To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 951
- compare with another revision
- download diff
- download tarball
- view history from revision 951
- Committer: Teddy Hogeborn
- Date: 2018-08-15 09:26:02 UTC
- Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
mandos-client: Set system clock if necessary
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
clock is not set, or set to january 1970, set the system clock to
the more plausible value that is the mtime of the key file. This is
required by GnuPG to be able to import the keys. (We can't pass the
--ignore-time-conflict or the --ignore-valid-from options though
GPGME.)
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2014 Teddy Hogeborn
13
* Copyright © 2008-2014 Björn Påhlsson
14
*
15
* This program is free software: you can redistribute it and/or
16
* modify it under the terms of the GNU General Public License as
17
* published by the Free Software Foundation, either version 3 of the
18
* License, or (at your option) any later version.
19
*
20
* This program is distributed in the hope that it will be useful, but
12
* Copyright © 2008-2018 Teddy Hogeborn
13
* Copyright © 2008-2018 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
21
23
* WITHOUT ANY WARRANTY; without even the implied warranty of
22
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
25
* General Public License for more details.
24
26
*
25
27
* You should have received a copy of the GNU General Public License
26
* along with this program. If not, see
27
* <http://www.gnu.org/licenses/>.
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
28
29
*
29
30
* Contact the authors at <mandos@recompile.se>.
30
31
*/
46
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
48
strtof(), abort() */
48
49
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
51
53
#include <sys/ioctl.h> /* ioctl */
52
54
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
55
sockaddr_in6, PF_INET6,
57
59
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
60
inet_pton(), connect(),
59
61
getnameinfo() */
60
#include <fcntl.h> /* open(), unlinkat() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
61
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
62
64
*/
63
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
64
66
strtoimax() */
65
#include <errno.h> /* perror(), errno,
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
66
72
program_invocation_short_name */
67
73
#include <time.h> /* nanosleep(), time(), sleep() */
68
74
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
266
272
return true;
267
273
}
268
274
275
/* Set effective uid to 0, return errno */
276
__attribute__((warn_unused_result))
277
int raise_privileges(void){
278
int old_errno = errno;
279
int ret = 0;
280
if(seteuid(0) == -1){
281
ret = errno;
282
}
283
errno = old_errno;
284
return ret;
285
}
286
287
/* Set effective and real user ID to 0. Return errno. */
288
__attribute__((warn_unused_result))
289
int raise_privileges_permanently(void){
290
int old_errno = errno;
291
int ret = raise_privileges();
292
if(ret != 0){
293
errno = old_errno;
294
return ret;
295
}
296
if(setuid(0) == -1){
297
ret = errno;
298
}
299
errno = old_errno;
300
return ret;
301
}
302
303
/* Set effective user ID to unprivileged saved user ID */
304
__attribute__((warn_unused_result))
305
int lower_privileges(void){
306
int old_errno = errno;
307
int ret = 0;
308
if(seteuid(uid) == -1){
309
ret = errno;
310
}
311
errno = old_errno;
312
return ret;
313
}
314
315
/* Lower privileges permanently */
316
__attribute__((warn_unused_result))
317
int lower_privileges_permanently(void){
318
int old_errno = errno;
319
int ret = 0;
320
if(setuid(uid) == -1){
321
ret = errno;
322
}
323
errno = old_errno;
324
return ret;
325
}
326
269
327
/*
270
328
* Initialize GPGME.
271
329
*/
291
349
return false;
292
350
}
293
351
352
/* Workaround for systems without a real-time clock; see also
353
Debian bug #894495: <https://bugs.debian.org/894495> */
354
do {
355
{
356
time_t currtime = time(NULL);
357
if(currtime != (time_t)-1){
358
struct tm tm;
359
if(gmtime_r(&currtime, &tm) == NULL) {
360
perror_plus("gmtime_r");
361
break;
362
}
363
if(tm.tm_year != 70 or tm.tm_mon != 0){
364
break;
365
}
366
if(debug){
367
fprintf_plus(stderr, "System clock is January 1970");
368
}
369
} else {
370
if(debug){
371
fprintf_plus(stderr, "System clock is invalid");
372
}
373
}
374
}
375
struct stat keystat;
376
ret = fstat(fd, &keystat);
377
if(ret != 0){
378
perror_plus("fstat");
379
break;
380
}
381
ret = raise_privileges();
382
if(ret != 0){
383
errno = ret;
384
perror_plus("Failed to raise privileges");
385
break;
386
}
387
if(debug){
388
fprintf_plus(stderr,
389
"Setting system clock to key file mtime");
390
}
391
time_t keytime = keystat.st_mtim.tv_sec;
392
if(stime(&keytime) != 0){
393
perror_plus("stime");
394
}
395
ret = lower_privileges();
396
if(ret != 0){
397
errno = ret;
398
perror_plus("Failed to lower privileges");
399
}
400
} while(false);
401
294
402
rc = gpgme_data_new_from_fd(&pgp_data, fd);
295
403
if(rc != GPG_ERR_NO_ERROR){
296
404
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
304
412
gpgme_strsource(rc), gpgme_strerror(rc));
305
413
return false;
306
414
}
415
{
416
gpgme_import_result_t import_result
417
= gpgme_op_import_result(mc->ctx);
418
if((import_result->imported < 1
419
or import_result->not_imported > 0)
420
and import_result->unchanged == 0){
421
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
422
fprintf_plus(stderr,
423
