit(EX_OSERR);
1455
}
1456
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
1457
if(ret == -1){
1458
perror_plus("setenv");
1459
_exit(EX_OSERR);
1460
}
1461
ret = setenv("MODE", mode, 1);
1462
if(ret == -1){
1463
perror_plus("setenv");
1464
_exit(EX_OSERR);
1465
}
1466
char *delaystring;
1467
ret = asprintf(&delaystring, "%f", delay);
1468
if(ret == -1){
1469
perror_plus("asprintf");
1470
_exit(EX_OSERR);
1471
}
1472
ret = setenv("DELAY", delaystring, 1);
1473
if(ret == -1){
1474
free(delaystring);
1475
perror_plus("setenv");
1476
_exit(EX_OSERR);
1477
}
2129
_exit(EX_OSERR);
2130
}
2131
ret = setenv("DELAY", delaystring, 1);
2132
if(ret == -1){
1478
2133
free(delaystring);
1479
if(connect_to != NULL){
1480
ret = setenv("CONNECT", connect_to, 1);
1481
if(ret == -1){
1482
perror_plus("setenv");
1483
_exit(EX_OSERR);
1484
}
1485
}
1486
if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1487
perror_plus("execl");
1488
_exit(EXIT_FAILURE);
1489
}
1490
} else {
1491
int status;
1492
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1493
perror_plus("waitpid");
1494
free(fullname);
1495
continue;
1496
}
1497
if(WIFEXITED(status)){
1498
if(WEXITSTATUS(status) != 0){
1499
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1500
" with status %d\n", direntry->d_name,
1501
WEXITSTATUS(status));
1502
free(fullname);
1503
continue;
1504
}
1505
} else if(WIFSIGNALED(status)){
1506
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1507
" signal %d\n", direntry->d_name,
1508
WTERMSIG(status));
1509
free(fullname);
1510
continue;
1511
} else {
1512
fprintf_plus(stderr, "Warning: network hook \"%s\""
1513
" crashed\n", direntry->d_name);
1514
free(fullname);
1515
continue;
1516
}
1517
}
1518
free(fullname);
1519
if(debug){
1520
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1521
direntry->d_name);
1522
}
1523
}
1524
close(devnull);
1525
}
1526
return true;
2134
perror_plus("setenv");
2135
_exit(EX_OSERR);
2136
}
2137
free(delaystring);
2138
if(connect_to != NULL){
2139
ret = setenv("CONNECT", connect_to, 1);
2140
if(ret == -1){
2141
perror_plus("setenv");
2142
_exit(EX_OSERR);
2143
}
2144
}
2145
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2146
direntry->d_name,
2147
O_RDONLY));
2148
if(hook_fd == -1){
2149
perror_plus("openat");
2150
_exit(EXIT_FAILURE);
2151
}
2152
if(close(hookdir_fd) == -1){
2153
perror_plus("close");
2154
_exit(EXIT_FAILURE);
2155
}
2156
ret = dup2(devnull, STDIN_FILENO);
2157
if(ret == -1){
2158
perror_plus("dup2(devnull, STDIN_FILENO)");
2159
_exit(EX_OSERR);
2160
}
2161
ret = close(devnull);
2162
if(ret == -1){
2163
perror_plus("close");
2164
_exit(EX_OSERR);
2165
}
2166
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2167
if(ret == -1){
2168
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2169
_exit(EX_OSERR);
2170
}
2171
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2172
environ) == -1){
2173
perror_plus("fexecve");
2174
_exit(EXIT_FAILURE);
2175
}
2176
} else {
2177
if(hook_pid == -1){
2178
perror_plus("fork");
2179
free(direntry);
2180
continue;
2181
}
2182
int status;
2183
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2184
perror_plus("waitpid");
2185
free(direntry);
2186
continue;
2187
}
2188
if(WIFEXITED(status)){
2189
if(WEXITSTATUS(status) != 0){
2190
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2191
" with status %d\n", direntry->d_name,
2192
WEXITSTATUS(status));
2193
free(direntry);
2194
continue;
2195
}
2196
} else if(WIFSIGNALED(status)){
2197
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2198
" signal %d\n", direntry->d_name,
2199
WTERMSIG(status));
2200
free(direntry);
2201
continue;
2202
} else {
2203
fprintf_plus(stderr, "Warning: network hook \"%s\""
2204
" crashed\n", direntry->d_name);
2205
free(direntry);
2206
continue;
2207
}
2208
}
2209
if(debug){
2210
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2211
direntry->d_name);
2212
}
2213
free(direntry);
2214
}
2215
free(direntries);
2216
if(close(hookdir_fd) == -1){
2217
perror_plus("close");
2218
} else {
2219
hookdir_fd = -1;
2220
}
2221
close(devnull);
2222
}
2223
2224
