To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 951
- compare with another revision
- download diff
- download tarball
- view history from revision 951
- Committer: Teddy Hogeborn
- Date: 2018-08-15 09:26:02 UTC
- Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
mandos-client: Set system clock if necessary
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- plugins.d
- files removed:
- ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2008-2018 Teddy Hogeborn
13
* Copyright © 2008-2018 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
* General Public License for more details.
26
*
27
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
29
*
30
* Contact the authors at <mandos@recompile.se>.
31
*/
32
33
/* Needed by GPGME, specifically gpgme_data_seek() */
34
#ifndef _LARGEFILE_SOURCE
35
#define _LARGEFILE_SOURCE
36
#endif /* not _LARGEFILE_SOURCE */
37
#ifndef _FILE_OFFSET_BITS
38
#define _FILE_OFFSET_BITS 64
39
#endif /* not _FILE_OFFSET_BITS */
40
41
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
42
43
#include <stdio.h> /* fprintf(), stderr, fwrite(),
44
stdout, ferror() */
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
46
#include <stddef.h> /* NULL, size_t, ssize_t */
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
strtof(), abort() */
49
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
53
#include <sys/ioctl.h> /* ioctl */
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
sockaddr_in6, PF_INET6,
56
SOCK_STREAM, uid_t, gid_t, open(),
57
opendir(), DIR */
58
#include <sys/stat.h> /* open(), S_ISREG */
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
*/
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
72
program_invocation_short_name */
73
#include <time.h> /* nanosleep(), time(), sleep() */
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
75
SIOCSIFFLAGS, if_indextoname(),
76
if_nametoindex(), IF_NAMESIZE */
77
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
78
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
79
*/
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
81
getuid(), getgid(), seteuid(),
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
85
#include <iso646.h> /* not, or, and */
86
#include <argp.h> /* struct argp_option, error_t, struct
87
argp_state, struct argp,
88
argp_parse(), ARGP_KEY_ARG,
89
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
90
#include <signal.h> /* sigemptyset(), sigaddset(),
91
sigaction(), SIGTERM, sig_atomic_t,
92
raise() */
93
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
94
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
95
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
96
WEXITSTATUS(), WTERMSIG() */
97
#include <grp.h> /* setgroups() */
98
#include <argz.h> /* argz_add_sep(), argz_next(),
99
argz_delete(), argz_append(),
100
argz_stringify(), argz_add(),
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
104
105
#ifdef __linux__
106
#include <sys/klog.h> /* klogctl() */
107
#endif /* __linux__ */
108
109
/* Avahi */
110
/* All Avahi types, constants and functions
111
Avahi*, avahi_*,
112
AVAHI_* */
113
#include <avahi-core/core.h>
114
#include <avahi-core/lookup.h>
115
#include <avahi-core/log.h>
116
#include <avahi-common/simple-watch.h>
117
#include <avahi-common/malloc.h>
118
#include <avahi-common/error.h>
119
120
/* GnuTLS */
121
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
122
functions:
123
gnutls_*
124
init_gnutls_session(),
125
GNUTLS_* */
126
#include <gnutls/openpgp.h>
127
/* gnutls_certificate_set_openpgp_key_file(),
128
GNUTLS_OPENPGP_FMT_BASE64 */
129
130
/* GPGME */
131
#include <gpgme.h> /* All GPGME types, constants and
132
functions:
133
gpgme_*
134
GPGME_PROTOCOL_OpenPGP,
135
GPG_ERR_NO_* */
136
137
#define BUFFER_SIZE 256
138
139
#define PATHDIR "/conf/conf.d/mandos"
140
#define SECKEY "seckey.txt"
141
#define PUBKEY "pubkey.txt"
142
#define HOOKDIR "/lib/mandos/network-hooks.d"
143
144
bool debug = false;
145
static const char mandos_protocol_version[] = "1";
146
const char *argp_program_version = "mandos-client " VERSION;
147
const char *argp_program_bug_address = "<mandos@recompile.se>";
148
static const char sys_class_net[] = "/sys/class/net";
149
char *connect_to = NULL;
150
const char *hookdir = HOOKDIR;
151
int hookdir_fd = -1;
152
uid_t uid = 65534;
153
gid_t gid = 65534;
154
155
/* Doubly linked list that need to be circularly linked when used */
156
typedef struct server{
157
const char *ip;
158
in_port_t port;
159
AvahiIfIndex if_index;
160
int af;
161
struct timespec last_seen;
162
struct server *next;
163
struct server *prev;
164
} server;
165
166
/* Used for passing in values through the Avahi callback functions */
167
typedef struct {
168
AvahiServer *server;
169
gnutls_certificate_credentials_t cred;
170
unsigned int dh_bits;
171
gnutls_dh_params_t dh_params;
172
const char *priority;
173
gpgme_ctx_t ctx;
174
server *current_server;
175
char *interfaces;
176
size_t interfaces_size;
177
} mandos_context;
178
179
/* global so signal handler can reach it*/
180
AvahiSimplePoll *simple_poll;
181
182
sig_atomic_t quit_now = 0;
183
int signal_received = 0;
184
185
/* Function to use when printing errors */
186
void perror_plus(const char *print_text){
187
int e = errno;
188
fprintf(stderr, "Mandos plugin %s: ",
189
program_invocation_short_name);
190
errno = e;
191
perror(print_text);
192
}
193
194
__attribute__((format (gnu_printf, 2, 3), nonnull))
195
int fprintf_plus(FILE *stream, const char *format, ...){
196
va_list ap;
197
va_start (ap, format);
198
199
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
200
program_invocation_short_name));
201
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
202
}
203
204
/*
205
* Make additional room in "buffer" for at least BUFFER_SIZE more
206
* bytes. "buffer_capacity" is how much is currently allocated,
207
* "buffer_length" is how much is already used.
208
*/
209
__attribute__((nonnull, warn_unused_result))
210
size_t incbuffer(char **buffer, size_t buffer_length,
211
size_t buffer_capacity){
212
if(buffer_length + BUFFER_SIZE > buffer_capacity){
213
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
214
if(new_buf == NULL){
215
int old_errno = errno;
216
free(*buffer);
217
errno = old_errno;
218
*buffer = NULL;
219
return 0;
220
}
221
*buffer = new_buf;
222
buffer_capacity += BUFFER_SIZE;
223
}
224
return buffer_capacity;
225
}
226
227
/* Add server to set of servers to retry periodically */
228
__attribute__((nonnull, warn_unused_result))
229
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
230
int af, server **current_server){
231
int ret;
232
server *new_server = malloc(sizeof(server));
233
if(new_server == NULL){
234
perror_plus("malloc");
235
return false;
236
}
237
*new_server = (server){ .ip = strdup(ip),
238
.port = port,
239
.if_index = if_index,
240
.af = af };
241
if(new_server->ip == NULL){
242
perror_plus("strdup");
243
free(new_server);
244
return false;
245
}
246
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
247
if(ret == -1){
248
perror_plus("clock_gettime");
249
#ifdef __GNUC__
250
#pragma GCC diagnostic push
251
#pragma GCC diagnostic ignored "-Wcast-qual"
252
#endif
253
free((char *)(new_server->ip));
254
#ifdef __GNUC__
255
#pragma GCC diagnostic pop
256
#endif
257
free(new_server);
258
return false;
259
}
260
/* Special case of first server */
261
if(*current_server == NULL){
262
new_server->next = new_server;
263
new_server->prev = new_server;
264
*current_server = new_server;
265
} else {
266
/* Place the new server last in the list */
267
new_server->next = *current_server;
268
new_server->prev = (*current_server)->prev;
269
new_server->prev->next = new_server;
270
(*current_server)->prev = new_server;
271
}
272
return true;
273
}
274
275
/* Set effective uid to 0, return errno */
276
__attribute__((warn_unused_result))
277
int raise_privileges(void){
278
int old_errno = errno;
279
int ret = 0;
280
if(seteuid(0) == -1){
281
ret = errno;
282
}
283
errno = old_errno;
284
return ret;
285
}
286
287
/* Set effective and real user ID to 0. Return errno. */
288
__attribute__((warn_unused_result))
289
int raise_privileges_permanently(void){
290
int old_errno = errno;
291
int ret = raise_privileges();
292
if(ret != 0){
293
errno = old_errno;
294
return ret;
295
}
296
if(setuid(0) == -1){
297
ret = errno;
298
}
299
errno = old_errno;
300
return ret;
301
}
302
303
/* Set effective user ID to unprivileged saved user ID */
304
__attribute__((warn_unused_result))
305
int lower_privileges(void){
306
int old_errno = errno;
307
int ret = 0;
308
if(seteuid(uid) == -1){
309
ret = errno;
310
}
311
errno = old_errno;
312
return ret;
313
}
314
315
/* Lower privileges permanently */
316
__attribute__((warn_unused_result))
317
int lower_privileges_permanently(void){
318
int old_errno = errno;
319
int ret = 0;
320
if(setuid(uid) == -1){
321
ret = errno;
322
}
323
errno = old_errno;
324
return ret;
325
}
326
327
/*
328
* Initialize GPGME.
329
*/
330
__attribute__((nonnull, warn_unused_result))
331
static bool init_gpgme(const char * const seckey,
332
const char * const pubkey,
333
const char * const tempdir,
334
mandos_context *mc){
335
gpgme_error_t rc;
336
gpgme_engine_info_t engine_info;
337
338
/*
339
* Helper function to insert pub and seckey to the engine keyring.