"The total number of considered keys: %d\n",
424
import_result->considered);
425
fprintf_plus(stderr,
426
"The number of keys without user ID: %d\n",
427
import_result->no_user_id);
428
fprintf_plus(stderr,
429
"The total number of imported keys: %d\n",
430
import_result->imported);
431
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
432
import_result->imported_rsa);
433
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
434
import_result->unchanged);
435
fprintf_plus(stderr, "The number of new user IDs: %d\n",
436
import_result->new_user_ids);
437
fprintf_plus(stderr, "The number of new sub keys: %d\n",
438
import_result->new_sub_keys);
439
fprintf_plus(stderr, "The number of new signatures: %d\n",
440
import_result->new_signatures);
441
fprintf_plus(stderr, "The number of new revocations: %d\n",
442
import_result->new_revocations);
443
fprintf_plus(stderr,
444
"The total number of secret keys read: %d\n",
445
import_result->secret_read);
446
fprintf_plus(stderr,
447
"The number of imported secret keys: %d\n",
448
import_result->secret_imported);
449
fprintf_plus(stderr,
450
"The number of unchanged secret keys: %d\n",
451
import_result->secret_unchanged);
452
fprintf_plus(stderr, "The number of keys not imported: %d\n",
453
import_result->not_imported);
454
for(gpgme_import_status_t import_status
455
= import_result->imports;
456
import_status != NULL;
457
import_status = import_status->next){
458
fprintf_plus(stderr, "Import status for key: %s\n",
459
import_status->fpr);
460
if(import_status->result != GPG_ERR_NO_ERROR){
461
fprintf_plus(stderr, "Import result: %s: %s\n",
462
gpgme_strsource(import_status->result),
463
gpgme_strerror(import_status->result));
464
}
465
fprintf_plus(stderr, "Key status:\n");
466
fprintf_plus(stderr,
467
import_status->status & GPGME_IMPORT_NEW
468
? "The key was new.\n"
469
: "The key was not new.\n");
470
fprintf_plus(stderr,
471
import_status->status & GPGME_IMPORT_UID
472
? "The key contained new user IDs.\n"
473
: "The key did not contain new user IDs.\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_SIG
476
? "The key contained new signatures.\n"
477
: "The key did not contain new signatures.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_SUBKEY
480
? "The key contained new sub keys.\n"
481
: "The key did not contain new sub keys.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SECRET
484
? "The key contained a secret key.\n"
485
: "The key did not contain a secret key.\n");
486
}
487
return false;
488
}
489
}
307
490
308
ret = (int)TEMP_FAILURE_RETRY(close(fd));
491
ret = close(fd);
309
492
if(ret == -1){
310
493
perror_plus("close");
311
494
}
350
533
/* Create new GPGME "context" */
351
534
rc = gpgme_new(&(mc->ctx));
352
535
if(rc != GPG_ERR_NO_ERROR){
353
fprintf_plus(stderr, "Mandos plugin mandos-client: "
354
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
355
gpgme_strerror(rc));
536
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
537
gpgme_strsource(rc), gpgme_strerror(rc));
356
538
return false;
357
539
}
358
540
394
576
/* Create new empty GPGME data buffer for the plaintext */
395
577
rc = gpgme_data_new(&dh_plain);
396
578
if(rc != GPG_ERR_NO_ERROR){
397
fprintf_plus(stderr, "Mandos plugin mandos-client: "
398
"bad gpgme_data_new: %s: %s\n",
579
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
399
580
gpgme_strsource(rc), gpgme_strerror(rc));
400
581
gpgme_data_release(dh_crypto);
401
582
return -1;
414
595
if(result == NULL){
415
596
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
416
597
} else {
417
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
418
result->unsupported_algorithm);
419
fprintf_plus(stderr, "Wrong key usage: %u\n",
420
result->wrong_key_usage);
598
if(result->unsupported_algorithm != NULL) {
599
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
600
result->unsupported_algorithm);
601
}
602
fprintf_plus(stderr, "Wrong key usage: %s\n",
603
result->wrong_key_usage ? "Yes" : "No");
421
604
if(result->file_name != NULL){
422
605
fprintf_plus(stderr, "File name: %s\n", result->file_name);
423
606
}
424
gpgme_recipient_t recipient;
425
recipient = result->recipients;
426
while(recipient != NULL){
607
608
for(gpgme_recipient_t r = result->recipients; r != NULL;
609
r = r->next){
427
610
fprintf_plus(stderr, "Public key algorithm: %s\n",
428
gpgme_pubkey_algo_name
429
(recipient->pubkey_algo));
430
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
611
gpgme_pubkey_algo_name(r->pubkey_algo));
612
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
431
613
fprintf_plus(stderr, "Secret key available: %s\n",
432
recipient->status == GPG_ERR_NO_SECKEY
433
? "No" : "Yes");
434
recipient = recipient->next;
614
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
435
615
}
436
616
}
437
617
}
513
693
fprintf_plus(stderr, "GnuTLS: %s", string);
514
694
}
515
695
516
__attribute__((nonnull, warn_unused_result))
696
__attribute__((nonnull(1, 2, 4), warn_unused_result))
517
697
static int init_gnutls_global(const char *pubkeyfilename,
518
698
const char *seckeyfilename,
699
const char *dhparamsfilename,
519
700
mandos_context *mc){
520
701
int ret;
521
702
unsigned int uret;
524
705
fprintf_plus(stderr, "Initializing GnuTLS\n");
525
706
}
526
707
527
ret = gnutls_global_init();
528
if(ret != GNUTLS_E_SUCCESS){
529
fprintf_plus(stderr, "GnuTLS global_init: %s\n",
530
safer_gnutls_strerror(ret));
531
return -1;
532
}
533
534
708
if(debug){
535
709
/* "Use a log level over 10 to enable all debugging options."