__attribute__((nonnull, warn_unused_result))
2225
int bring_up_interface(const char *const interface,
2226
const float delay){
2227
int old_errno = errno;
2228
int ret;
2229
struct ifreq network;
2230
unsigned int if_index = if_nametoindex(interface);
2231
if(if_index == 0){
2232
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2233
errno = old_errno;
2234
return ENXIO;
2235
}
2236
2237
if(quit_now){
2238
errno = old_errno;
2239
return EINTR;
2240
}
2241
2242
if(not interface_is_up(interface)){
2243
int ret_errno = 0;
2244
int ioctl_errno = 0;
2245
if(not get_flags(interface, &network)){
2246
ret_errno = errno;
2247
fprintf_plus(stderr, "Failed to get flags for interface "
2248
"\"%s\"\n", interface);
2249
errno = old_errno;
2250
return ret_errno;
2251
}
2252
network.ifr_flags |= IFF_UP; /* set flag */
2253
2254
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2255
if(sd == -1){
2256
ret_errno = errno;
2257
perror_plus("socket");
2258
errno = old_errno;
2259
return ret_errno;
2260
}
2261
2262
if(quit_now){
2263
ret = close(sd);
2264
if(ret == -1){
2265
perror_plus("close");
2266
}
2267
errno = old_errno;
2268
return EINTR;
2269
}
2270
2271
if(debug){
2272
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2273
interface);
2274
}
2275
2276
/* Raise privileges */
2277
ret_errno = raise_privileges();
2278
if(ret_errno != 0){
2279
errno = ret_errno;
2280
perror_plus("Failed to raise privileges");
2281
}
2282
2283
#ifdef __linux__
2284
int ret_linux;
2285
bool restore_loglevel = false;
2286
if(ret_errno == 0){
2287
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2288
messages about the network interface to mess up the prompt */
2289
ret_linux = klogctl(8, NULL, 5);
2290
if(ret_linux == -1){
2291
perror_plus("klogctl");
2292
} else {
2293
restore_loglevel = true;
2294
}
2295
}
2296
#endif /* __linux__ */
2297
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2298
ioctl_errno = errno;
2299
#ifdef __linux__
2300
if(restore_loglevel){
2301
ret_linux = klogctl(7, NULL, 0);
2302
if(ret_linux == -1){
2303
perror_plus("klogctl");
2304
}
2305
}
2306
#endif /* __linux__ */
2307
2308
/* If raise_privileges() succeeded above */
2309
if(ret_errno == 0){
2310
/* Lower privileges */
2311
ret_errno = lower_privileges();
2312
if(ret_errno != 0){
2313
errno = ret_errno;
2314
perror_plus("Failed to lower privileges");
2315
}
2316
}
2317
2318
/* Close the socket */
2319
ret = close(sd);
2320
if(ret == -1){
2321
perror_plus("close");
2322
}
2323
2324
if(ret_setflags == -1){
2325
errno = ioctl_errno;
2326
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2327
errno = old_errno;
2328
return ioctl_errno;
2329
}
2330
} else if(debug){
2331
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2332
interface);
2333
}
2334
2335
/* Sleep checking until interface is running.
2336
Check every 0.25s, up to total time of delay */
2337
for(int i = 0; i < delay * 4; i++){
2338
if(interface_is_running(interface)){
2339
break;
2340
}
2341
struct timespec sleeptime = { .tv_nsec = 250000000 };
2342
ret = nanosleep(&sleeptime, NULL);
2343
if(ret == -1 and errno != EINTR){
2344
perror_plus("nanosleep");
2345
}
2346
}
2347
2348
errno = old_errno;
2349
return 0;
2350
}
2351
2352
__attribute__((nonnull, warn_unused_result))
2353
int take_down_interface(const char *const interface){
2354
int old_errno = errno;
2355
struct ifreq network;
2356
unsigned int if_index = if_nametoindex(interface);
2357
if(if_index == 0){
2358
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2359
errno = old_errno;
2360
return ENXIO;
2361
}
2362
if(interface_is_up(interface)){
2363
int ret_errno = 0;
2364
int ioctl_errno = 0;
2365
if(not get_flags(interface, &network) and debug){
2366
ret_errno = errno;
2367
fprintf_plus(stderr, "Failed to get flags for interface "
2368
"\"%s\"\n", interface);
2369
errno = old_errno;
2370
return ret_errno;
2371
}
2372
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2373
2374
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2375
if(sd == -1){
2376
ret_errno = errno;
2377
perror_plus("socket");
2378
errno = old_errno;
2379
return ret_errno;