340
*/
341
bool import_key(const char * const filename){
342
int ret;
343
int fd;
344
gpgme_data_t pgp_data;
345
346
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
347
if(fd == -1){
348
perror_plus("open");
349
return false;
350
}
351
352
/* Workaround for systems without a real-time clock; see also
353
Debian bug #894495: <https://bugs.debian.org/894495> */
354
do {
355
{
356
time_t currtime = time(NULL);
357
if(currtime != (time_t)-1){
358
struct tm tm;
359
if(gmtime_r(&currtime, &tm) == NULL) {
360
perror_plus("gmtime_r");
361
break;
362
}
363
if(tm.tm_year != 70 or tm.tm_mon != 0){
364
break;
365
}
366
if(debug){
367
fprintf_plus(stderr, "System clock is January 1970");
368
}
369
} else {
370
if(debug){
371
fprintf_plus(stderr, "System clock is invalid");
372
}
373
}
374
}
375
struct stat keystat;
376
ret = fstat(fd, &keystat);
377
if(ret != 0){
378
perror_plus("fstat");
379
break;
380
}
381
ret = raise_privileges();
382
if(ret != 0){
383
errno = ret;
384
perror_plus("Failed to raise privileges");
385
break;
386
}
387
if(debug){
388
fprintf_plus(stderr,
389
"Setting system clock to key file mtime");
390
}
391
time_t keytime = keystat.st_mtim.tv_sec;
392
if(stime(&keytime) != 0){
393
perror_plus("stime");
394
}
395
ret = lower_privileges();
396
if(ret != 0){
397
errno = ret;
398
perror_plus("Failed to lower privileges");
399
}
400
} while(false);
401
402
rc = gpgme_data_new_from_fd(&pgp_data, fd);
403
if(rc != GPG_ERR_NO_ERROR){
404
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
405
gpgme_strsource(rc), gpgme_strerror(rc));
406
return false;
407
}
408
409
rc = gpgme_op_import(mc->ctx, pgp_data);
410
if(rc != GPG_ERR_NO_ERROR){
411
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
412
gpgme_strsource(rc), gpgme_strerror(rc));
413
return false;
414
}
415
{
416
gpgme_import_result_t import_result
417
= gpgme_op_import_result(mc->ctx);
418
if((import_result->imported < 1
419
or import_result->not_imported > 0)
420
and import_result->unchanged == 0){
421
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
422
fprintf_plus(stderr,
423
"The total number of considered keys: %d\n",
424
import_result->considered);
425
fprintf_plus(stderr,
426
"The number of keys without user ID: %d\n",
427
import_result->no_user_id);
428
fprintf_plus(stderr,
429
"The total number of imported keys: %d\n",
430
import_result->imported);
431
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
432
import_result->imported_rsa);
433
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
434
import_result->unchanged);
435
fprintf_plus(stderr, "The number of new user IDs: %d\n",
436
import_result->new_user_ids);
437
fprintf_plus(stderr, "The number of new sub keys: %d\n",
438
import_result->new_sub_keys);
439
fprintf_plus(stderr, "The number of new signatures: %d\n",
440
import_result->new_signatures);
441
fprintf_plus(stderr, "The number of new revocations: %d\n",
442
import_result->new_revocations);
443
fprintf_plus(stderr,
444
"The total number of secret keys read: %d\n",
445
import_result->secret_read);
446
fprintf_plus(stderr,
447
"The number of imported secret keys: %d\n",
448
import_result->secret_imported);
449
fprintf_plus(stderr,
450
"The number of unchanged secret keys: %d\n",
451
import_result->secret_unchanged);
452
fprintf_plus(stderr, "The number of keys not imported: %d\n",
453
import_result->not_imported);
454
for(gpgme_import_status_t import_status
455
= import_result->imports;
456
import_status != NULL;
457
import_status = import_status->next){
458
fprintf_plus(stderr, "Import status for key: %s\n",
459
import_status->fpr);
460
if(import_status->result != GPG_ERR_NO_ERROR){
461
fprintf_plus(stderr, "Import result: %s: %s\n",
462
gpgme_strsource(import_status->result),
463
gpgme_strerror(import_status->result));
464
}
465
fprintf_plus(stderr, "Key status:\n");
466
fprintf_plus(stderr,
467
import_status->status & GPGME_IMPORT_NEW
468
? "The key was new.\n"
469
: "The key was not new.\n");
470
fprintf_plus(stderr,
471
import_status->status & GPGME_IMPORT_UID
472
? "The key contained new user IDs.\n"
473
: "The key did not contain new user IDs.\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_SIG
476
? "The key contained new signatures.\n"
477
: "The key did not contain new signatures.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_SUBKEY
480
? "The key contained new sub keys.\n"
481
: "The key did not contain new sub keys.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SECRET
484
? "The key contained a secret key.\n"
485
: "The key did not contain a secret key.\n");
486
}
487
return false;
488
}
489
}
490
491
ret = close(fd);
492
if(ret == -1){
493
perror_plus("close");
494
}
495
gpgme_data_release(pgp_data);
496
return true;
497
}
498
499
if(debug){
500
fprintf_plus(stderr, "Initializing GPGME\n");
501
}
502
503
/* Init GPGME */
504
gpgme_check_version(NULL);
505
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
506
if(rc != GPG_ERR_NO_ERROR){
507
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
508
gpgme_strsource(rc), gpgme_strerror(rc));
509
return false;
510
}
511
512
/* Set GPGME home directory for the OpenPGP engine only */
513
rc = gpgme_get_engine_info(&engine_info);
514
if(rc != GPG_ERR_NO_ERROR){
515
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
516
gpgme_strsource(rc), gpgme_strerror(rc));
517
return false;
518
}
519
while(engine_info != NULL){
520
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
521
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
522
engine_info->file_name, tempdir);
523
break;
524
}
525
engine_info = engine_info->next;
526
}
527
if(engine_info == NULL){
528
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
529
tempdir);
530
return false;
531
}
532
533
/* Create new GPGME "context" */
534
rc = gpgme_new(&(mc->ctx));
535
if(rc != GPG_ERR_NO_ERROR){
536
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
537
gpgme_strsource(rc), gpgme_strerror(rc));
538
return false;
539
}
540
541
if(not import_key(pubkey) or not import_key(seckey)){
542
return false;
543
}
544
545
return true;
546
}
547
548
/*
549
* Decrypt OpenPGP data.
550
* Returns -1 on error
551
*/
552
__attribute__((nonnull, warn_unused_result))
553
static ssize_t pgp_packet_decrypt(const char *cryptotext,
554
size_t crypto_size,
555
char **plaintext,
556
mandos_context *mc){
557
gpgme_data_t dh_crypto, dh_plain;
558
gpgme_error_t rc;
559
ssize_t ret;
560
size_t plaintext_capacity = 0;
561
ssize_t plaintext_length = 0;
562
563
if(debug){
564
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
565
}
566
567
/* Create new GPGME data buffer from memory cryptotext */
568
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
569
0);
570
if(rc != GPG_ERR_NO_ERROR){
571
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
572
gpgme_strsource(rc), gpgme_strerror(rc));
573
return -1;
574
}
575
576
/* Create new empty GPGME data buffer for the plaintext */
577
rc = gpgme_data_new(&dh_plain);
578
if(rc != GPG_ERR_NO_ERROR){
579
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
580
gpgme_strsource(rc), gpgme_strerror(rc));
581
gpgme_data_release(dh_crypto);
582
return -1;
583
}
584
585
/* Decrypt data from the cryptotext data buffer to the plaintext
586
data buffer */
587
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
588
if(rc != GPG_ERR_NO_ERROR){
589
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
590
gpgme_strsource(rc), gpgme_strerror(rc));
591
plaintext_length = -1;
592
if(debug){
593
gpgme_decrypt_result_t result;
594
result = gpgme_op_decrypt_result(mc->ctx);
595
if(result == NULL){
596
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
597
} else {
598
if(result->unsupported_algorithm != NULL) {
599
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
600
result->unsupported_algorithm);
601
}
602
fprintf_plus(stderr, "Wrong key usage: %s\n",
603
result->wrong_key_usage ? "Yes" : "No");
604
if(result->file_name != NULL){
605
fprintf_plus(stderr, "File name: %s\n", result->file_name);
606
}
607
608
for(gpgme_recipient_t r = result->recipients; r != NULL;
609
r = r->next){
610
fprintf_plus(stderr, "Public key algorithm: %s\n",
611
gpgme_pubkey_algo_name(r->pubkey_algo));
612
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
613
fprintf_plus(stderr, "Secret key available: %s\n",
614
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
615
}
616
}
617
}
618
goto decrypt_end;
619
}
620
621
if(debug){
622
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
623
}
624
625
/* Seek back to the beginning of the GPGME plaintext data buffer */
626
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
627
perror_plus("gpgme_data_seek");
628
plaintext_length = -1;
629
goto decrypt_end;
630
}
631
632
*plaintext = NULL;
633
while(true){
634
plaintext_capacity = incbuffer(plaintext,
635
(size_t)plaintext_length,
636
plaintext_capacity);
637
if(plaintext_capacity == 0){
638
perror_plus("incbuffer");
639
plaintext_length = -1;
640
goto decrypt_end;
641
}
642
643
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
644
BUFFER_SIZE);
645
/* Print the data, if any */
646
if(ret == 0){
647
/* EOF */
648
break;
649
}
650
if(ret < 0){
651
perror_plus("gpgme_data_read");
652
plaintext_length = -1;
653
goto decrypt_end;
654
}
655
plaintext_length += ret;
656
}
657
658
if(debug){
659
fprintf_plus(stderr, "Decrypted password is: ");
660
for(ssize_t i = 0; i < plaintext_length; i++){
661
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
662
}
663
fprintf(stderr, "\n");
664
}
665
666
decrypt_end:
667
668
/* Delete the GPGME cryptotext data buffer */
669
gpgme_data_release(dh_crypto);
670
671
/* Delete the GPGME plaintext data buffer */
672
gpgme_data_release(dh_plain);
673
return plaintext_length;
674
}
675
676
__attribute__((warn_unused_result, const))
677
static const char *safe_string(const char *str){
678
if(str == NULL)
679
return "(unknown)";
680
return str;
681
}
682
683
__attribute__((warn_unused_result))
684
static const char *safer_gnutls_strerror(int value){
685
const char *ret = gnutls_strerror(value);
686
return safe_string(ret);
687
}
688
689
/* GnuTLS log function callback */
690
__attribute__((nonnull))
691
static void debuggnutls(__attribute__((unused)) int level,
692
const char* string){
693
fprintf_plus(stderr, "GnuTLS: %s", string);
694
}
695
696
__attribute__((nonnull(1, 2, 4), warn_unused_result))
697
static int init_gnutls_global(const char *pubkeyfilename,
698
const char *seckeyfilename,
699
const char *dhparamsfilename,
700
mandos_context *mc){
701
int ret;
702
unsigned int uret;
703
704
if(debug){
705
fprintf_plus(stderr, "Initializing GnuTLS\n");
706
}
707
708
if(debug){
709
/* "Use a log level over 10 to enable all debugging options."