536
710
* - GnuTLS manual
544
718
if(ret != GNUTLS_E_SUCCESS){
545
719
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
546
720
safer_gnutls_strerror(ret));
547
gnutls_global_deinit();
548
721
return -1;
549
722
}
550
723
575
748
safer_gnutls_strerror(ret));
576
749
goto globalfail;
577
750
}
578
if(mc->dh_bits == 0){
579
/* Find out the optimal number of DH bits */
580
/* Try to read the private key file */
581
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
582
{
583
int secfile = open(seckeyfilename, O_RDONLY);
584
size_t buffer_capacity = 0;
751
/* If a Diffie-Hellman parameters file was given, try to use it */
752
if(dhparamsfilename != NULL){
753
gnutls_datum_t params = { .data = NULL, .size = 0 };
754
do {
755
int dhpfile = open(dhparamsfilename, O_RDONLY);
756
if(dhpfile == -1){
757
perror_plus("open");
758
dhparamsfilename = NULL;
759
break;
760
}
761
size_t params_capacity = 0;
585
762
while(true){
586
buffer_capacity = incbuffer((char **)&buffer.data,
587
(size_t)buffer.size,
588
(size_t)buffer_capacity);
589
if(buffer_capacity == 0){
763
params_capacity = incbuffer((char **)¶ms.data,
764
(size_t)params.size,
765
(size_t)params_capacity);
766
if(params_capacity == 0){
590
767
perror_plus("incbuffer");
591
free(buffer.data);
592
buffer.data = NULL;
768
free(params.data);
769
params.data = NULL;
770
dhparamsfilename = NULL;
593
771
break;
594
772
}
595
ssize_t bytes_read = read(secfile, buffer.data + buffer.size,
773
ssize_t bytes_read = read(dhpfile,
774
params.data + params.size,
596
775
BUFFER_SIZE);
597
776
/* EOF */
598
777
if(bytes_read == 0){
601
780
/* check bytes_read for failure */
602
781
if(bytes_read < 0){
603
782
perror_plus("read");
604
free(buffer.data);
605
buffer.data = NULL;
606
break;
607
}
608
buffer.size += (unsigned int)bytes_read;
609
}
610
close(secfile);
611
}
612
/* If successful, use buffer to parse private key */
613
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
614
if(buffer.data != NULL){
615
{
616
gnutls_openpgp_privkey_t privkey = NULL;
617
ret = gnutls_openpgp_privkey_init(&privkey);
618
if(ret != GNUTLS_E_SUCCESS){
619
fprintf_plus(stderr, "Error initializing OpenPGP key"
620
" structure: %s", safer_gnutls_strerror(ret));
621
free(buffer.data);
622
buffer.data = NULL;
623
} else {
624
ret = gnutls_openpgp_privkey_import(privkey, &buffer,
625
GNUTLS_OPENPGP_FMT_BASE64,
626
"", 0);
783
free(params.data);
784
params.data = NULL;
785
dhparamsfilename = NULL;
786
break;
787
}
788
params.size += (unsigned int)bytes_read;
789
}
790
ret = close(dhpfile);
791
if(ret == -1){
792
perror_plus("close");
793
}
794
if(params.data == NULL){
795
dhparamsfilename = NULL;
796
}
797
if(dhparamsfilename == NULL){
798
break;
799
}
800
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
801
GNUTLS_X509_FMT_PEM);
802
if(ret != GNUTLS_E_SUCCESS){
803
fprintf_plus(stderr, "Failed to parse DH parameters in file"
804
" \"%s\": %s\n", dhparamsfilename,
805
safer_gnutls_strerror(ret));
806
dhparamsfilename = NULL;
807
}
808
free(params.data);
809
} while(false);
810
}
811
if(dhparamsfilename == NULL){
812
if(mc->dh_bits == 0){
813
/* Find out the optimal number of DH bits */
814
/* Try to read the private key file */
815
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
816
do {
817
int secfile = open(seckeyfilename, O_RDONLY);
818
if(secfile == -1){
819
perror_plus("open");
820
break;
821
}
822
size_t buffer_capacity = 0;
823
while(true){
824
buffer_capacity = incbuffer((char **)&buffer.data,
825
(size_t)buffer.size,
826
(size_t)buffer_capacity);
827
if(buffer_capacity == 0){
828
perror_plus("incbuffer");
829
free(buffer.data);
830
buffer.data = NULL;
831
break;
832
}
833
ssize_t bytes_read = read(secfile,
834
buffer.data + buffer.size,
835
BUFFER_SIZE);
836
/* EOF */
837
if(bytes_read == 0){
838
break;
839
}
840
/* check bytes_read for failure */
841
if(bytes_read < 0){
842
perror_plus("read");
843
free(buffer.data);
844
buffer.data = NULL;
845
break;
846
}
847
buffer.size += (unsigned int)bytes_read;
848
}
849
close(secfile);
850
} while(false);
851
/* If successful, use buffer to parse private key */
852
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
853
if(buffer.data != NULL){
854
{
855
gnutls_openpgp_privkey_t privkey = NULL;
856
ret = gnutls_openpgp_privkey_init(&privkey);
627
857
if(ret != GNUTLS_E_SUCCESS){
628
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
858
fprintf_plus(stderr, "Error initializing OpenPGP key"
859
" structure: %s",
629
860
safer_gnutls_strerror(ret));
630
privkey = NULL;
861
free(buffer.data);
862
buffer.data = NULL;
863
} else {
864
ret = gnutls_openpgp_privkey_import