2380
}
2381
2382
if(debug){
2383
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2384
interface);
2385
}
2386
2387
/* Raise privileges */
2388
ret_errno = raise_privileges();
2389
if(ret_errno != 0){
2390
errno = ret_errno;
2391
perror_plus("Failed to raise privileges");
2392
}
2393
2394
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2395
ioctl_errno = errno;
2396
2397
/* If raise_privileges() succeeded above */
2398
if(ret_errno == 0){
2399
/* Lower privileges */
2400
ret_errno = lower_privileges();
2401
if(ret_errno != 0){
2402
errno = ret_errno;
2403
perror_plus("Failed to lower privileges");
2404
}
2405
}
2406
2407
/* Close the socket */
2408
int ret = close(sd);
2409
if(ret == -1){
2410
perror_plus("close");
2411
}
2412
2413
if(ret_setflags == -1){
2414
errno = ioctl_errno;
2415
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2416
errno = old_errno;
2417
return ioctl_errno;
2418
}
2419
} else if(debug){
2420
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2421
interface);
2422
}
2423
2424
errno = old_errno;
2425
return 0;
1527
2426
}
1528
2427
1529
2428
int main(int argc, char *argv[]){
2429
mandos_context mc = { .server = NULL, .dh_bits = 0,
2430
.priority = "SECURE256:!CTYPE-X.509"
2431
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2432
.current_server = NULL, .interfaces = NULL,
2433
.interfaces_size = 0 };
1530
2434
AvahiSServiceBrowser *sb = NULL;
1531
int error;
2435
error_t ret_errno;
1532
2436
int ret;
1533
2437
intmax_t tmpmax;
1534
2438
char *tmp;
1535
2439
int exitcode = EXIT_SUCCESS;
1536
const char *interface = "";
1537
struct ifreq network;
1538
int sd = -1;
1539
bool take_down_interface = false;
1540
uid_t uid;
1541
gid_t gid;
1542
char tempdir[] = "/tmp/mandosXXXXXX";
1543
bool tempdir_created = false;
2440
char *interfaces_to_take_down = NULL;
2441
size_t interfaces_to_take_down_size = 0;
2442
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2443
char old_tempdir[] = "/tmp/mandosXXXXXX";
2444
char *tempdir = NULL;
1544
2445
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1545
2446
const char *seckey = PATHDIR "/" SECKEY;
1546
2447
const char *pubkey = PATHDIR "/" PUBKEY;
2448
const char *dh_params_file = NULL;
2449
char *interfaces_hooks = NULL;
1547
2450
1548
2451
bool gnutls_initialized = false;
1549
2452
bool gpgme_initialized = false;
1601
2504
.doc = "Bit length of the prime number used in the"
1602
2505
" Diffie-Hellman key exchange",
1603
2506
.group = 2 },
2507
{ .name = "dh-params", .key = 134,
2508
.arg = "FILE",
2509
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2510
" for the Diffie-Hellman key exchange",
2511
.group = 2 },
1604
2512
{ .name = "priority", .key = 130,
1605
2513
.arg = "STRING",
1606
2514
.doc = "GnuTLS priority string for the TLS handshake",
1640
2548
connect_to = arg;
1641
2549
break;
1642
2550
case 'i': /* --interface */
1643
interface = arg;
2551
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2552
arg, (int)',');
2553
if(ret_errno != 0){
2554
argp_error(state, "%s", strerror(ret_errno));
2555
}
1644
2556
break;
1645
2557
case 's': /* --seckey */
1646
2558
seckey = arg;
1657
2569
}
1658
2570
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1659
2571
break;
2572
case 134: /* --dh-params */
2573
dh_params_file = arg;
2574
break;
1660
2575
case 130: /* --priority */
1661
2576
mc.priority = arg;
1662
2577
break;
1702
2617
.args_doc = "",
1703
2618
.doc = "Mandos client -- Get and decrypt"
1704
2619
" passwords from a Mandos server" };
1705
ret = argp_parse(&argp, argc, argv,
1706
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1707
switch(ret){
2620
ret_errno = argp_parse(&argp, argc, argv,
2621
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2622
switch(ret_errno){
1708
2623
case 0:
1709
2624
break;
1710
2625
case ENOMEM:
1711
2626
default:
1712
errno = ret;
2627
errno = ret_errno;
1713
2628
perror_plus("argp_parse");
1714
2629
exitcode = EX_OSERR;
1715
2630
goto end;
1718
2633
goto end;
1719
2634
}
1720
2635
}
1721
2636
1722
2637
{
1723
2638
/* Work around Debian bug #633582:
1724
<http://bugs.debian.org/633582> */