710
* - GnuTLS manual
711
*/
712
gnutls_global_set_log_level(11);
713
gnutls_global_set_log_function(debuggnutls);
714
}
715
716
/* OpenPGP credentials */
717
ret = gnutls_certificate_allocate_credentials(&mc->cred);
718
if(ret != GNUTLS_E_SUCCESS){
719
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
720
safer_gnutls_strerror(ret));
721
return -1;
722
}
723
724
if(debug){
725
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
726
" secret key %s as GnuTLS credentials\n",
727
pubkeyfilename,
728
seckeyfilename);
729
}
730
731
ret = gnutls_certificate_set_openpgp_key_file
732
(mc->cred, pubkeyfilename, seckeyfilename,
733
GNUTLS_OPENPGP_FMT_BASE64);
734
if(ret != GNUTLS_E_SUCCESS){
735
fprintf_plus(stderr,
736
"Error[%d] while reading the OpenPGP key pair ('%s',"
737
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
738
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
739
safer_gnutls_strerror(ret));
740
goto globalfail;
741
}
742
743
/* GnuTLS server initialization */
744
ret = gnutls_dh_params_init(&mc->dh_params);
745
if(ret != GNUTLS_E_SUCCESS){
746
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
747
" initialization: %s\n",
748
safer_gnutls_strerror(ret));
749
goto globalfail;
750
}
751
/* If a Diffie-Hellman parameters file was given, try to use it */
752
if(dhparamsfilename != NULL){
753
gnutls_datum_t params = { .data = NULL, .size = 0 };
754
do {
755
int dhpfile = open(dhparamsfilename, O_RDONLY);
756
if(dhpfile == -1){
757
perror_plus("open");
758
dhparamsfilename = NULL;
759
break;
760
}
761
size_t params_capacity = 0;
762
while(true){
763
params_capacity = incbuffer((char **)¶ms.data,
764
(size_t)params.size,
765
(size_t)params_capacity);
766
if(params_capacity == 0){
767
perror_plus("incbuffer");
768
free(params.data);
769
params.data = NULL;
770
dhparamsfilename = NULL;
771
break;
772
}
773
ssize_t bytes_read = read(dhpfile,
774
params.data + params.size,
775
BUFFER_SIZE);
776
/* EOF */
777
if(bytes_read == 0){
778
break;
779
}
780
/* check bytes_read for failure */
781
if(bytes_read < 0){
782
perror_plus("read");
783
free(params.data);
784
params.data = NULL;
785
dhparamsfilename = NULL;
786
break;
787
}
788
params.size += (unsigned int)bytes_read;
789
}
790
ret = close(dhpfile);
791
if(ret == -1){
792
perror_plus("close");
793
}
794
if(params.data == NULL){
795
dhparamsfilename = NULL;
796
}
797
if(dhparamsfilename == NULL){
798
break;
799
}
800
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
801
GNUTLS_X509_FMT_PEM);
802
if(ret != GNUTLS_E_SUCCESS){
803
fprintf_plus(stderr, "Failed to parse DH parameters in file"
804
" \"%s\": %s\n", dhparamsfilename,
805
safer_gnutls_strerror(ret));
806
dhparamsfilename = NULL;
807
}
808
free(params.data);
809
} while(false);
810
}
811
if(dhparamsfilename == NULL){
812
if(mc->dh_bits == 0){
813
/* Find out the optimal number of DH bits */
814
/* Try to read the private key file */
815
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
816
do {
817
int secfile = open(seckeyfilename, O_RDONLY);
818
if(secfile == -1){
819
perror_plus("open");
820
break;
821
}
822
size_t buffer_capacity = 0;
823
while(true){
824
buffer_capacity = incbuffer((char **)&buffer.data,
825
(size_t)buffer.size,
826
(size_t)buffer_capacity);
827
if(buffer_capacity == 0){
828
perror_plus("incbuffer");
829
free(buffer.data);
830
buffer.data = NULL;
831
break;
832
}
833
ssize_t bytes_read = read(secfile,
834
buffer.data + buffer.size,
835
BUFFER_SIZE);
836
/* EOF */
837
if(bytes_read == 0){
838
break;
839
}
840
/* check bytes_read for failure */
841
if(bytes_read < 0){
842
perror_plus("read");
843
free(buffer.data);
844
buffer.data = NULL;
845
break;
846
}
847
buffer.size += (unsigned int)bytes_read;
848
}
849
close(secfile);
850
} while(false);
851
/* If successful, use buffer to parse private key */
852
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
853
if(buffer.data != NULL){
854
{
855
gnutls_openpgp_privkey_t privkey = NULL;
856
ret = gnutls_openpgp_privkey_init(&privkey);
857
if(ret != GNUTLS_E_SUCCESS){
858
fprintf_plus(stderr, "Error initializing OpenPGP key"
859
" structure: %s",
860
safer_gnutls_strerror(ret));
861
free(buffer.data);
862
buffer.data = NULL;
863
} else {
864
ret = gnutls_openpgp_privkey_import
865
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
866
if(ret != GNUTLS_E_SUCCESS){
867
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
868
safer_gnutls_strerror(ret));
869
privkey = NULL;
870
}
871
free(buffer.data);
872
buffer.data = NULL;
873
if(privkey != NULL){
874
/* Use private key to suggest an appropriate
875
sec_param */
876
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
877
gnutls_openpgp_privkey_deinit(privkey);
878
if(debug){
879
fprintf_plus(stderr, "This OpenPGP key implies using"
880
" a GnuTLS security parameter \"%s\".\n",
881
safe_string(gnutls_sec_param_get_name
882
(sec_param)));
883
}
884
}
885
}
886
}
887
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
888
/* Err on the side of caution */
889
sec_param = GNUTLS_SEC_PARAM_ULTRA;
890
if(debug){
891
fprintf_plus(stderr, "Falling back to security parameter"
892
" \"%s\"\n",
893
safe_string(gnutls_sec_param_get_name
894
(sec_param)));
895
}
896
}
897
}
898
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
899
if(uret != 0){
900
mc->dh_bits = uret;
901
if(debug){
902
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
903
" implies %u DH bits; using that.\n",
904
safe_string(gnutls_sec_param_get_name
905
(sec_param)),
906
mc->dh_bits);
907
}
908
} else {
909
fprintf_plus(stderr, "Failed to get implied number of DH"
910
" bits for security parameter \"%s\"): %s\n",
911
safe_string(gnutls_sec_param_get_name
912
(sec_param)),
913
safer_gnutls_strerror(ret));
914
goto globalfail;
915
}
916
} else if(debug){
917
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
918
mc->dh_bits);
919
}
920
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
921
if(ret != GNUTLS_E_SUCCESS){
922
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
923
" bits): %s\n", mc->dh_bits,
924
safer_gnutls_strerror(ret));
925
goto globalfail;
926
}
927
}
928
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
929
930
return 0;
931
932
globalfail:
933
934
gnutls_certificate_free_credentials(mc->cred);
935
gnutls_dh_params_deinit(mc->dh_params);
936
return -1;
937
}
938
939
__attribute__((nonnull, warn_unused_result))
940
static int init_gnutls_session(gnutls_session_t *session,
941
mandos_context *mc){
942
int ret;
943
/* GnuTLS session creation */
944
do {
945
ret = gnutls_init(session, GNUTLS_SERVER);
946
if(quit_now){
947
return -1;
948
}
949
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
950
if(ret != GNUTLS_E_SUCCESS){
951
fprintf_plus(stderr,
952
"Error in GnuTLS session initialization: %s\n",
953
safer_gnutls_strerror(ret));
954
}
955
956
{
957
const char *err;
958
do {
959
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
960
if(quit_now){
961
gnutls_deinit(*session);
962
return -1;
963
}
964
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
965
if(ret != GNUTLS_E_SUCCESS){
966
fprintf_plus(stderr, "Syntax error at: %s\n", err);
967
fprintf_plus(stderr, "GnuTLS error: %s\n",
968
safer_gnutls_strerror(ret));
969
gnutls_deinit(*session);
970
return -1;
971
}
972
}
973
974
do {
975
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
976
mc->cred);
977
if(quit_now){
978
gnutls_deinit(*session);
979
return -1;
980
}
981
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
982
if(ret != GNUTLS_E_SUCCESS){
983
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
984
safer_gnutls_strerror(ret));
985
gnutls_deinit(*session);
986
return -1;
987
}
988
989
/* ignore client certificate if any. */
990
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
991
992
return 0;
993
}
994
995
/* Avahi log function callback */
996
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
997
__attribute__((unused)) const char *txt){}
998
999
/* Helper function to add_local_route() and delete_local_route() */
1000
__attribute__((nonnull, warn_unused_result))
1001
static bool add_delete_local_route(const bool add,
1002
const char *address,
1003
AvahiIfIndex if_index){
1004
int ret;
1005
char helper[] = "mandos-client-iprouteadddel";
1006
char add_arg[] = "add";
1007
char delete_arg[] = "delete";
1008
char debug_flag[] = "--debug";
1009
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1010
if(pluginhelperdir == NULL){
1011
if(debug){
1012
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1013
" variable not set; cannot run helper\n");
1014
}
1015
return false;
1016
}
1017
1018
char interface[IF_NAMESIZE];
1019
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1020
perror_plus("if_indextoname");
1021
return false;
1022
}
1023
1024
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1025
if(devnull == -1){
1026
perror_plus("open(\"/dev/null\", O_RDONLY)");
1027
return false;
1028
}
1029
pid_t pid = fork();
1030
if(pid == 0){
1031
/* Child */
1032
/* Raise privileges */
1033
errno = raise_privileges_permanently();
1034
if(errno != 0){
1035
perror_plus("Failed to raise privileges");
1036
/* _exit(EX_NOPERM); */
1037
} else {
1038
/* Set group */
1039
errno = 0;
1040
ret = setgid(0);
1041
if(ret == -1){
1042
perror_plus("setgid");
1043
_exit(EX_NOPERM);
1044
}
1045
/* Reset supplementary groups */
1046
errno = 0;
1047
ret = setgroups(0, NULL);
1048
if(ret == -1){
1049
perror_plus("setgroups");
1050
_exit(EX_NOPERM);
1051
}
1052
}
1053
ret = dup2(devnull, STDIN_FILENO);
1054
if(ret == -1){
1055
perror_plus("dup2(devnull, STDIN_FILENO)");
1056
_exit(EX_OSERR);
1057
}
1058
ret = close(devnull);
1059
if(ret == -1){
1060
perror_plus("close");
1061
_exit(EX_OSERR);
1062
}
1063
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1064
if(ret == -1){
1065
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1066
_exit(EX_OSERR);
1067
}
1068
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1069
O_RDONLY
1070
| O_DIRECTORY
1071
| O_PATH
1072
| O_CLOEXEC));
1073
if(helperdir_fd == -1){
1074
perror_plus("open");
1075
_exit(EX_UNAVAILABLE);
1076
}
1077
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1078
helper, O_RDONLY));
1079
if(helper_fd == -1){
1080
perror_plus("openat");
1081
close(helperdir_fd);
1082
_exit(EX_UNAVAILABLE);
1083
}
1084
close(helperdir_fd);
1085
#ifdef __GNUC__
1086
#pragma GCC diagnostic push
1087
#pragma GCC diagnostic ignored "-Wcast-qual"
1088
#endif
1089
if(fexecve(helper_fd, (char *const [])
1090
{ helper, add ? add_arg : delete_arg, (char *)address,
1091
interface, debug ? debug_flag : NULL, NULL },
1092
environ) == -1){
1093
#ifdef __GNUC__
1094
#pragma GCC diagnostic pop
1095
#endif
1096
perror_plus("fexecve");
1097
_exit(EXIT_FAILURE);
1098
}
1099
}
1100
if(pid == -1){
1101
perror_plus("fork");
1102
return false;
1103
}
1104
int status;
1105
pid_t pret = -1;
1106
errno = 0;
1107
do {
1108
pret = waitpid(pid, &status, 0);
1109
if(pret == -1 and errno == EINTR and quit_now){
1110
int errno_raising = 0;
1111
if((errno = raise_privileges()) != 0){
1112
errno_raising = errno;
1113
perror_plus("Failed to raise privileges in order to"
1114
" kill helper program");
1115
}
1116
if(kill(pid, SIGTERM) == -1){
1117
perror_plus("kill");
1118
}
1119
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1120
perror_plus("Failed to lower privileges after killing"
1121
" helper program");
1122
}