865
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
866
if(ret != GNUTLS_E_SUCCESS){
867
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
868
safer_gnutls_strerror(ret));
869
privkey = NULL;
870
}
871
free(buffer.data);
872
buffer.data = NULL;
873
if(privkey != NULL){
874
/* Use private key to suggest an appropriate
875
sec_param */
876
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
877
gnutls_openpgp_privkey_deinit(privkey);
878
if(debug){
879
fprintf_plus(stderr, "This OpenPGP key implies using"
880
" a GnuTLS security parameter \"%s\".\n",
881
safe_string(gnutls_sec_param_get_name
882
(sec_param)));
883
}
884
}
631
885
}
632
free(buffer.data);
633
buffer.data = NULL;
634
if(privkey != NULL){
635
/* Use private key to suggest an appropriate sec_param */
636
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
637
gnutls_openpgp_privkey_deinit(privkey);
638
if(debug){
639
fprintf_plus(stderr, "This OpenPGP key implies using a"
640
" GnuTLS security parameter \"%s\".\n",
641
safe_string(gnutls_sec_param_get_name
642
(sec_param)));
643
}
886
}
887
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
888
/* Err on the side of caution */
889
sec_param = GNUTLS_SEC_PARAM_ULTRA;
890
if(debug){
891
fprintf_plus(stderr, "Falling back to security parameter"
892
" \"%s\"\n",
893
safe_string(gnutls_sec_param_get_name
894
(sec_param)));
644
895
}
645
896
}
646
897
}
647
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
648
/* Err on the side of caution */
649
sec_param = GNUTLS_SEC_PARAM_ULTRA;
898
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
899
if(uret != 0){
900
mc->dh_bits = uret;
650
901
if(debug){
651
fprintf_plus(stderr, "Falling back to security parameter"
652
" \"%s\"\n",
902
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
903
" implies %u DH bits; using that.\n",
653
904
safe_string(gnutls_sec_param_get_name
654
(sec_param)));
905
(sec_param)),
906
mc->dh_bits);
655
907
}
656
}
657
}
658
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
659
if(uret != 0){
660
mc->dh_bits = uret;
661
if(debug){
662
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
663
" implies %u DH bits; using that.\n",
908
} else {
909
fprintf_plus(stderr, "Failed to get implied number of DH"
910
" bits for security parameter \"%s\"): %s\n",
664
911
safe_string(gnutls_sec_param_get_name
665
912
(sec_param)),
666
mc->dh_bits);
913
safer_gnutls_strerror(ret));
914
goto globalfail;
667
915
}
668
} else {
669
fprintf_plus(stderr, "Failed to get implied number of DH"
670
" bits for security parameter \"%s\"): %s\n",
671
safe_string(gnutls_sec_param_get_name(sec_param)),
916
} else if(debug){
917
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
918
mc->dh_bits);
919
}
920
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
921
if(ret != GNUTLS_E_SUCCESS){
922
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
923
" bits): %s\n", mc->dh_bits,
672
924
safer_gnutls_strerror(ret));
673
925
goto globalfail;
674
926
}
675
} else if(debug){
676
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
677
mc->dh_bits);
678
}
679
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
680
if(ret != GNUTLS_E_SUCCESS){
681
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u bits):"
682
" %s\n", mc->dh_bits, safer_gnutls_strerror(ret));
683
goto globalfail;
684
}
685
927
}
686
928
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
687
929
688
930
return 0;
690
932
globalfail:
691
933
692
934
gnutls_certificate_free_credentials(mc->cred);
693
gnutls_global_deinit();
694
935
gnutls_dh_params_deinit(mc->dh_params);
695
936
return -1;
696
937
}
748
989
/* ignore client certificate if any. */
749
990
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
750
991
751
gnutls_dh_set_prime_bits(*session, mc->dh_bits);
752
753
992
return 0;
754
993
}
755
994
757
996
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
758
997
__attribute__((unused)) const char *txt){}
759
998
999
/* Helper function to add_local_route() and delete_local_route() */
1000
__attribute__((nonnull, warn_unused_result))
1001
static bool add_delete_local_route(const bool add,
1002
const char *address,
1003
AvahiIfIndex if_index){
1004
int ret;
1005
char helper[] = "mandos-client-iprouteadddel";
1006
char add_arg[] = "add";
1007
char delete_arg[] = "delete";
1008
char debug_flag[] = "--debug";
1009
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1010
if(pluginhelperdir == NULL){
1011
if(debug){
1012
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1013
" variable not set; cannot run helper\n");
1014
}
1015
return false;
1016
}
1017
1018