2639
<https://bugs.debian.org/633582> */
1725
2640
1726
/* Re-raise priviliges */
1727
errno = 0;
1728
ret = seteuid(0);
1729
if(ret == -1){
1730
perror_plus("seteuid");
2641
/* Re-raise privileges */
2642
ret = raise_privileges();
2643
if(ret != 0){
2644
errno = ret;
2645
perror_plus("Failed to raise privileges");
1731
2646
} else {
1732
2647
struct stat st;
1733
2648
1748
2663
}
1749
2664
}
1750
2665
}
1751
TEMP_FAILURE_RETRY(close(seckey_fd));
2666
close(seckey_fd);
1752
2667
}
1753
2668
}
1754
2669
1755
2670
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
1756
2671
int pubkey_fd = open(pubkey, O_RDONLY);
1757
2672
if(pubkey_fd == -1){
1769
2684
}
1770
2685
}
1771
2686
}
1772
TEMP_FAILURE_RETRY(close(pubkey_fd));
1773
}
1774
}
1775
2687
close(pubkey_fd);
2688
}
2689
}
2690
2691
if(dh_params_file != NULL
2692
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2693
int dhparams_fd = open(dh_params_file, O_RDONLY);
2694
if(dhparams_fd == -1){
2695
perror_plus("open");
2696
} else {
2697
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2698
if(ret == -1){
2699
perror_plus("fstat");
2700
} else {
2701
if(S_ISREG(st.st_mode)
2702
and st.st_uid == 0 and st.st_gid == 0){
2703
ret = fchown(dhparams_fd, uid, gid);
2704
if(ret == -1){
2705
perror_plus("fchown");
2706
}
2707
}
2708
}
2709
close(dhparams_fd);
2710
}
2711
}
2712
1776
2713
/* Lower privileges */
1777
errno = 0;
1778
ret = seteuid(uid);
1779
if(ret == -1){
1780
perror_plus("seteuid");
2714
ret = lower_privileges();
2715
if(ret != 0){
2716
errno = ret;
2717
perror_plus("Failed to lower privileges");
2718
}
2719
}
2720
}
2721
2722
/* Remove invalid interface names (except "none") */
2723
{
2724
char *interface = NULL;
2725
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2726
interface))){
2727
if(strcmp(interface, "none") != 0
2728
and if_nametoindex(interface) == 0){
2729
if(interface[0] != '\0'){
2730
fprintf_plus(stderr, "Not using nonexisting interface"
2731
" \"%s\"\n", interface);
2732
}
2733
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2734
interface = NULL;
1781
2735
}
1782
2736
}
1783
2737
}
1784
2738
1785
2739
/* Run network hooks */
1786
if(not run_network_hooks("start", interface, delay)){
1787
goto end;
2740
{
2741
if(mc.interfaces != NULL){
2742
interfaces_hooks = malloc(mc.interfaces_size);
2743
if(interfaces_hooks == NULL){
2744
perror_plus("malloc");
2745
goto end;
2746
}
2747
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2748
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2749
}
2750
run_network_hooks("start", interfaces_hooks != NULL ?
2751
interfaces_hooks : "", delay);
1788
2752
}
1789
2753
1790
2754
if(not debug){
1791
2755
avahi_set_log_function(empty_log);
1792
2756
}
1793
2757
1794
if(interface[0] == '\0'){
1795
struct dirent **direntries;
1796
/* First look for interfaces that are up */
1797
ret = scandir(sys_class_net, &direntries, up_interface,
1798
alphasort);
1799
if(ret == 0){
1800
/* No up interfaces, look for any good interfaces */
1801
free(direntries);
1802
ret = scandir(sys_class_net, &direntries, good_interface,
1803
alphasort);
1804
}
1805
if(ret >= 1){
1806
/* Pick the first interface returned */
1807
interface = strdup(direntries[0]->d_name);
1808
if(debug){
1809
fprintf_plus(stderr, "Using interface \"%s\"\n", interface);
1810
}
1811
if(interface == NULL){
1812
perror_plus("malloc");
1813
free(direntries);
1814
exitcode = EXIT_FAILURE;
1815
goto end;
1816
}
1817
free(direntries);
1818
} else {
1819
free(direntries);
1820
fprintf_plus(stderr, "Could not find a network interface\n");
1821
exitcode = EXIT_FAILURE;
1822
goto end;
1823
}
1824
}
1825
1826
2758
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
1827
2759
from the signal handler */
1828
2760
/* Initialize the pseudo-RNG for Avahi */
1829
2761
srand((unsigned int) time(NULL));
1830
mc.simple_poll = avahi_simple_poll_new();
1831
if(mc.simple_poll == NULL){
2762
simple_poll = avahi_simple_poll_new();
2763
if(simple_poll == NULL){
1832
2764
fprintf_plus(stderr,
1833
2765
"Avahi: Failed to create simple poll object.\n");
1834
2766