1123
return false;
1124
}
1125
} while(pret == -1 and errno == EINTR);
1126
if(pret == -1){
1127
perror_plus("waitpid");
1128
return false;
1129
}
1130
if(WIFEXITED(status)){
1131
if(WEXITSTATUS(status) != 0){
1132
fprintf_plus(stderr, "Error: iprouteadddel exited"
1133
" with status %d\n", WEXITSTATUS(status));
1134
return false;
1135
}
1136
return true;
1137
}
1138
if(WIFSIGNALED(status)){
1139
fprintf_plus(stderr, "Error: iprouteadddel died by"
1140
" signal %d\n", WTERMSIG(status));
1141
return false;
1142
}
1143
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1144
return false;
1145
}
1146
1147
__attribute__((nonnull, warn_unused_result))
1148
static bool add_local_route(const char *address,
1149
AvahiIfIndex if_index){
1150
if(debug){
1151
fprintf_plus(stderr, "Adding route to %s\n", address);
1152
}
1153
return add_delete_local_route(true, address, if_index);
1154
}
1155
1156
__attribute__((nonnull, warn_unused_result))
1157
static bool delete_local_route(const char *address,
1158
AvahiIfIndex if_index){
1159
if(debug){
1160
fprintf_plus(stderr, "Removing route to %s\n", address);
1161
}
1162
return add_delete_local_route(false, address, if_index);
1163
}
1164
1165
/* Called when a Mandos server is found */
1166
__attribute__((nonnull, warn_unused_result))
1167
static int start_mandos_communication(const char *ip, in_port_t port,
1168
AvahiIfIndex if_index,
1169
int af, mandos_context *mc){
1170
int ret, tcp_sd = -1;
1171
ssize_t sret;
1172
struct sockaddr_storage to;
1173
char *buffer = NULL;
1174
char *decrypted_buffer = NULL;
1175
size_t buffer_length = 0;
1176
size_t buffer_capacity = 0;
1177
size_t written;
1178
int retval = -1;
1179
gnutls_session_t session;
1180
int pf; /* Protocol family */
1181
bool route_added = false;
1182
1183
errno = 0;
1184
1185
if(quit_now){
1186
errno = EINTR;
1187
return -1;
1188
}
1189
1190
switch(af){
1191
case AF_INET6:
1192
pf = PF_INET6;
1193
break;
1194
case AF_INET:
1195
pf = PF_INET;
1196
break;
1197
default:
1198
fprintf_plus(stderr, "Bad address family: %d\n", af);
1199
errno = EINVAL;
1200
return -1;
1201
}
1202
1203
/* If the interface is specified and we have a list of interfaces */
1204
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1205
/* Check if the interface is one of the interfaces we are using */
1206
bool match = false;
1207
{
1208
char *interface = NULL;
1209
while((interface = argz_next(mc->interfaces,
1210
mc->interfaces_size,
1211
interface))){
1212
if(if_nametoindex(interface) == (unsigned int)if_index){
1213
match = true;
1214
break;
1215
}
1216
}
1217
}
1218
if(not match){
1219
/* This interface does not match any in the list, so we don't
1220
connect to the server */
1221
if(debug){
1222
char interface[IF_NAMESIZE];
1223
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1224
perror_plus("if_indextoname");
1225
} else {
1226
fprintf_plus(stderr, "Skipping server on non-used interface"
1227
" \"%s\"\n",
1228
if_indextoname((unsigned int)if_index,
1229
interface));
1230
}
1231
}
1232
return -1;
1233
}
1234
}
1235
1236
ret = init_gnutls_session(&session, mc);
1237
if(ret != 0){
1238
return -1;
1239
}
1240
1241
if(debug){
1242
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1243
PRIuMAX "\n", ip, (uintmax_t)port);
1244
}
1245
1246
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1247
if(tcp_sd < 0){
1248
int e = errno;
1249
perror_plus("socket");
1250
errno = e;
1251
goto mandos_end;
1252
}
1253
1254
if(quit_now){
1255
errno = EINTR;
1256
goto mandos_end;
1257
}
1258
1259
if(af == AF_INET6){
1260
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1261
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1262
ret = inet_pton(af, ip, &to6->sin6_addr);
1263
} else { /* IPv4 */
1264
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1265
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1266
ret = inet_pton(af, ip, &to4->sin_addr);
1267
}
1268
if(ret < 0 ){
1269
int e = errno;
1270
perror_plus("inet_pton");
1271
errno = e;
1272
goto mandos_end;
1273
}
1274
if(ret == 0){
1275
int e = errno;
1276
fprintf_plus(stderr, "Bad address: %s\n", ip);
1277
errno = e;
1278
goto mandos_end;
1279
}
1280
if(af == AF_INET6){
1281
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1282
if(IN6_IS_ADDR_LINKLOCAL
1283
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1284
if(if_index == AVAHI_IF_UNSPEC){
1285
fprintf_plus(stderr, "An IPv6 link-local address is"
1286
" incomplete without a network interface\n");
1287
errno = EINVAL;
1288
goto mandos_end;
1289
}
1290
/* Set the network interface number as scope */
1291
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1292
}
1293
} else {
1294
((struct sockaddr_in *)&to)->sin_port = htons(port);
1295
}
1296
1297
if(quit_now){
1298
errno = EINTR;
1299
goto mandos_end;
1300
}
1301
1302
if(debug){
1303
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1304
char interface[IF_NAMESIZE];
1305
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1306
perror_plus("if_indextoname");
1307
} else {
1308
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1309
"\n", ip, interface, (uintmax_t)port);
1310
}
1311
} else {
1312
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1313
ip, (uintmax_t)port);
1314
}
1315
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1316
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1317
if(af == AF_INET6){
1318
ret = getnameinfo((struct sockaddr *)&to,
1319
sizeof(struct sockaddr_in6),
1320
addrstr, sizeof(addrstr), NULL, 0,
1321
NI_NUMERICHOST);
1322
} else {
1323
ret = getnameinfo((struct sockaddr *)&to,
1324
sizeof(struct sockaddr_in),
1325
addrstr, sizeof(addrstr), NULL, 0,
1326
NI_NUMERICHOST);
1327
}
1328
if(ret == EAI_SYSTEM){
1329
perror_plus("getnameinfo");
1330
} else if(ret != 0) {
1331
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1332
} else if(strcmp(addrstr, ip) != 0){
1333
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1334
}
1335
}
1336
1337
if(quit_now){
1338
errno = EINTR;
1339
goto mandos_end;
1340
}
1341
1342
while(true){
1343
if(af == AF_INET6){
1344
ret = connect(tcp_sd, (struct sockaddr *)&to,
1345
sizeof(struct sockaddr_in6));
1346
} else {
1347
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1348
sizeof(struct sockaddr_in));
1349
}
1350
if(ret < 0){
1351
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1352
and if_index != AVAHI_IF_UNSPEC
1353
and connect_to == NULL
1354
and not route_added and
1355
((af == AF_INET6 and not
1356
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1357
&to)->sin6_addr)))
1358
or (af == AF_INET and
1359
/* Not a a IPv4LL address */
1360
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1361
& 0xFFFF0000L) != 0xA9FE0000L))){
1362
/* Work around Avahi bug - Avahi does not announce link-local
1363
addresses if it has a global address, so local hosts with
1364
*only* a link-local address (e.g. Mandos clients) cannot
1365
connect to a Mandos server announced by Avahi on a server
1366
host with a global address. Work around this by retrying
1367
with an explicit route added with the server's address.
1368
1369
Avahi bug reference:
1370
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1371
https://bugs.debian.org/587961
1372
*/
1373
if(debug){
1374
fprintf_plus(stderr, "Mandos server unreachable, trying"
1375
" direct route\n");
1376
}
1377
int e = errno;
1378
route_added = add_local_route(ip, if_index);
1379
if(route_added){
1380
continue;
1381
}
1382
errno = e;
1383
}
1384
if(errno != ECONNREFUSED or debug){
1385
int e = errno;
1386
perror_plus("connect");
1387
errno = e;
1388
}
1389
goto mandos_end;
1390
}
1391
1392
if(quit_now){
1393
errno = EINTR;
1394
goto mandos_end;
1395
}
1396
break;
1397
}
1398
1399
const char *out = mandos_protocol_version;
1400
written = 0;
1401
while(true){
1402
size_t out_size = strlen(out);
1403
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1404
out_size - written));
1405
if(ret == -1){
1406
int e = errno;
1407
perror_plus("write");
1408
errno = e;
1409
goto mandos_end;
1410
}
1411
written += (size_t)ret;
1412
if(written < out_size){
1413
continue;
1414
} else {
1415
if(out == mandos_protocol_version){
1416
written = 0;
1417
out = "\r\n";
1418
} else {
1419
break;
1420
}
1421
}
1422
1423
if(quit_now){
1424
errno = EINTR;
1425
goto mandos_end;
1426
}
1427
}
1428
1429
if(debug){
1430
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
1438
/* This casting via intptr_t is to eliminate warning about casting
1439
an int to a pointer type. This is exactly how the GnuTLS Guile
1440
function "set-session-transport-fd!" does it. */
1441
gnutls_transport_set_ptr(session,
1442
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1443
1444
if(quit_now){
1445
errno = EINTR;
1446
goto mandos_end;
1447
}
1448
1449
do {
1450
ret = gnutls_handshake(session);
1451
if(quit_now){
1452
errno = EINTR;
1453
goto mandos_end;
1454
}
1455
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1456
1457
if(ret != GNUTLS_E_SUCCESS){
1458
if(debug){
1459
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1460
gnutls_perror(ret);
1461
}
1462
errno = EPROTO;
1463
goto mandos_end;
1464
}
1465
1466
/* Read OpenPGP packet that contains the wanted password */
1467
1468
if(debug){
1469
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1470
" %s\n", ip);
1471
}
1472
1473
while(true){
1474
1475
if(quit_now){
1476
errno = EINTR;
1477
goto mandos_end;
1478
}
1479
1480
buffer_capacity = incbuffer(&buffer, buffer_length,
1481
buffer_capacity);
1482
if(buffer_capacity == 0){
1483
int e = errno;
1484
perror_plus("incbuffer");
1485
errno = e;
1486
goto mandos_end;
1487
}
1488
1489
if(quit_now){
1490
errno = EINTR;
1491
goto mandos_end;
1492
}
1493
1494
sret = gnutls_record_recv(session, buffer+buffer_length,
1495
BUFFER_SIZE);
1496
if(sret == 0){
1497
break;
1498
}
1499
if(sret < 0){
1500
switch(sret){
1501
case GNUTLS_E_INTERRUPTED:
1502
case GNUTLS_E_AGAIN:
1503
break;
1504
case GNUTLS_E_REHANDSHAKE:
1505
do {
1506
ret = gnutls_handshake(session);
1507
1508
if(quit_now){
1509
errno = EINTR;
1510
goto mandos_end;
1511
}
1512
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1513
if(ret < 0){
1514
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1515
"***\n");
1516
gnutls_perror(ret);
1517
errno = EPROTO;
1518
goto mandos_end;
1519
}
1520
break;
1521
default:
1522
fprintf_plus(stderr, "Unknown error while reading data from"
1523
" encrypted session with Mandos server\n");
1524
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1525
errno = EIO;
1526
goto mandos_end;
1527
}
1528
} else {
1529
buffer_length += (size_t) sret;
1530
}
1531
}
1532
1533
if(debug){
1534
fprintf_plus(stderr, "Closing TLS session\n");
1535
}
1536
1537
if(quit_now){
1538
errno = EINTR;
1539
goto mandos_end;
1540
}
1541
1542
do {
1543
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1544
if(quit_now){
1545
errno = EINTR;
1546
goto mandos_end;
1547
}
1548
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1549
1550
if(buffer_length > 0){
1551
ssize_t decrypted_buffer_size;
1552
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1553
&decrypted_buffer, mc);
1554
if(decrypted_buffer_size >= 0){
1555
1556
clearerr(stdout);
1557
written = 0;
1558
while(written < (size_t) decrypted_buffer_size){
1559
if(quit_now){
1560
errno = EINTR;
1561
goto mandos_end;
1562
}
1563
1564
ret = (int)fwrite(decrypted_buffer + written, 1,
1565