char interface[IF_NAMESIZE];
1019
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1020
perror_plus("if_indextoname");
1021
return false;
1022
}
1023
1024
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1025
if(devnull == -1){
1026
perror_plus("open(\"/dev/null\", O_RDONLY)");
1027
return false;
1028
}
1029
pid_t pid = fork();
1030
if(pid == 0){
1031
/* Child */
1032
/* Raise privileges */
1033
errno = raise_privileges_permanently();
1034
if(errno != 0){
1035
perror_plus("Failed to raise privileges");
1036
/* _exit(EX_NOPERM); */
1037
} else {
1038
/* Set group */
1039
errno = 0;
1040
ret = setgid(0);
1041
if(ret == -1){
1042
perror_plus("setgid");
1043
_exit(EX_NOPERM);
1044
}
1045
/* Reset supplementary groups */
1046
errno = 0;
1047
ret = setgroups(0, NULL);
1048
if(ret == -1){
1049
perror_plus("setgroups");
1050
_exit(EX_NOPERM);
1051
}
1052
}
1053
ret = dup2(devnull, STDIN_FILENO);
1054
if(ret == -1){
1055
perror_plus("dup2(devnull, STDIN_FILENO)");
1056
_exit(EX_OSERR);
1057
}
1058
ret = close(devnull);
1059
if(ret == -1){
1060
perror_plus("close");
1061
_exit(EX_OSERR);
1062
}
1063
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1064
if(ret == -1){
1065
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1066
_exit(EX_OSERR);
1067
}
1068
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1069
O_RDONLY
1070
| O_DIRECTORY
1071
| O_PATH
1072
| O_CLOEXEC));
1073
if(helperdir_fd == -1){
1074
perror_plus("open");
1075
_exit(EX_UNAVAILABLE);
1076
}
1077
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1078
helper, O_RDONLY));
1079
if(helper_fd == -1){
1080
perror_plus("openat");
1081
close(helperdir_fd);
1082
_exit(EX_UNAVAILABLE);
1083
}
1084
close(helperdir_fd);
1085
#ifdef __GNUC__
1086
#pragma GCC diagnostic push
1087
#pragma GCC diagnostic ignored "-Wcast-qual"
1088
#endif
1089
if(fexecve(helper_fd, (char *const [])
1090
{ helper, add ? add_arg : delete_arg, (char *)address,
1091
interface, debug ? debug_flag : NULL, NULL },
1092
environ) == -1){
1093
#ifdef __GNUC__
1094
#pragma GCC diagnostic pop
1095
#endif
1096
perror_plus("fexecve");
1097
_exit(EXIT_FAILURE);
1098
}
1099
}
1100
if(pid == -1){
1101
perror_plus("fork");
1102
return false;
1103
}
1104
int status;
1105
pid_t pret = -1;
1106
errno = 0;
1107
do {
1108
pret = waitpid(pid, &status, 0);
1109
if(pret == -1 and errno == EINTR and quit_now){
1110
int errno_raising = 0;
1111
if((errno = raise_privileges()) != 0){
1112
errno_raising = errno;
1113
perror_plus("Failed to raise privileges in order to"
1114
" kill helper program");
1115
}
1116
if(kill(pid, SIGTERM) == -1){
1117
perror_plus("kill");
1118
}
1119
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1120
perror_plus("Failed to lower privileges after killing"
1121
" helper program");
1122
}
1123
return false;
1124
}
1125
} while(pret == -1 and errno == EINTR);
1126
if(pret == -1){
1127
perror_plus("waitpid");
1128
return false;
1129
}
1130
if(WIFEXITED(status)){
1131
if(WEXITSTATUS(status) != 0){
1132
fprintf_plus(stderr, "Error: iprouteadddel exited"
1133
" with status %d\n", WEXITSTATUS(status));
1134
return false;
1135
}
1136
return true;
1137
}
1138
if(WIFSIGNALED(status)){
1139
fprintf_plus(stderr, "Error: iprouteadddel died by"
1140
" signal %d\n", WTERMSIG(status));
1141
return false;
1142
}
1143
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1144
return false;
1145
}
1146
1147
__attribute__((nonnull, warn_unused_result))
1148
static bool add_local_route(const char *address,
1149
AvahiIfIndex if_index){
1150
if(debug){
1151
fprintf_plus(stderr, "Adding route to %s\n", address);
1152
}
1153
return add_delete_local_route(true, address, if_index);
1154
}
1155
1156
__attribute__((nonnull, warn_unused_result))
1157
static bool delete_local_route(const char *address,
1158
AvahiIfIndex if_index){
1159
if(debug){
1160
fprintf_plus(stderr, "Removing route to %s\n", address);
1161
}
1162
return add_delete_local_route(false, address, if_index);
1163
}
1164
760
1165
/* Called when a Mandos server is found */
761
1166
__attribute__((nonnull, warn_unused_result))
762
1167
static int start_mandos_communication(const char *ip, in_port_t port,
773
1178
int retval = -1;
774
1179
gnutls_session_t session;
775
1180
int pf; /* Protocol family */
1181
bool route_added = false;
776
1182
777
1183
errno = 0;
778
1184
800
1206
bool match = false;
801
1207
{
802
1208
char *interface = NULL;
803
while((interface=argz_next(mc->interfaces, mc->interfaces_size,
804
interface))){
1209
while((interface = argz_next(mc->interfaces,
1210
mc->interfaces_size,
1211
interface))){
805
1212
if(if_nametoindex(interface) == (unsigned int)if_index){