exitcode = EX_UNAVAILABLE;
1898
2830
}
1899
2831
}
1900
2832
1901
/* If the interface is down, bring it up */
1902
if(strcmp(interface, "none") != 0){
1903
if_index = (AvahiIfIndex) if_nametoindex(interface);
1904
if(if_index == 0){
1905
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1906
exitcode = EX_UNAVAILABLE;
1907
goto end;
1908
}
1909
1910
if(quit_now){
1911
goto end;
1912
}
1913
1914
/* Re-raise priviliges */
1915
errno = 0;
1916
ret = seteuid(0);
1917
if(ret == -1){
1918
perror_plus("seteuid");
1919
}
1920
1921
#ifdef __linux__
1922
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1923
messages about the network interface to mess up the prompt */
1924
ret = klogctl(8, NULL, 5);
1925
bool restore_loglevel = true;
1926
if(ret == -1){
1927
restore_loglevel = false;
1928
perror_plus("klogctl");
1929
}
1930
#endif /* __linux__ */
1931
1932
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1933
if(sd < 0){
1934
perror_plus("socket");
1935
exitcode = EX_OSERR;
1936
#ifdef __linux__
1937
if(restore_loglevel){
1938
ret = klogctl(7, NULL, 0);
1939
if(ret == -1){
1940
perror_plus("klogctl");
1941
}
1942
}
1943
#endif /* __linux__ */
1944
/* Lower privileges */
1945
errno = 0;
1946
ret = seteuid(uid);
1947
if(ret == -1){
1948
perror_plus("seteuid");
1949
}
1950
goto end;
1951
}
1952
strcpy(network.ifr_name, interface);
1953
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1954
if(ret == -1){
1955
perror_plus("ioctl SIOCGIFFLAGS");
1956
#ifdef __linux__
1957
if(restore_loglevel){
1958
ret = klogctl(7, NULL, 0);
1959
if(ret == -1){
1960
perror_plus("klogctl");
1961
}
1962
}
1963
#endif /* __linux__ */
1964
exitcode = EX_OSERR;
1965
/* Lower privileges */
1966
errno = 0;
1967
ret = seteuid(uid);
1968
if(ret == -1){
1969
perror_plus("seteuid");
1970
}
1971
goto end;
1972
}
1973
if((network.ifr_flags & IFF_UP) == 0){
1974
network.ifr_flags |= IFF_UP;
1975
take_down_interface = true;
1976
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1977
if(ret == -1){
1978
take_down_interface = false;
1979
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
1980
exitcode = EX_OSERR;
1981
#ifdef __linux__
1982
if(restore_loglevel){
1983
ret = klogctl(7, NULL, 0);
1984
if(ret == -1){
1985
perror_plus("klogctl");
2833
/* If no interfaces were specified, make a list */
2834
if(mc.interfaces == NULL){
2835
struct dirent **direntries = NULL;
2836
/* Look for any good interfaces */
2837
ret = scandir(sys_class_net, &direntries, good_interface,
2838
alphasort);
2839
if(ret >= 1){
2840
/* Add all found interfaces to interfaces list */
2841
for(int i = 0; i < ret; ++i){
2842
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2843
direntries[i]->d_name);
2844
if(ret_errno != 0){
2845
errno = ret_errno;
2846
perror_plus("argz_add");
2847
free(direntries[i]);
2848
continue;
2849
}
2850
if(debug){
2851
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2852
direntries[i]->d_name);
2853
}
2854
free(direntries[i]);
2855
}
2856
free(direntries);
2857
} else {
2858
if(ret == 0){
2859
free(direntries);
2860
}
2861
fprintf_plus(stderr, "Could not find a network interface\n");
2862
exitcode = EXIT_FAILURE;
2863
goto end;
2864
}
2865
}
2866
2867
/* Bring up interfaces which are down, and remove any "none"s */
2868
{
2869
char *interface = NULL;
2870
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2871
interface))){
2872
/* If interface name is "none", stop bringing up interfaces.
2873
Also remove all instances of "none" from the list */
2874
if(strcmp(interface, "none") == 0){
2875
argz_delete(&mc.interfaces, &mc.interfaces_size,
2876
interface);
2877
interface = NULL;
2878
while((interface = argz_next(mc.interfaces,
2879
mc.interfaces_size, interface))){
2880
if(strcmp(interface, "none") == 0){
2881
argz_delete(&mc.interfaces, &mc.interfaces_size,
2882
interface);
2883
interface = NULL;
1986
2884
}
1987
2885
}
1988
#endif /* __linux__ */
1989
/* Lower privileges */
1990
errno = 0;
1991
ret = seteuid(uid);
1992
if(ret == -1){
1993
perror_plus("seteuid");
1994
}
1995
goto end;
1996
}
1997
}
1998
/* Sleep checking until interface is running.