(size_t)decrypted_buffer_size - written,
1566
stdout);
1567
if(ret == 0 and ferror(stdout)){
1568
int e = errno;
1569
if(debug){
1570
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1571
strerror(errno));
1572
}
1573
errno = e;
1574
goto mandos_end;
1575
}
1576
written += (size_t)ret;
1577
}
1578
ret = fflush(stdout);
1579
if(ret != 0){
1580
int e = errno;
1581
if(debug){
1582
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1583
strerror(errno));
1584
}
1585
errno = e;
1586
goto mandos_end;
1587
}
1588
retval = 0;
1589
}
1590
}
1591
1592
/* Shutdown procedure */
1593
1594
mandos_end:
1595
{
1596
if(route_added){
1597
if(not delete_local_route(ip, if_index)){
1598
fprintf_plus(stderr, "Failed to delete local route to %s on"
1599
" interface %d", ip, if_index);
1600
}
1601
}
1602
int e = errno;
1603
free(decrypted_buffer);
1604
free(buffer);
1605
if(tcp_sd >= 0){
1606
ret = close(tcp_sd);
1607
}
1608
if(ret == -1){
1609
if(e == 0){
1610
e = errno;
1611
}
1612
perror_plus("close");
1613
}
1614
gnutls_deinit(session);
1615
errno = e;
1616
if(quit_now){
1617
errno = EINTR;
1618
retval = -1;
1619
}
1620
}
1621
return retval;
1622
}
1623
1624
static void resolve_callback(AvahiSServiceResolver *r,
1625
AvahiIfIndex interface,
1626
AvahiProtocol proto,
1627
AvahiResolverEvent event,
1628
const char *name,
1629
const char *type,
1630
const char *domain,
1631
const char *host_name,
1632
const AvahiAddress *address,
1633
uint16_t port,
1634
AVAHI_GCC_UNUSED AvahiStringList *txt,
1635
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1636
flags,
1637
void *mc){
1638
if(r == NULL){
1639
return;
1640
}
1641
1642
/* Called whenever a service has been resolved successfully or
1643
timed out */
1644
1645
if(quit_now){
1646
avahi_s_service_resolver_free(r);
1647
return;
1648
}
1649
1650
switch(event){
1651
default:
1652
case AVAHI_RESOLVER_FAILURE:
1653
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1654
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1655
domain,
1656
avahi_strerror(avahi_server_errno
1657
(((mandos_context*)mc)->server)));
1658
break;
1659
1660
case AVAHI_RESOLVER_FOUND:
1661
{
1662
char ip[AVAHI_ADDRESS_STR_MAX];
1663
avahi_address_snprint(ip, sizeof(ip), address);
1664
if(debug){
1665
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1666
PRIdMAX ") on port %" PRIu16 "\n", name,
1667
host_name, ip, (intmax_t)interface, port);
1668
}
1669
int ret = start_mandos_communication(ip, (in_port_t)port,
1670
interface,
1671
avahi_proto_to_af(proto),
1672
mc);
1673
if(ret == 0){
1674
avahi_simple_poll_quit(simple_poll);
1675
} else {
1676
if(not add_server(ip, (in_port_t)port, interface,
1677
avahi_proto_to_af(proto),
1678
&((mandos_context*)mc)->current_server)){
1679
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1680
" list\n", name);
1681
}
1682
}
1683
}
1684
}
1685
avahi_s_service_resolver_free(r);
1686
}
1687
1688
static void browse_callback(AvahiSServiceBrowser *b,
1689
AvahiIfIndex interface,
1690
AvahiProtocol protocol,
1691
AvahiBrowserEvent event,
1692
const char *name,
1693
const char *type,
1694
const char *domain,
1695
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1696
flags,
1697
void *mc){
1698
if(b == NULL){
1699
return;
1700
}
1701
1702
/* Called whenever a new services becomes available on the LAN or
1703
is removed from the LAN */
1704
1705
if(quit_now){
1706
return;
1707
}
1708
1709
switch(event){
1710
default:
1711
case AVAHI_BROWSER_FAILURE:
1712
1713
fprintf_plus(stderr, "(Avahi browser) %s\n",
1714
avahi_strerror(avahi_server_errno
1715
(((mandos_context*)mc)->server)));
1716
avahi_simple_poll_quit(simple_poll);
1717
return;
1718
1719
case AVAHI_BROWSER_NEW:
1720
/* We ignore the returned Avahi resolver object. In the callback
1721
function we free it. If the Avahi server is terminated before
1722
the callback function is called the Avahi server will free the
1723
resolver for us. */
1724
1725
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1726
interface, protocol, name, type,
1727
domain, protocol, 0,
1728
resolve_callback, mc) == NULL)
1729
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1730
" %s\n", name,
1731
avahi_strerror(avahi_server_errno
1732
(((mandos_context*)mc)->server)));
1733
break;
1734
1735
case AVAHI_BROWSER_REMOVE:
1736
break;
1737
1738
case AVAHI_BROWSER_ALL_FOR_NOW:
1739
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1740
if(debug){
1741
fprintf_plus(stderr, "No Mandos server found, still"
1742
" searching...\n");
1743
}
1744
break;
1745
}
1746
}
1747
1748
/* Signal handler that stops main loop after SIGTERM */
1749
static void handle_sigterm(int sig){
1750
if(quit_now){
1751
return;
1752
}
1753
quit_now = 1;
1754
signal_received = sig;
1755
int old_errno = errno;
1756
/* set main loop to exit */
1757
if(simple_poll != NULL){
1758
avahi_simple_poll_quit(simple_poll);
1759
}
1760
errno = old_errno;
1761
}
1762
1763
__attribute__((nonnull, warn_unused_result))
1764
bool get_flags(const char *ifname, struct ifreq *ifr){
1765
int ret;
1766
int old_errno;
1767
1768
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1769
if(s < 0){
1770
old_errno = errno;
1771
perror_plus("socket");
1772
errno = old_errno;
1773
return false;
1774
}
1775
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1776
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1777
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1778
if(ret == -1){
1779
if(debug){
1780
old_errno = errno;
1781
perror_plus("ioctl SIOCGIFFLAGS");
1782
errno = old_errno;
1783
}
1784
if((close(s) == -1) and debug){
1785
old_errno = errno;
1786
perror_plus("close");
1787
errno = old_errno;
1788
}
1789
return false;
1790
}
1791
if((close(s) == -1) and debug){
1792
old_errno = errno;
1793
perror_plus("close");
1794
errno = old_errno;
1795
}
1796
return true;
1797
}
1798
1799
__attribute__((nonnull, warn_unused_result))
1800
bool good_flags(const char *ifname, const struct ifreq *ifr){
1801
1802
/* Reject the loopback device */
1803
if(ifr->ifr_flags & IFF_LOOPBACK){
1804
if(debug){
1805
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1806
ifname);
1807
}
1808
return false;
1809
}
1810
/* Accept point-to-point devices only if connect_to is specified */
1811
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1812
if(debug){
1813
fprintf_plus(stderr, "Accepting point-to-point interface"
1814
" \"%s\"\n", ifname);
1815
}
1816
return true;
1817
}
1818
/* Otherwise, reject non-broadcast-capable devices */
1819
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1820
if(debug){
1821
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1822
" \"%s\"\n", ifname);
1823
}
1824
return false;
1825
}
1826
/* Reject non-ARP interfaces (including dummy interfaces) */
1827
if(ifr->ifr_flags & IFF_NOARP){
1828
if(debug){
1829
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1830
ifname);
1831
}
1832
return false;
1833
}
1834
1835
/* Accept this device */
1836
if(debug){
1837
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1838
}
1839
return true;
1840
}
1841
1842
/*
1843
* This function determines if a directory entry in /sys/class/net
1844
* corresponds to an acceptable network device.
1845
* (This function is passed to scandir(3) as a filter function.)
1846
*/
1847
__attribute__((nonnull, warn_unused_result))
1848
int good_interface(const struct dirent *if_entry){
1849
if(if_entry->d_name[0] == '.'){
1850
return 0;
1851
}
1852
1853
struct ifreq ifr;
1854
if(not get_flags(if_entry->d_name, &ifr)){
1855
if(debug){
1856
fprintf_plus(stderr, "Failed to get flags for interface "
1857
"\"%s\"\n", if_entry->d_name);
1858
}
1859
return 0;
1860
}
1861
1862
if(not good_flags(if_entry->d_name, &ifr)){
1863
return 0;
1864
}
1865
return 1;
1866
}
1867
1868
/*
1869
* This function determines if a network interface is up.
1870
*/
1871
__attribute__((nonnull, warn_unused_result))
1872
bool interface_is_up(const char *interface){
1873
struct ifreq ifr;
1874
if(not get_flags(interface, &ifr)){
1875
if(debug){
1876
fprintf_plus(stderr, "Failed to get flags for interface "
1877
"\"%s\"\n", interface);
1878
}
1879
return false;
1880
}
1881
1882
return (bool)(ifr.ifr_flags & IFF_UP);
1883
}
1884
1885
/*
1886
* This function determines if a network interface is running
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1889
bool interface_is_running(const char *interface){
1890
struct ifreq ifr;
1891
if(not get_flags(interface, &ifr)){
1892
if(debug){
1893
fprintf_plus(stderr, "Failed to get flags for interface "
1894
"\"%s\"\n", interface);
1895
}
1896
return false;
1897
}
1898
1899
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1900
}
1901
1902
__attribute__((nonnull, pure, warn_unused_result))
1903
int notdotentries(const struct dirent *direntry){
1904
/* Skip "." and ".." */
1905
if(direntry->d_name[0] == '.'
1906
and (direntry->d_name[1] == '\0'
1907
or (direntry->d_name[1] == '.'
1908
and direntry->d_name[2] == '\0'))){
1909
return 0;
1910
}
1911
return 1;
1912
}
1913
1914
/* Is this directory entry a runnable program? */
1915
__attribute__((nonnull, warn_unused_result))
1916
int runnable_hook(const struct dirent *direntry){
1917
int ret;
1918
size_t sret;
1919
struct stat st;
1920
1921
if((direntry->d_name)[0] == '\0'){
1922
/* Empty name? */
1923
return 0;
1924
}
1925
1926
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1927
"abcdefghijklmnopqrstuvwxyz"
1928
"0123456789"
1929
"_.-");
1930
if((direntry->d_name)[sret] != '\0'){
1931
/* Contains non-allowed characters */
1932
if(debug){
1933
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1934
direntry->d_name);
1935
}
1936
return 0;
1937
}
1938
1939
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1940
if(ret == -1){
1941
if(debug){
1942
perror_plus("Could not stat hook");
1943
}
1944
return 0;
1945
}
1946
if(not (S_ISREG(st.st_mode))){
1947
/* Not a regular file */
1948
if(debug){
1949
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1950
direntry->d_name);
1951
}
1952
return 0;
1953
}
1954
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1955
/* Not executable */
1956
if(debug){
1957
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1958
direntry->d_name);
1959
}
1960
return 0;
1961
}
1962
if(debug){
1963
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1964
direntry->d_name);
1965
}
1966
return 1;
1967
}
1968
1969
__attribute__((nonnull, warn_unused_result))
1970
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1971
mandos_context *mc){
1972
int ret;
1973
struct timespec now;
1974
struct timespec waited_time;
1975
intmax_t block_time;
1976
1977
while(true){
1978
if(mc->current_server == NULL){
1979
if(debug){
1980
fprintf_plus(stderr, "Wait until first server is found."
1981
" No timeout!\n");
1982
}
1983
ret = avahi_simple_poll_iterate(s, -1);
1984
} else {
1985
if(debug){
1986
fprintf_plus(stderr, "Check current_server if we should run"
1987
" it, or wait\n");
1988
}
1989
/* the current time */
1990
ret = clock_gettime(CLOCK_MONOTONIC, &now);
1991
if(ret == -1){
1992
perror_plus("clock_gettime");
1993
return -1;
1994
}
1995
/* Calculating in ms how long time between now and server
1996
who we visted longest time ago. Now - last seen. */
1997
waited_time.tv_sec = (now.tv_sec
1998
- mc->current_server->last_seen.tv_sec);
1999
waited_time.tv_nsec = (now.tv_nsec
2000
- mc->current_server->last_seen.tv_nsec);
2001
/* total time is 10s/10,000ms.