806
1213
match = true;
807
1214
break;
836
1243
PRIuMAX "\n", ip, (uintmax_t)port);
837
1244
}
838
1245
839
tcp_sd = socket(pf, SOCK_STREAM, 0);
1246
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
840
1247
if(tcp_sd < 0){
841
1248
int e = errno;
842
1249
perror_plus("socket");
849
1256
goto mandos_end;
850
1257
}
851
1258
852
memset(&to, 0, sizeof(to));
853
1259
if(af == AF_INET6){
854
((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
855
ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
1260
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1261
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1262
ret = inet_pton(af, ip, &to6->sin6_addr);
856
1263
} else { /* IPv4 */
857
((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
858
ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
1264
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1265
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1266
ret = inet_pton(af, ip, &to4->sin_addr);
859
1267
}
860
1268
if(ret < 0 ){
861
1269
int e = errno;
931
1339
goto mandos_end;
932
1340
}
933
1341
934
if(af == AF_INET6){
935
ret = connect(tcp_sd, (struct sockaddr *)&to,
936
sizeof(struct sockaddr_in6));
937
} else {
938
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
939
sizeof(struct sockaddr_in));
940
}
941
if(ret < 0){
942
if((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
943
int e = errno;
944
perror_plus("connect");
945
errno = e;
946
}
947
goto mandos_end;
948
}
949
950
if(quit_now){
951
errno = EINTR;
952
goto mandos_end;
1342
while(true){
1343
if(af == AF_INET6){
1344
ret = connect(tcp_sd, (struct sockaddr *)&to,
1345
sizeof(struct sockaddr_in6));
1346
} else {
1347
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1348
sizeof(struct sockaddr_in));
1349
}
1350
if(ret < 0){
1351
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1352
and if_index != AVAHI_IF_UNSPEC
1353
and connect_to == NULL
1354
and not route_added and
1355
((af == AF_INET6 and not
1356
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1357
&to)->sin6_addr)))
1358
or (af == AF_INET and
1359
/* Not a a IPv4LL address */
1360
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1361
& 0xFFFF0000L) != 0xA9FE0000L))){
1362
/* Work around Avahi bug - Avahi does not announce link-local
1363
addresses if it has a global address, so local hosts with
1364
*only* a link-local address (e.g. Mandos clients) cannot
1365
connect to a Mandos server announced by Avahi on a server
1366
host with a global address. Work around this by retrying
1367
with an explicit route added with the server's address.
1368
1369
Avahi bug reference:
1370
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1371
https://bugs.debian.org/587961
1372
*/
1373
if(debug){
1374
fprintf_plus(stderr, "Mandos server unreachable, trying"
1375
" direct route\n");
1376
}
1377
int e = errno;
1378
route_added = add_local_route(ip, if_index);
1379
if(route_added){
1380
continue;
1381
}
1382
errno = e;
1383
}
1384
if(errno != ECONNREFUSED or debug){
1385
int e = errno;
1386
perror_plus("connect");
1387
errno = e;
1388
}
1389
goto mandos_end;
1390
}
1391
1392
if(quit_now){
1393
errno = EINTR;
1394
goto mandos_end;
1395
}
1396
break;
953
1397
}
954
1398
955
1399
const char *out = mandos_protocol_version;
1109
1553
&decrypted_buffer, mc);
1110
1554
if(decrypted_buffer_size >= 0){
1111
1555
1556
clearerr(stdout);
1112
1557
written = 0;
1113
1558
while(written < (size_t) decrypted_buffer_size){
1114
1559
if(quit_now){
1130
1575
}
1131
1576
written += (size_t)ret;
1132
1577
}
1578
ret = fflush(stdout);
1579
if(ret != 0){
1580
int e = errno;
1581
if(debug){
1582
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1583
strerror(errno));
1584
}
1585
errno = e;
1586
goto mandos_end;
1587
}
1133
1588
retval = 0;
1134
1589
}
1135
1590
}
1138
1593
1139
1594
mandos_end:
1140
1595
{
1596
if(route_added){
1597
if(not delete_local_route(ip, if_index)){
1598
fprintf_plus(stderr, "Failed to delete local route to %s on"
1599
" interface %d", ip, if_index);
1600
}
1601
}
1141
1602
int e = errno;
1142
1603
free(decrypted_buffer);
1143
1604
free(buffer);
1144
1605
if(tcp_sd >= 0){
1145
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1606
ret = close(tcp_sd);
1146
1607
}
1147
1608
if(ret == -1){
1148
1609
if(e == 0){
1160
1621
return retval;
1161
1622
}
1162
1623
1163
__attribute__((nonnull))
1164
1624
static void resolve_callback(AvahiSServiceResolver *r,
1165
1625
AvahiIfIndex interface,
1166
1626
AvahiProtocol proto,
1303
1763
__attribute__((nonnull, warn_unused_result))
1304
1764
bool get_flags(const char *ifname, struct ifreq *ifr){