1999
Check every 0.25s, up to total time of delay */
2000
for(int i=0; i < delay * 4; i++){
2001
ret = ioctl(sd, SIOCGIFFLAGS, &network);
2002
if(ret == -1){
2003
perror_plus("ioctl SIOCGIFFLAGS");
2004
} else if(network.ifr_flags & IFF_RUNNING){
2005
2886
break;
2006
2887
}
2007
struct timespec sleeptime = { .tv_nsec = 250000000 };
2008
ret = nanosleep(&sleeptime, NULL);
2009
if(ret == -1 and errno != EINTR){
2010
perror_plus("nanosleep");
2011
}
2012
}
2013
if(not take_down_interface){
2014
/* We won't need the socket anymore */
2015
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2016
if(ret == -1){
2017
perror_plus("close");
2018
}
2019
}
2020
#ifdef __linux__
2021
if(restore_loglevel){
2022
/* Restores kernel loglevel to default */
2023
ret = klogctl(7, NULL, 0);
2024
if(ret == -1){
2025
perror_plus("klogctl");
2026
}
2027
}
2028
#endif /* __linux__ */
2029
/* Lower privileges */
2030
errno = 0;
2031
/* Lower privileges */
2032
ret = seteuid(uid);
2033
if(ret == -1){
2034
perror_plus("seteuid");
2035
}
2888
bool interface_was_up = interface_is_up(interface);
2889
errno = bring_up_interface(interface, delay);
2890
if(not interface_was_up){
2891
if(errno != 0){
2892
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2893
" %s\n", interface, strerror(errno));
2894
} else {
2895
errno = argz_add(&interfaces_to_take_down,
2896
&interfaces_to_take_down_size,
2897
interface);
2898
if(errno != 0){
2899
perror_plus("argz_add");
2900
}
2901
}
2902
}
2903
}
2904
if(debug and (interfaces_to_take_down == NULL)){
2905
fprintf_plus(stderr, "No interfaces were brought up\n");
2906
}
2907
}
2908
2909
/* If we only got one interface, explicitly use only that one */
2910
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2911
if(debug){
2912
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2913
mc.interfaces);
2914
}
2915
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2036
2916
}
2037
2917
2038
2918
if(quit_now){
2039
2919
goto end;
2040
2920
}
2041
2921
2042
ret = init_gnutls_global(pubkey, seckey);
2922
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2043
2923
if(ret == -1){
2044
2924
fprintf_plus(stderr, "init_gnutls_global failed\n");
2045
2925
exitcode = EX_UNAVAILABLE;
2052
2932
goto end;
2053
2933
}
2054
2934
2055
if(mkdtemp(tempdir) == NULL){
2935
/* Try /run/tmp before /tmp */
2936
tempdir = mkdtemp(run_tempdir);
2937
if(tempdir == NULL and errno == ENOENT){
2938
if(debug){
2939
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2940
run_tempdir, old_tempdir);
2941
}
2942
tempdir = mkdtemp(old_tempdir);
2943
}
2944
if(tempdir == NULL){
2056
2945
perror_plus("mkdtemp");
2057
2946
goto end;
2058
2947
}
2059
tempdir_created = true;
2060
2948
2061
2949
if(quit_now){
2062
2950
goto end;
2063
2951
}
2064
2952
2065
if(not init_gpgme(pubkey, seckey, tempdir)){
2953
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2066
2954
fprintf_plus(stderr, "init_gpgme failed\n");
2067
2955
exitcode = EX_UNAVAILABLE;
2068
2956
goto end;
2078
2966
/* Connect directly, do not use Zeroconf */
2079
2967
/* (Mainly meant for debugging) */
2080
2968
char *address = strrchr(connect_to, ':');
2969
2081
2970
if(address == NULL){
2082
2971
fprintf_plus(stderr, "No colon in address\n");
2083
2972
exitcode = EX_USAGE;
2088
2977
goto end;
2089
2978
}
2090
2979
2091
uint16_t port;
2980
in_port_t port;
2092
2981
errno = 0;
2093
2982
tmpmax = strtoimax(address+1, &tmp, 10);
2094
2983
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2095
or tmpmax != (uint16_t)tmpmax){
2984
or tmpmax != (in_port_t)tmpmax){
2096
2985
fprintf_plus(stderr, "Bad port number\n");
2097
2986
exitcode = EX_USAGE;
2098
2987
goto end;
2099
2988
}
2100
2989
2101
2990
if(quit_now){
2102
2991
goto end;
2103
2992
}
2104
2993
2105
port = (uint16_t)tmpmax;
2994
port = (in_port_t)tmpmax;
2106
2995
*address = '\0';
2107
2996
/* Colon in address indicates IPv6 */
2108
2997
int af;
2124
3013
}
2125
3014
2126