2002
Converting to s from ms by dividing by 1,000,
2003
and ns to ms by dividing by 1,000,000. */
2004
block_time = ((retry_interval
2005
- ((intmax_t)waited_time.tv_sec * 1000))
2006
- ((intmax_t)waited_time.tv_nsec / 1000000));
2007
2008
if(debug){
2009
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
2010
block_time);
2011
}
2012
2013
if(block_time <= 0){
2014
ret = start_mandos_communication(mc->current_server->ip,
2015
mc->current_server->port,
2016
mc->current_server->if_index,
2017
mc->current_server->af, mc);
2018
if(ret == 0){
2019
avahi_simple_poll_quit(s);
2020
return 0;
2021
}
2022
ret = clock_gettime(CLOCK_MONOTONIC,
2023
&mc->current_server->last_seen);
2024
if(ret == -1){
2025
perror_plus("clock_gettime");
2026
return -1;
2027
}
2028
mc->current_server = mc->current_server->next;
2029
block_time = 0; /* Call avahi to find new Mandos
2030
servers, but don't block */
2031
}
2032
2033
ret = avahi_simple_poll_iterate(s, (int)block_time);
2034
}
2035
if(ret != 0){
2036
if(ret > 0 or errno != EINTR){
2037
return (ret != 1) ? ret : 0;
2038
}
2039
}
2040
}
2041
}
2042
2043
__attribute__((nonnull))
2044
void run_network_hooks(const char *mode, const char *interface,
2045
const float delay){
2046
struct dirent **direntries = NULL;
2047
if(hookdir_fd == -1){
2048
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2049
| O_CLOEXEC);
2050
if(hookdir_fd == -1){
2051
if(errno == ENOENT){
2052
if(debug){
2053
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2054
" found\n", hookdir);
2055
}
2056
} else {
2057
perror_plus("open");
2058
}
2059
return;
2060
}
2061
}
2062
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2063
if(devnull == -1){
2064
perror_plus("open(\"/dev/null\", O_RDONLY)");
2065
return;
2066
}
2067
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2068
runnable_hook, alphasort);
2069
if(numhooks == -1){
2070
perror_plus("scandir");
2071
close(devnull);
2072
return;
2073
}
2074
struct dirent *direntry;
2075
int ret;
2076
for(int i = 0; i < numhooks; i++){
2077
direntry = direntries[i];
2078
if(debug){
2079
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2080
direntry->d_name);
2081
}
2082
pid_t hook_pid = fork();
2083
if(hook_pid == 0){
2084
/* Child */
2085
/* Raise privileges */
2086
errno = raise_privileges_permanently();
2087
if(errno != 0){
2088
perror_plus("Failed to raise privileges");
2089
_exit(EX_NOPERM);
2090
}
2091
/* Set group */
2092
errno = 0;
2093
ret = setgid(0);
2094
if(ret == -1){
2095
perror_plus("setgid");
2096
_exit(EX_NOPERM);
2097
}
2098
/* Reset supplementary groups */
2099
errno = 0;
2100
ret = setgroups(0, NULL);
2101
if(ret == -1){
2102
perror_plus("setgroups");
2103
_exit(EX_NOPERM);
2104
}
2105
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2106
if(ret == -1){
2107
perror_plus("setenv");
2108
_exit(EX_OSERR);
2109
}
2110
ret = setenv("DEVICE", interface, 1);
2111
if(ret == -1){
2112
perror_plus("setenv");
2113
_exit(EX_OSERR);
2114
}
2115
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2116
if(ret == -1){
2117
perror_plus("setenv");
2118
_exit(EX_OSERR);
2119
}
2120
ret = setenv("MODE", mode, 1);
2121
if(ret == -1){
2122
perror_plus("setenv");
2123
_exit(EX_OSERR);
2124
}
2125
char *delaystring;
2126
ret = asprintf(&delaystring, "%f", (double)delay);
2127
if(ret == -1){
2128
perror_plus("asprintf");
2129
_exit(EX_OSERR);
2130
}
2131
ret = setenv("DELAY", delaystring, 1);
2132
if(ret == -1){
2133
free(delaystring);
2134
perror_plus("setenv");
2135
_exit(EX_OSERR);
2136
}
2137
free(delaystring);
2138
if(connect_to != NULL){
2139
ret = setenv("CONNECT", connect_to, 1);
2140
if(ret == -1){
2141
perror_plus("setenv");
2142
_exit(EX_OSERR);
2143
}
2144
}
2145
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2146
direntry->d_name,
2147
O_RDONLY));
2148
if(hook_fd == -1){
2149
perror_plus("openat");
2150
_exit(EXIT_FAILURE);
2151
}
2152
if(close(hookdir_fd) == -1){
2153
perror_plus("close");
2154
_exit(EXIT_FAILURE);
2155
}
2156
ret = dup2(devnull, STDIN_FILENO);
2157
if(ret == -1){
2158
perror_plus("dup2(devnull, STDIN_FILENO)");
2159
_exit(EX_OSERR);
2160
}
2161
ret = close(devnull);
2162
if(ret == -1){
2163
perror_plus("close");
2164
_exit(EX_OSERR);
2165
}
2166
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2167
if(ret == -1){
2168
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2169
_exit(EX_OSERR);
2170
}
2171
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2172
environ) == -1){
2173
perror_plus("fexecve");
2174
_exit(EXIT_FAILURE);
2175
}
2176
} else {
2177
if(hook_pid == -1){
2178
perror_plus("fork");
2179
free(direntry);
2180
continue;
2181
}
2182
int status;
2183
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2184
perror_plus("waitpid");
2185
free(direntry);
2186
continue;
2187
}
2188
if(WIFEXITED(status)){
2189
if(WEXITSTATUS(status) != 0){
2190
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2191
" with status %d\n", direntry->d_name,
2192
WEXITSTATUS(status));
2193
free(direntry);
2194
continue;
2195
}
2196
} else if(WIFSIGNALED(status)){
2197
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2198
" signal %d\n", direntry->d_name,
2199
WTERMSIG(status));
2200
free(direntry);
2201
continue;
2202
} else {
2203
fprintf_plus(stderr, "Warning: network hook \"%s\""
2204
" crashed\n", direntry->d_name);
2205
free(direntry);
2206
continue;
2207
}
2208
}
2209
if(debug){
2210
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2211
direntry->d_name);
2212
}
2213
free(direntry);
2214
}
2215
free(direntries);
2216
if(close(hookdir_fd) == -1){
2217
perror_plus("close");
2218
} else {
2219
hookdir_fd = -1;
2220
}
2221
close(devnull);
2222
}
2223
2224
__attribute__((nonnull, warn_unused_result))
2225
int bring_up_interface(const char *const interface,
2226
const float delay){
2227
int old_errno = errno;
2228
int ret;
2229
struct ifreq network;
2230
unsigned int if_index = if_nametoindex(interface);
2231
if(if_index == 0){
2232
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2233
errno = old_errno;
2234
return ENXIO;
2235
}
2236
2237
if(quit_now){
2238
errno = old_errno;
2239
return EINTR;
2240
}
2241
2242
if(not interface_is_up(interface)){
2243
int ret_errno = 0;
2244
int ioctl_errno = 0;
2245
if(not get_flags(interface, &network)){
2246
ret_errno = errno;
2247
fprintf_plus(stderr, "Failed to get flags for interface "
2248
"\"%s\"\n", interface);
2249
errno = old_errno;
2250
return ret_errno;
2251
}
2252
network.ifr_flags |= IFF_UP; /* set flag */
2253
2254
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2255
if(sd == -1){
2256
ret_errno = errno;
2257
perror_plus("socket");
2258
errno = old_errno;
2259
return ret_errno;
2260
}
2261
2262
if(quit_now){
2263
ret = close(sd);
2264
if(ret == -1){
2265
perror_plus("close");
2266
}
2267
errno = old_errno;
2268
return EINTR;
2269
}
2270
2271
if(debug){
2272
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2273
interface);
2274
}
2275
2276
/* Raise privileges */
2277
ret_errno = raise_privileges();
2278
if(ret_errno != 0){
2279
errno = ret_errno;
2280
perror_plus("Failed to raise privileges");
2281
}
2282
2283
#ifdef __linux__
2284
int ret_linux;
2285
bool restore_loglevel = false;
2286
if(ret_errno == 0){
2287
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2288
messages about the network interface to mess up the prompt */
2289
ret_linux = klogctl(8, NULL, 5);
2290
if(ret_linux == -1){
2291
perror_plus("klogctl");
2292
} else {
2293
restore_loglevel = true;
2294
}
2295
}
2296
#endif /* __linux__ */
2297
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2298
ioctl_errno = errno;
2299
#ifdef __linux__
2300
if(restore_loglevel){
2301
ret_linux = klogctl(7, NULL, 0);
2302
if(ret_linux == -1){
2303
perror_plus("klogctl");
2304
}
2305
}
2306
#endif /* __linux__ */
2307
2308
/* If raise_privileges() succeeded above */
2309
if(ret_errno == 0){
2310
/* Lower privileges */
2311
ret_errno = lower_privileges();
2312
if(ret_errno != 0){
2313
errno = ret_errno;
2314
perror_plus("Failed to lower privileges");
2315
}
2316
}
2317
2318
/* Close the socket */
2319
ret = close(sd);
2320
if(ret == -1){
2321
perror_plus("close");
2322
}
2323
2324
if(ret_setflags == -1){
2325
errno = ioctl_errno;
2326
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2327
errno = old_errno;
2328
return ioctl_errno;
2329
}
2330
} else if(debug){
2331
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2332
interface);
2333
}
2334
2335
/* Sleep checking until interface is running.
2336
Check every 0.25s, up to total time of delay */
2337
for(int i = 0; i < delay * 4; i++){
2338
if(interface_is_running(interface)){
2339
break;
2340
}
2341
struct timespec sleeptime = { .tv_nsec = 250000000 };
2342
ret = nanosleep(&sleeptime, NULL);
2343
if(ret == -1 and errno != EINTR){
2344
perror_plus("nanosleep");
2345
}
2346
}
2347
2348
errno = old_errno;
2349
return 0;
2350
}
2351
2352
__attribute__((nonnull, warn_unused_result))
2353
int take_down_interface(const char *const interface){
2354
int old_errno = errno;
2355
struct ifreq network;
2356
unsigned int if_index = if_nametoindex(interface);
2357
if(if_index == 0){
2358
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2359
errno = old_errno;
2360
return ENXIO;
2361
}
2362
if(interface_is_up(interface)){
2363
int ret_errno = 0;
2364
int ioctl_errno = 0;
2365
if(not get_flags(interface, &network) and debug){
2366
ret_errno = errno;
2367
fprintf_plus(stderr, "Failed to get flags for interface "
2368
"\"%s\"\n", interface);
2369
errno = old_errno;
2370
return ret_errno;
2371
}
2372
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2373
2374
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2375
if(sd == -1){
2376
ret_errno = errno;
2377
perror_plus("socket");
2378
errno = old_errno;
2379
return ret_errno;
2380
}
2381
2382
if(debug){
2383
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2384
interface);
2385
}
2386
2387
/* Raise privileges */
2388
ret_errno = raise_privileges();
2389
if(ret_errno != 0){
2390
errno = ret_errno;
2391
perror_plus("Failed to raise privileges");
2392
}
2393
2394
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2395
ioctl_errno = errno;
2396
2397
/* If raise_privileges() succeeded above */
2398
if(ret_errno == 0){
2399
/* Lower privileges */
2400
ret_errno = lower_privileges();
2401
if(ret_errno != 0){
2402
errno = ret_errno;
2403
perror_plus("Failed to lower privileges");
2404
}
2405
}
2406
2407
/* Close the socket */
2408
int ret = close(sd);
2409
if(ret == -1){
2410
perror_plus("close");
2411
}
2412
2413
if(ret_setflags == -1){
2414
errno = ioctl_errno;
2415
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2416
errno = old_errno;
2417
return ioctl_errno;
2418
}
2419
} else if(debug){
2420
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2421
interface);
2422
}
2423
2424
errno = old_errno;
2425
return 0;
2426
}
2427
2428
int main(int argc, char *argv[]){
2429
mandos_context mc = { .server = NULL, .dh_bits = 0,
2430
.priority = "SECURE256:!CTYPE-X.509"
2431
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2432
.current_server = NULL, .interfaces = NULL,
2433
.interfaces_size = 0 };
2434
AvahiSServiceBrowser *sb = NULL;
2435
error_t ret_errno;
2436
int ret;
2437
intmax_t tmpmax;
2438
char *tmp;
2439
int exitcode = EXIT_SUCCESS;
2440
char *interfaces_to_take_down = NULL;
2441
size_t interfaces_to_take_down_size = 0;
2442
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2443
char old_tempdir[] = "/tmp/mandosXXXXXX";
2444
char *tempdir = NULL;
2445
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2446
const char *seckey = PATHDIR "/" SECKEY;
2447
const char *pubkey = PATHDIR "/" PUBKEY;
2448
const char *dh_params_file = NULL;
2449
char *interfaces_hooks = NULL;
2450
2451