1305
1765
int ret;
1306
error_t ret_errno;
1766
int old_errno;
1307
1767
1308
1768
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1309
1769
if(s < 0){
1310
ret_errno = errno;
1770
old_errno = errno;
1311
1771
perror_plus("socket");
1312
errno = ret_errno;
1772
errno = old_errno;
1313
1773
return false;
1314
1774
}
1315
strcpy(ifr->ifr_name, ifname);
1775
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1776
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1316
1777
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1317
1778
if(ret == -1){
1318
1779
if(debug){
1319
ret_errno = errno;
1780
old_errno = errno;
1320
1781
perror_plus("ioctl SIOCGIFFLAGS");
1321
errno = ret_errno;
1782
errno = old_errno;
1783
}
1784
if((close(s) == -1) and debug){
1785
old_errno = errno;
1786
perror_plus("close");
1787
errno = old_errno;
1322
1788
}
1323
1789
return false;
1324
1790
}
1791
if((close(s) == -1) and debug){
1792
old_errno = errno;
1793
perror_plus("close");
1794
errno = old_errno;
1795
}
1325
1796
return true;
1326
1797
}
1327
1798
1569
2040
}
1570
2041
}
1571
2042
1572
/* Set effective uid to 0, return errno */
1573
__attribute__((warn_unused_result))
1574
error_t raise_privileges(void){
1575
error_t old_errno = errno;
1576
error_t ret_errno = 0;
1577
if(seteuid(0) == -1){
1578
ret_errno = errno;
1579
}
1580
errno = old_errno;
1581
return ret_errno;
1582
}
1583
1584
/* Set effective and real user ID to 0. Return errno. */
1585
__attribute__((warn_unused_result))
1586
error_t raise_privileges_permanently(void){
1587
error_t old_errno = errno;
1588
error_t ret_errno = raise_privileges();
1589
if(ret_errno != 0){
1590
errno = old_errno;
1591
return ret_errno;
1592
}
1593
if(setuid(0) == -1){
1594
ret_errno = errno;
1595
}
1596
errno = old_errno;
1597
return ret_errno;
1598
}
1599
1600
/* Set effective user ID to unprivileged saved user ID */
1601
__attribute__((warn_unused_result))
1602
error_t lower_privileges(void){
1603
error_t old_errno = errno;
1604
error_t ret_errno = 0;
1605
if(seteuid(uid) == -1){
1606
ret_errno = errno;
1607
}
1608
errno = old_errno;
1609
return ret_errno;
1610
}
1611
1612
/* Lower privileges permanently */
1613
__attribute__((warn_unused_result))
1614
error_t lower_privileges_permanently(void){
1615
error_t old_errno = errno;
1616
error_t ret_errno = 0;
1617
if(setuid(uid) == -1){
1618
ret_errno = errno;
1619
}
1620
errno = old_errno;
1621
return ret_errno;
1622
}
1623
1624
2043
__attribute__((nonnull))
1625
2044
void run_network_hooks(const char *mode, const char *interface,
1626
2045
const float delay){
1627
2046
struct dirent **direntries = NULL;
1628
2047
if(hookdir_fd == -1){
1629
hookdir_fd = open(hookdir, O_RDONLY);
2048
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2049
| O_CLOEXEC);
1630
2050
if(hookdir_fd == -1){
1631
2051
if(errno == ENOENT){
1632
2052
if(debug){
1639
2059
return;
1640
2060
}
1641
2061
}
1642
#ifdef __GLIBC__
1643
#if __GLIBC_PREREQ(2, 15)
2062
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2063
if(devnull == -1){
2064
perror_plus("open(\"/dev/null\", O_RDONLY)");
2065
return;
2066
}
1644
2067
int numhooks = scandirat(hookdir_fd, ".", &direntries,
1645
2068
runnable_hook, alphasort);
1646
#else /* not __GLIBC_PREREQ(2, 15) */
1647
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1648
alphasort);
1649
#endif /* not __GLIBC_PREREQ(2, 15) */
1650
#else /* not __GLIBC__ */
1651
int numhooks = scandir(hookdir, &direntries, runnable_hook,
1652
alphasort);
1653
#endif /* not __GLIBC__ */
1654
2069
if(numhooks == -1){
1655
2070
perror_plus("scandir");
2071
close(devnull);
1656
2072
return;
1657
2073
}
1658
2074
struct dirent *direntry;
1659
2075
int ret;
1660
int devnull = open("/dev/null", O_RDONLY);
1661
2076
for(int i = 0; i < numhooks; i++){
1662
2077
direntry = direntries[i];
1663
2078
if(debug){
1687
2102
perror_plus("setgroups");
1688
2103
_exit(EX_NOPERM);
1689
2104
}
1690
ret = dup2(devnull, STDIN_FILENO);
1691
if(ret == -1){
1692
perror_plus("dup2(devnull, STDIN_FILENO)");
1693
_exit(EX_OSERR);
1694
}
1695
ret = close(devnull);
1696
if(ret == -1){
1697
perror_plus("close");
1698
_exit(EX_OSERR);
1699
}
1700
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1701
if(ret == -1){
1702
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1703
_exit(EX_OSERR);
1704
}
1705
2105
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1706
2106
if(ret == -1){
1707
2107
perror_plus("setenv");
1742
2142
_exit(EX_OSERR);
1743
2143
}
1744
2144
}
1745
int hook_fd = openat(hookdir_fd, direntry->d_name, O_RDONLY);
2145
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2146