3015
while(not quit_now){
2127
ret = start_mandos_communication(address, port, if_index, af);
3016
ret = start_mandos_communication(address, port, if_index, af,
3017
&mc);
2128
3018
if(quit_now or ret == 0){
2129
3019
break;
2130
3020
}
2132
3022
fprintf_plus(stderr, "Retrying in %d seconds\n",
2133
3023
(int)retry_interval);
2134
3024
}
2135
sleep((int)retry_interval);
3025
sleep((unsigned int)retry_interval);
2136
3026
}
2137
3027
2138
if (not quit_now){
3028
if(not quit_now){
2139
3029
exitcode = EXIT_SUCCESS;
2140
3030
}
2141
3031
2156
3046
config.publish_domain = 0;
2157
3047
2158
3048
/* Allocate a new server */
2159
mc.server = avahi_server_new(avahi_simple_poll_get
2160
(mc.simple_poll), &config, NULL,
2161
NULL, &error);
3049
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3050
&config, NULL, NULL, &ret);
2162
3051
2163
3052
/* Free the Avahi configuration data */
2164
3053
avahi_server_config_free(&config);
2167
3056
/* Check if creating the Avahi server object succeeded */
2168
3057
if(mc.server == NULL){
2169
3058
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2170
avahi_strerror(error));
3059
avahi_strerror(ret));
2171
3060
exitcode = EX_UNAVAILABLE;
2172
3061
goto end;
2173
3062
}
2179
3068
/* Create the Avahi service browser */
2180
3069
sb = avahi_s_service_browser_new(mc.server, if_index,
2181
3070
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
2182
NULL, 0, browse_callback, NULL);
3071
NULL, 0, browse_callback,
3072
(void *)&mc);
2183
3073
if(sb == NULL){
2184
3074
fprintf_plus(stderr, "Failed to create service browser: %s\n",
2185
3075
avahi_strerror(avahi_server_errno(mc.server)));
2196
3086
if(debug){
2197
3087
fprintf_plus(stderr, "Starting Avahi loop search\n");
2198
3088
}
2199
2200
ret = avahi_loop_with_timeout(mc.simple_poll,
2201
(int)(retry_interval * 1000));
3089
3090
ret = avahi_loop_with_timeout(simple_poll,
3091
(int)(retry_interval * 1000), &mc);
2202
3092
if(debug){
2203
3093
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
2204
3094
(ret == 0) ? "successfully" : "with error");
2207
3097
end:
2208
3098
2209
3099
if(debug){
2210
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3100
if(signal_received){
3101
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3102
argv[0], signal_received,
3103
strsignal(signal_received));
3104
} else {
3105
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3106
}
2211
3107
}
2212
3108
2213
3109
/* Cleanup things */
3110
free(mc.interfaces);
3111
2214
3112
if(sb != NULL)
2215
3113
avahi_s_service_browser_free(sb);
2216
3114
2217
3115
if(mc.server != NULL)
2218
3116
avahi_server_free(mc.server);
2219
3117
2220
if(mc.simple_poll != NULL)
2221
avahi_simple_poll_free(mc.simple_poll);
3118
if(simple_poll != NULL)
3119
avahi_simple_poll_free(simple_poll);
2222
3120
2223
3121
if(gnutls_initialized){
2224
3122
gnutls_certificate_free_credentials(mc.cred);
2225
gnutls_global_deinit();
2226
3123
gnutls_dh_params_deinit(mc.dh_params);
2227
3124
}
2228
3125
2236
3133
mc.current_server->prev->next = NULL;
2237
3134
while(mc.current_server != NULL){
2238
3135
server *next = mc.current_server->next;
3136
#ifdef __GNUC__
3137
#pragma GCC diagnostic push
3138
#pragma GCC diagnostic ignored "-Wcast-qual"
3139
#endif
3140
free((char *)(mc.current_server->ip));
3141
#ifdef __GNUC__
3142
#pragma GCC diagnostic pop
3143
#endif
2239
3144
free(mc.current_server);
2240
3145
mc.current_server = next;
2241
3146
}
2242
3147
}
2243
3148
2244
/* Run network hooks */
2245
run_network_hooks("stop", interface, delay);
2246
2247
/* Re-raise priviliges */
3149
/* Re-raise privileges */
2248
3150
{
2249
errno = 0;
2250
ret = seteuid(0);
2251
if(ret == -1){
2252
perror_plus("seteuid");
3151
ret = raise_privileges();
3152
if(ret != 0){
3153
errno = ret;
3154
perror_plus("Failed to raise privileges");
3155
} else {
3156
3157
/* Run network hooks */
3158
run_network_hooks("stop", interfaces_hooks != NULL ?