bool gnutls_initialized = false;
2452
bool gpgme_initialized = false;
2453
float delay = 2.5f;
2454
double retry_interval = 10; /* 10s between trying a server and
2455
retrying the same server again */
2456
2457
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2458
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2459
2460
uid = getuid();
2461
gid = getgid();
2462
2463
/* Lower any group privileges we might have, just to be safe */
2464
errno = 0;
2465
ret = setgid(gid);
2466
if(ret == -1){
2467
perror_plus("setgid");
2468
}
2469
2470
/* Lower user privileges (temporarily) */
2471
errno = 0;
2472
ret = seteuid(uid);
2473
if(ret == -1){
2474
perror_plus("seteuid");
2475
}
2476
2477
if(quit_now){
2478
goto end;
2479
}
2480
2481
{
2482
struct argp_option options[] = {
2483
{ .name = "debug", .key = 128,
2484
.doc = "Debug mode", .group = 3 },
2485
{ .name = "connect", .key = 'c',
2486
.arg = "ADDRESS:PORT",
2487
.doc = "Connect directly to a specific Mandos server",
2488
.group = 1 },
2489
{ .name = "interface", .key = 'i',
2490
.arg = "NAME",
2491
.doc = "Network interface that will be used to search for"
2492
" Mandos servers",
2493
.group = 1 },
2494
{ .name = "seckey", .key = 's',
2495
.arg = "FILE",
2496
.doc = "OpenPGP secret key file base name",
2497
.group = 1 },
2498
{ .name = "pubkey", .key = 'p',
2499
.arg = "FILE",
2500
.doc = "OpenPGP public key file base name",
2501
.group = 2 },
2502
{ .name = "dh-bits", .key = 129,
2503
.arg = "BITS",
2504
.doc = "Bit length of the prime number used in the"
2505
" Diffie-Hellman key exchange",
2506
.group = 2 },
2507
{ .name = "dh-params", .key = 134,
2508
.arg = "FILE",
2509
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2510
" for the Diffie-Hellman key exchange",
2511
.group = 2 },
2512
{ .name = "priority", .key = 130,
2513
.arg = "STRING",
2514
.doc = "GnuTLS priority string for the TLS handshake",
2515
.group = 1 },
2516
{ .name = "delay", .key = 131,
2517
.arg = "SECONDS",
2518
.doc = "Maximum delay to wait for interface startup",
2519
.group = 2 },
2520
{ .name = "retry", .key = 132,
2521
.arg = "SECONDS",
2522
.doc = "Retry interval used when denied by the Mandos server",
2523
.group = 2 },
2524
{ .name = "network-hook-dir", .key = 133,
2525
.arg = "DIR",
2526
.doc = "Directory where network hooks are located",
2527
.group = 2 },
2528
/*
2529
* These reproduce what we would get without ARGP_NO_HELP
2530
*/
2531
{ .name = "help", .key = '?',
2532
.doc = "Give this help list", .group = -1 },
2533
{ .name = "usage", .key = -3,
2534
.doc = "Give a short usage message", .group = -1 },
2535
{ .name = "version", .key = 'V',
2536
.doc = "Print program version", .group = -1 },
2537
{ .name = NULL }
2538
};
2539
2540
error_t parse_opt(int key, char *arg,
2541
struct argp_state *state){
2542
errno = 0;
2543
switch(key){
2544
case 128: /* --debug */
2545
debug = true;
2546
break;
2547
case 'c': /* --connect */
2548
connect_to = arg;
2549
break;
2550
case 'i': /* --interface */
2551
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2552
arg, (int)',');
2553
if(ret_errno != 0){
2554
argp_error(state, "%s", strerror(ret_errno));
2555
}
2556
break;
2557
case 's': /* --seckey */
2558
seckey = arg;
2559
break;
2560
case 'p': /* --pubkey */
2561
pubkey = arg;
2562
break;
2563
case 129: /* --dh-bits */
2564
errno = 0;
2565
tmpmax = strtoimax(arg, &tmp, 10);
2566
if(errno != 0 or tmp == arg or *tmp != '\0'
2567
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2568
argp_error(state, "Bad number of DH bits");
2569
}
2570
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2571
break;
2572
case 134: /* --dh-params */
2573
dh_params_file = arg;
2574
break;
2575
case 130: /* --priority */
2576
mc.priority = arg;
2577
break;
2578
case 131: /* --delay */
2579
errno = 0;
2580
delay = strtof(arg, &tmp);
2581
if(errno != 0 or tmp == arg or *tmp != '\0'){
2582
argp_error(state, "Bad delay");
2583
}
2584
case 132: /* --retry */
2585
errno = 0;
2586
retry_interval = strtod(arg, &tmp);
2587
if(errno != 0 or tmp == arg or *tmp != '\0'
2588
or (retry_interval * 1000) > INT_MAX
2589
or retry_interval < 0){
2590
argp_error(state, "Bad retry interval");
2591
}
2592
break;
2593
case 133: /* --network-hook-dir */
2594
hookdir = arg;
2595
break;
2596
/*
2597
* These reproduce what we would get without ARGP_NO_HELP
2598
*/
2599
case '?': /* --help */
2600
argp_state_help(state, state->out_stream,
2601
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2602
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2603
case -3: /* --usage */
2604
argp_state_help(state, state->out_stream,
2605
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2606
case 'V': /* --version */
2607
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2608
exit(argp_err_exit_status);
2609
break;
2610
default:
2611
return ARGP_ERR_UNKNOWN;
2612
}
2613
return errno;
2614
}
2615
2616
struct argp argp = { .options = options, .parser = parse_opt,
2617
.args_doc = "",
2618
.doc = "Mandos client -- Get and decrypt"
2619
" passwords from a Mandos server" };
2620
ret_errno = argp_parse(&argp, argc, argv,
2621
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2622
switch(ret_errno){
2623
case 0:
2624
break;
2625
case ENOMEM:
2626
default:
2627
errno = ret_errno;
2628
perror_plus("argp_parse");
2629
exitcode = EX_OSERR;
2630
goto end;
2631
case EINVAL:
2632
exitcode = EX_USAGE;
2633
goto end;
2634
}
2635
}
2636
2637
{
2638
/* Work around Debian bug #633582:
2639
<https://bugs.debian.org/633582> */
2640
2641
/* Re-raise privileges */
2642
ret = raise_privileges();
2643
if(ret != 0){
2644
errno = ret;
2645
perror_plus("Failed to raise privileges");
2646
} else {
2647
struct stat st;
2648
2649
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2650
int seckey_fd = open(seckey, O_RDONLY);
2651
if(seckey_fd == -1){
2652
perror_plus("open");
2653
} else {
2654
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2655
if(ret == -1){
2656
perror_plus("fstat");
2657
} else {
2658
if(S_ISREG(st.st_mode)
2659
and st.st_uid == 0 and st.st_gid == 0){
2660
ret = fchown(seckey_fd, uid, gid);
2661
if(ret == -1){
2662
perror_plus("fchown");
2663
}
2664
}
2665
}
2666
close(seckey_fd);
2667
}
2668
}
2669
2670
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2671
int pubkey_fd = open(pubkey, O_RDONLY);
2672
if(pubkey_fd == -1){
2673
perror_plus("open");
2674
} else {
2675
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2676
if(ret == -1){
2677
perror_plus("fstat");
2678
} else {
2679
if(S_ISREG(st.st_mode)
2680
and st.st_uid == 0 and st.st_gid == 0){
2681
ret = fchown(pubkey_fd, uid, gid);
2682
if(ret == -1){
2683
perror_plus("fchown");
2684
}
2685
}
2686
}
2687
close(pubkey_fd);
2688
}
2689
}
2690
2691
if(dh_params_file != NULL
2692
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2693
int dhparams_fd = open(dh_params_file, O_RDONLY);
2694
if(dhparams_fd == -1){
2695
perror_plus("open");
2696
} else {
2697
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2698
if(ret == -1){
2699
perror_plus("fstat");
2700
} else {
2701
if(S_ISREG(st.st_mode)
2702
and st.st_uid == 0 and st.st_gid == 0){
2703
ret = fchown(dhparams_fd, uid, gid);
2704
if(ret == -1){
2705
perror_plus("fchown");
2706
}
2707
}
2708
}
2709
close(dhparams_fd);
2710
}
2711
}
2712
2713
/* Lower privileges */
2714
ret = lower_privileges();
2715
if(ret != 0){
2716
errno = ret;
2717
perror_plus("Failed to lower privileges");
2718
}
2719
}
2720
}
2721
2722
/* Remove invalid interface names (except "none") */
2723
{
2724
char *interface = NULL;
2725
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2726
interface))){
2727
if(strcmp(interface, "none") != 0
2728
and if_nametoindex(interface) == 0){
2729
if(interface[0] != '\0'){
2730
fprintf_plus(stderr, "Not using nonexisting interface"
2731
" \"%s\"\n", interface);
2732
}
2733
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2734
interface = NULL;
2735
}
2736
}
2737
}
2738
2739
/* Run network hooks */
2740
{
2741
if(mc.interfaces != NULL){
2742
interfaces_hooks = malloc(mc.interfaces_size);
2743
if(interfaces_hooks == NULL){
2744
perror_plus("malloc");
2745
goto end;
2746
}
2747
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2748
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2749
}
2750
run_network_hooks("start", interfaces_hooks != NULL ?
2751
interfaces_hooks : "", delay);
2752
}
2753
2754
if(not debug){
2755
avahi_set_log_function(empty_log);
2756
}
2757
2758
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2759
from the signal handler */
2760
/* Initialize the pseudo-RNG for Avahi */
2761
srand((unsigned int) time(NULL));
2762
simple_poll = avahi_simple_poll_new();
2763
if(simple_poll == NULL){
2764
fprintf_plus(stderr,
2765
"Avahi: Failed to create simple poll object.\n");
2766
exitcode = EX_UNAVAILABLE;
2767
goto end;
2768
}
2769
2770
sigemptyset(&sigterm_action.sa_mask);
2771
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2772
if(ret == -1){
2773
perror_plus("sigaddset");
2774
exitcode = EX_OSERR;
2775
goto end;
2776
}
2777
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2778
if(ret == -1){
2779
perror_plus("sigaddset");
2780
exitcode = EX_OSERR;
2781
goto end;
2782
}
2783
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2784
if(ret == -1){
2785
perror_plus("sigaddset");
2786
exitcode = EX_OSERR;
2787
goto end;
2788
}
2789
/* Need to check if the handler is SIG_IGN before handling:
2790
| [[info:libc:Initial Signal Actions]] |
2791
| [[info:libc:Basic Signal Handling]] |
2792
*/
2793
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2794
if(ret == -1){
2795
perror_plus("sigaction");
2796
return EX_OSERR;
2797
}
2798
if(old_sigterm_action.sa_handler != SIG_IGN){
2799
ret = sigaction(SIGINT, &sigterm_action, NULL);
2800
if(ret == -1){
2801
perror_plus("sigaction");
2802
exitcode = EX_OSERR;
2803
goto end;
2804
}
2805
}
2806
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2807
if(ret == -1){
2808
perror_plus("sigaction");
2809
return EX_OSERR;
2810
}
2811
if(old_sigterm_action.sa_handler != SIG_IGN){
2812
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2813
if(ret == -1){
2814
perror_plus("sigaction");
2815
exitcode = EX_OSERR;
2816
goto end;
2817
}
2818
}
2819
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2820
if(ret == -1){
2821
perror_plus("sigaction");
2822
return EX_OSERR;
2823
}
2824
if(old_sigterm_action.sa_handler != SIG_IGN){
2825
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2826
if(ret == -1){
2827
perror_plus("sigaction");
2828
exitcode = EX_OSERR;
2829
goto end;
2830
}
2831
}
2832
2833
/* If no interfaces were specified, make a list */
2834
if(mc.interfaces == NULL){
2835
struct dirent **direntries = NULL;
2836
/* Look for any good interfaces */
2837
ret = scandir(sys_class_net, &direntries, good_interface,
2838
alphasort);
2839
if(ret >= 1){
2840
/* Add all found interfaces to interfaces list */
2841
for(int i = 0; i < ret; ++i){
2842
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2843
direntries[i]->d_name);
2844
if(ret_errno != 0){
2845
errno = ret_errno;
2846
perror_plus("argz_add");
2847
free(direntries[i]);
2848
continue;
2849
}
2850
if(debug){
2851
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2852
direntries[i]->d_name);
2853
}
2854
free(direntries[i]);
2855
}
2856
free(direntries);
2857
} else {
2858
if(ret == 0){
2859
free(direntries);
2860
}
2861
fprintf_plus(stderr, "Could not find a network interface\n");
2862
exitcode = EXIT_FAILURE;
2863
goto end;
2864
}
2865
}
2866
2867
/* Bring up interfaces which are down, and remove any "none"s */
2868
{
2869
char *interface = NULL;
2870
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2871
interface))){
2872
/* If interface name is "none", stop bringing up interfaces.