3159
interfaces_hooks : "", delay);
3160
3161
/* Take down the network interfaces which were brought up */
3162
{
3163
char *interface = NULL;
3164
while((interface = argz_next(interfaces_to_take_down,
3165
interfaces_to_take_down_size,
3166
interface))){
3167
ret = take_down_interface(interface);
3168
if(ret != 0){
3169
errno = ret;
3170
perror_plus("Failed to take down interface");
3171
}
3172
}
3173
if(debug and (interfaces_to_take_down == NULL)){
3174
fprintf_plus(stderr, "No interfaces needed to be taken"
3175
" down\n");
3176
}
3177
}
2253
3178
}
2254
3179
2255
/* Take down the network interface */
2256
if(take_down_interface and geteuid() == 0){
2257
ret = ioctl(sd, SIOCGIFFLAGS, &network);
2258
if(ret == -1){
2259
perror_plus("ioctl SIOCGIFFLAGS");
2260
} else if(network.ifr_flags & IFF_UP){
2261
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2262
ret = ioctl(sd, SIOCSIFFLAGS, &network);
2263
if(ret == -1){
2264
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2265
}
2266
}
2267
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2268
if(ret == -1){
2269
perror_plus("close");
2270
}
3180
ret = lower_privileges_permanently();
3181
if(ret != 0){
3182
errno = ret;
3183
perror_plus("Failed to lower privileges permanently");
2271
3184
}
2272
3185
}
2273
/* Lower privileges permanently */
2274
errno = 0;
2275
ret = setuid(uid);
2276
if(ret == -1){
2277
perror_plus("setuid");
3186
3187
free(interfaces_to_take_down);
3188
free(interfaces_hooks);
3189
3190
void clean_dir_at(int base, const char * const dirname,
3191
uintmax_t level){
3192
struct dirent **direntries = NULL;
3193
int dret;
3194
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3195
O_RDONLY
3196
| O_NOFOLLOW
3197
| O_DIRECTORY
3198
| O_PATH));
3199
if(dir_fd == -1){
3200
perror_plus("open");
3201
return;
3202
}
3203
int numentries = scandirat(dir_fd, ".", &direntries,
3204
notdotentries, alphasort);
3205
if(numentries >= 0){
3206
for(int i = 0; i < numentries; i++){
3207
if(debug){
3208
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3209
dirname, direntries[i]->d_name);
3210
}
3211
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3212
if(dret == -1){
3213
if(errno == EISDIR){
3214
dret = unlinkat(dir_fd, direntries[i]->d_name,
3215
AT_REMOVEDIR);
3216
}
3217
if((dret == -1) and (errno == ENOTEMPTY)
3218
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3219
== 0) and (level == 0)){
3220
/* Recurse only in this special case */
3221
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3222
dret = 0;
3223
}
3224
if((dret == -1) and (errno != ENOENT)){
3225
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3226
direntries[i]->d_name, strerror(errno));
3227
}
3228
}
3229
free(direntries[i]);
3230
}
3231
3232
/* need to clean even if 0 because man page doesn't specify */
3233
free(direntries);
3234
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3235
if(dret == -1 and errno != ENOENT){
3236
perror_plus("rmdir");
3237
}
3238
} else {
3239
perror_plus("scandirat");
3240
}
3241
close(dir_fd);
2278
3242
}
2279
3243
2280
3244
/* Removes the GPGME temp directory and all files inside */
2281
if(tempdir_created){
2282
struct dirent **direntries = NULL;
2283
struct dirent *direntry = NULL;
2284
int numentries = scandir(tempdir, &direntries, notdotentries,
2285
alphasort);
2286
if (numentries > 0){
2287
for(int i = 0; i < numentries; i++){
2288
direntry = direntries[i];
2289
char *fullname = NULL;
2290
ret = asprintf(&fullname, "%s/%s", tempdir,
2291
direntry->d_name);
2292
if(ret < 0){
2293
perror_plus("asprintf");
2294
continue;
2295
}
2296
ret = remove(fullname);
2297
if(ret == -1){
2298
fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2299
strerror(errno));
2300
}
2301
free(fullname);
2302
}
2303
}
2304
2305
/* need to clean even if 0 because man page doesn't specify */
2306
free(direntries);
2307
if (numentries == -1){
2308
perror_plus("scandir");
2309
}
2310
ret = rmdir(tempdir);
2311
if(ret == -1 and errno != ENOENT){
2312
perror_plus("rmdir");
2313
}
3245
if(tempdir != NULL){
3246
clean_dir_at(-1, tempdir, 0);
2314
3247
}
2315
3248
2316
3249
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0