2873
Also remove all instances of "none" from the list */
2874
if(strcmp(interface, "none") == 0){
2875
argz_delete(&mc.interfaces, &mc.interfaces_size,
2876
interface);
2877
interface = NULL;
2878
while((interface = argz_next(mc.interfaces,
2879
mc.interfaces_size, interface))){
2880
if(strcmp(interface, "none") == 0){
2881
argz_delete(&mc.interfaces, &mc.interfaces_size,
2882
interface);
2883
interface = NULL;
2884
}
2885
}
2886
break;
2887
}
2888
bool interface_was_up = interface_is_up(interface);
2889
errno = bring_up_interface(interface, delay);
2890
if(not interface_was_up){
2891
if(errno != 0){
2892
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2893
" %s\n", interface, strerror(errno));
2894
} else {
2895
errno = argz_add(&interfaces_to_take_down,
2896
&interfaces_to_take_down_size,
2897
interface);
2898
if(errno != 0){
2899
perror_plus("argz_add");
2900
}
2901
}
2902
}
2903
}
2904
if(debug and (interfaces_to_take_down == NULL)){
2905
fprintf_plus(stderr, "No interfaces were brought up\n");
2906
}
2907
}
2908
2909
/* If we only got one interface, explicitly use only that one */
2910
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2911
if(debug){
2912
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2913
mc.interfaces);
2914
}
2915
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2916
}
2917
2918
if(quit_now){
2919
goto end;
2920
}
2921
2922
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2923
if(ret == -1){
2924
fprintf_plus(stderr, "init_gnutls_global failed\n");
2925
exitcode = EX_UNAVAILABLE;
2926
goto end;
2927
} else {
2928
gnutls_initialized = true;
2929
}
2930
2931
if(quit_now){
2932
goto end;
2933
}
2934
2935
/* Try /run/tmp before /tmp */
2936
tempdir = mkdtemp(run_tempdir);
2937
if(tempdir == NULL and errno == ENOENT){
2938
if(debug){
2939
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
2940
run_tempdir, old_tempdir);
2941
}
2942
tempdir = mkdtemp(old_tempdir);
2943
}
2944
if(tempdir == NULL){
2945
perror_plus("mkdtemp");
2946
goto end;
2947
}
2948
2949
if(quit_now){
2950
goto end;
2951
}
2952
2953
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
2954
fprintf_plus(stderr, "init_gpgme failed\n");
2955
exitcode = EX_UNAVAILABLE;
2956
goto end;
2957
} else {
2958
gpgme_initialized = true;
2959
}
2960
2961
if(quit_now){
2962
goto end;
2963
}
2964
2965
if(connect_to != NULL){
2966
/* Connect directly, do not use Zeroconf */
2967
/* (Mainly meant for debugging) */
2968
char *address = strrchr(connect_to, ':');
2969
2970
if(address == NULL){
2971
fprintf_plus(stderr, "No colon in address\n");
2972
exitcode = EX_USAGE;
2973
goto end;
2974
}
2975
2976
if(quit_now){
2977
goto end;
2978
}
2979
2980
in_port_t port;
2981
errno = 0;
2982
tmpmax = strtoimax(address+1, &tmp, 10);
2983
if(errno != 0 or tmp == address+1 or *tmp != '\0'
2984
or tmpmax != (in_port_t)tmpmax){
2985
fprintf_plus(stderr, "Bad port number\n");
2986
exitcode = EX_USAGE;
2987
goto end;
2988
}
2989
2990
if(quit_now){
2991
goto end;
2992
}
2993
2994
port = (in_port_t)tmpmax;
2995
*address = '\0';
2996
/* Colon in address indicates IPv6 */
2997
int af;
2998
if(strchr(connect_to, ':') != NULL){
2999
af = AF_INET6;
3000
/* Accept [] around IPv6 address - see RFC 5952 */
3001
if(connect_to[0] == '[' and address[-1] == ']')
3002
{
3003
connect_to++;
3004
address[-1] = '\0';
3005
}
3006
} else {
3007
af = AF_INET;
3008
}
3009
address = connect_to;
3010
3011
if(quit_now){
3012
goto end;
3013
}
3014
3015
while(not quit_now){
3016
ret = start_mandos_communication(address, port, if_index, af,
3017
&mc);
3018
if(quit_now or ret == 0){
3019
break;
3020
}
3021
if(debug){
3022
fprintf_plus(stderr, "Retrying in %d seconds\n",
3023
(int)retry_interval);
3024
}
3025
sleep((unsigned int)retry_interval);
3026
}
3027
3028
if(not quit_now){
3029
exitcode = EXIT_SUCCESS;
3030
}
3031
3032
goto end;
3033
}
3034
3035
if(quit_now){
3036
goto end;
3037
}
3038
3039
{
3040
AvahiServerConfig config;
3041
/* Do not publish any local Zeroconf records */
3042
avahi_server_config_init(&config);
3043
config.publish_hinfo = 0;
3044
config.publish_addresses = 0;
3045
config.publish_workstation = 0;
3046
config.publish_domain = 0;
3047
3048
/* Allocate a new server */
3049
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3050
&config, NULL, NULL, &ret);
3051
3052
/* Free the Avahi configuration data */
3053
avahi_server_config_free(&config);
3054
}
3055
3056
/* Check if creating the Avahi server object succeeded */
3057
if(mc.server == NULL){
3058
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3059
avahi_strerror(ret));
3060
exitcode = EX_UNAVAILABLE;
3061
goto end;
3062
}
3063
3064
if(quit_now){
3065
goto end;
3066
}
3067
3068
/* Create the Avahi service browser */
3069
sb = avahi_s_service_browser_new(mc.server, if_index,
3070
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
3071
NULL, 0, browse_callback,
3072
(void *)&mc);
3073
if(sb == NULL){
3074
fprintf_plus(stderr, "Failed to create service browser: %s\n",
3075
avahi_strerror(avahi_server_errno(mc.server)));
3076
exitcode = EX_UNAVAILABLE;
3077
goto end;
3078
}
3079
3080
if(quit_now){
3081
goto end;
3082
}
3083
3084
/* Run the main loop */
3085
3086
if(debug){
3087
fprintf_plus(stderr, "Starting Avahi loop search\n");
3088
}
3089
3090
ret = avahi_loop_with_timeout(simple_poll,
3091
(int)(retry_interval * 1000), &mc);
3092
if(debug){
3093
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
3094
(ret == 0) ? "successfully" : "with error");
3095
}
3096
3097
end:
3098
3099
if(debug){
3100
if(signal_received){
3101
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3102
argv[0], signal_received,
3103
strsignal(signal_received));
3104
} else {
3105
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3106
}
3107
}
3108
3109
/* Cleanup things */
3110
free(mc.interfaces);
3111
3112
if(sb != NULL)
3113
avahi_s_service_browser_free(sb);
3114
3115
if(mc.server != NULL)
3116
avahi_server_free(mc.server);
3117
3118
if(simple_poll != NULL)
3119
avahi_simple_poll_free(simple_poll);
3120
3121
if(gnutls_initialized){
3122
gnutls_certificate_free_credentials(mc.cred);
3123
gnutls_dh_params_deinit(mc.dh_params);
3124
}
3125
3126
if(gpgme_initialized){
3127
gpgme_release(mc.ctx);
3128
}
3129
3130
/* Cleans up the circular linked list of Mandos servers the client
3131
has seen */
3132
if(mc.current_server != NULL){
3133
mc.current_server->prev->next = NULL;
3134
while(mc.current_server != NULL){
3135
server *next = mc.current_server->next;
3136
#ifdef __GNUC__
3137
#pragma GCC diagnostic push
3138
#pragma GCC diagnostic ignored "-Wcast-qual"
3139
#endif
3140
free((char *)(mc.current_server->ip));
3141
#ifdef __GNUC__
3142
#pragma GCC diagnostic pop
3143
#endif
3144
free(mc.current_server);
3145
mc.current_server = next;
3146
}
3147
}
3148
3149
/* Re-raise privileges */
3150
{
3151
ret = raise_privileges();
3152
if(ret != 0){
3153
errno = ret;
3154
perror_plus("Failed to raise privileges");
3155
} else {
3156
3157
/* Run network hooks */
3158
run_network_hooks("stop", interfaces_hooks != NULL ?
3159
interfaces_hooks : "", delay);
3160
3161
/* Take down the network interfaces which were brought up */
3162
{
3163
char *interface = NULL;
3164
while((interface = argz_next(interfaces_to_take_down,
3165
interfaces_to_take_down_size,
3166
interface))){
3167
ret = take_down_interface(interface);
3168
if(ret != 0){
3169
errno = ret;
3170
perror_plus("Failed to take down interface");
3171
}
3172
}
3173
if(debug and (interfaces_to_take_down == NULL)){
3174
fprintf_plus(stderr, "No interfaces needed to be taken"
3175
" down\n");
3176
}
3177
}
3178
}
3179
3180
ret = lower_privileges_permanently();
3181
if(ret != 0){
3182
errno = ret;
3183
perror_plus("Failed to lower privileges permanently");
3184
}
3185
}
3186
3187
free(interfaces_to_take_down);
3188
free(interfaces_hooks);
3189
3190
void clean_dir_at(int base, const char * const dirname,
3191
uintmax_t level){
3192
struct dirent **direntries = NULL;
3193
int dret;
3194
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3195
O_RDONLY
3196
| O_NOFOLLOW
3197
| O_DIRECTORY
3198
| O_PATH));
3199
if(dir_fd == -1){
3200
perror_plus("open");
3201
return;
3202
}
3203
int numentries = scandirat(dir_fd, ".", &direntries,
3204
notdotentries, alphasort);
3205
if(numentries >= 0){
3206
for(int i = 0; i < numentries; i++){
3207
if(debug){
3208
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3209
dirname, direntries[i]->d_name);
3210
}
3211
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3212
if(dret == -1){
3213
if(errno == EISDIR){
3214
dret = unlinkat(dir_fd, direntries[i]->d_name,
3215
AT_REMOVEDIR);
3216
}
3217
if((dret == -1) and (errno == ENOTEMPTY)
3218
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3219
== 0) and (level == 0)){
3220
/* Recurse only in this special case */
3221
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3222
dret = 0;
3223
}
3224
if((dret == -1) and (errno != ENOENT)){
3225
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3226
direntries[i]->d_name, strerror(errno));
3227
}
3228
}
3229
free(direntries[i]);
3230
}
3231
3232
/* need to clean even if 0 because man page doesn't specify */
3233
free(direntries);
3234
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3235
if(dret == -1 and errno != ENOENT){
3236
perror_plus("rmdir");
3237
}
3238
} else {
3239
perror_plus("scandirat");
3240
}
3241
close(dir_fd);
3242
}
3243
3244
/* Removes the GPGME temp directory and all files inside */
3245
if(tempdir != NULL){
3246
clean_dir_at(-1, tempdir, 0);
3247
}
3248
3249
if(quit_now){
3250
sigemptyset(&old_sigterm_action.sa_mask);
3251
old_sigterm_action.sa_handler = SIG_DFL;
3252
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3253
&old_sigterm_action,
3254
NULL));
3255
if(ret == -1){
3256
perror_plus("sigaction");
3257
}
3258
do {
3259
ret = raise(signal_received);
3260
} while(ret != 0 and errno == EINTR);
3261
if(ret != 0){
3262
perror_plus("raise");
3263
abort();
3264
}
3265
TEMP_FAILURE_RETRY(pause());
3266
}
3267
3268
return exitcode;
3269
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0