direntry->d_name,
2147
O_RDONLY));
1746
2148
if(hook_fd == -1){
1747
2149
perror_plus("openat");
1748
2150
_exit(EXIT_FAILURE);
1749
2151
}
1750
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2152
if(close(hookdir_fd) == -1){
1751
2153
perror_plus("close");
1752
2154
_exit(EXIT_FAILURE);
1753
2155
}
2156
ret = dup2(devnull, STDIN_FILENO);
2157
if(ret == -1){
2158
perror_plus("dup2(devnull, STDIN_FILENO)");
2159
_exit(EX_OSERR);
2160
}
2161
ret = close(devnull);
2162
if(ret == -1){
2163
perror_plus("close");
2164
_exit(EX_OSERR);
2165
}
2166
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2167
if(ret == -1){
2168
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2169
_exit(EX_OSERR);
2170
}
1754
2171
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
1755
2172
environ) == -1){
1756
2173
perror_plus("fexecve");
1796
2213
free(direntry);
1797
2214
}
1798
2215
free(direntries);
1799
if((int)TEMP_FAILURE_RETRY(close(hookdir_fd)) == -1){
2216
if(close(hookdir_fd) == -1){
1800
2217
perror_plus("close");
1801
2218
} else {
1802
2219
hookdir_fd = -1;
1805
2222
}
1806
2223
1807
2224
__attribute__((nonnull, warn_unused_result))
1808
error_t bring_up_interface(const char *const interface,
1809
const float delay){
1810
error_t old_errno = errno;
2225
int bring_up_interface(const char *const interface,
2226
const float delay){
2227
int old_errno = errno;
1811
2228
int ret;
1812
2229
struct ifreq network;
1813
2230
unsigned int if_index = if_nametoindex(interface);
1823
2240
}
1824
2241
1825
2242
if(not interface_is_up(interface)){
1826
error_t ret_errno = 0, ioctl_errno = 0;
2243
int ret_errno = 0;
2244
int ioctl_errno = 0;
1827
2245
if(not get_flags(interface, &network)){
1828
2246
ret_errno = errno;
1829
2247
fprintf_plus(stderr, "Failed to get flags for interface "
1842
2260
}
1843
2261
1844
2262
if(quit_now){
1845
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2263
ret = close(sd);
1846
2264
if(ret == -1){
1847
2265
perror_plus("close");
1848
2266
}
1898
2316
}
1899
2317
1900
2318
/* Close the socket */
1901
ret = (int)TEMP_FAILURE_RETRY(close(sd));
2319
ret = close(sd);
1902
2320
if(ret == -1){
1903
2321
perror_plus("close");
1904
2322
}
1916
2334
1917
2335
/* Sleep checking until interface is running.
1918
2336
Check every 0.25s, up to total time of delay */
1919
for(int i=0; i < delay * 4; i++){
2337
for(int i = 0; i < delay * 4; i++){
1920
2338
if(interface_is_running(interface)){
1921
2339
break;
1922
2340
}
1932
2350
}
1933
2351
1934
2352
__attribute__((nonnull, warn_unused_result))
1935
error_t take_down_interface(const char *const interface){
1936
error_t old_errno = errno;
2353
int take_down_interface(const char *const interface){
2354
int old_errno = errno;
1937
2355
struct ifreq network;
1938
2356
unsigned int if_index = if_nametoindex(interface);
1939
2357
if(if_index == 0){
1942
2360
return ENXIO;
1943
2361
}
1944
2362
if(interface_is_up(interface)){
1945
error_t ret_errno = 0, ioctl_errno = 0;
2363
int ret_errno = 0;
2364
int ioctl_errno = 0;
1946
2365
if(not get_flags(interface, &network) and debug){
1947
2366
ret_errno = errno;
1948
2367
fprintf_plus(stderr, "Failed to get flags for interface "
1986
2405
}
1987
2406
1988
2407
/* Close the socket */
1989
int ret = (int)TEMP_FAILURE_RETRY(close(sd));
2408
int ret = close(sd);
1990
2409
if(ret == -1){
1991
2410
perror_plus("close");
1992
2411
}
2008
2427
2009
2428
int main(int argc, char *argv[]){
2010
2429
mandos_context mc = { .server = NULL, .dh_bits = 0,
2011
.priority = "SECURE256:!CTYPE-X.509:"
2012
"+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2013
.interfaces = NULL, .interfaces_size = 0 };
2430
.priority = "SECURE256:!CTYPE-X.509"
2431
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2432
.current_server = NULL, .interfaces = NULL,
2433
.interfaces_size = 0 };
2014
2434
AvahiSServiceBrowser *sb = NULL;
2015
2435
error_t ret_errno;
2016
2436
int ret;
2025
2445
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2026
2446
const char *seckey = PATHDIR "/" SECKEY;
2027
2447
const char *pubkey = PATHDIR "/" PUBKEY;
2448
const char *dh_params_file = NULL;
2028
2449
char *interfaces_hooks = NULL;
2029
2450
2030
2451
bool gnutls_initialized = false;
2083
2504
.doc = "Bit length of the prime number used in the"
2084
2505
" Diffie-Hellman key exchange",
2085
2506
.group = 2 },
2507
{ .name = "dh-params", .key = 134,
2508
.arg = "FILE",
2509
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2510
" for the Diffie-Hellman key exchange",
2511
.group = 2 },
2086
2512
{ .name = "priority", .key = 130,
2087
2513
.arg = "STRING",
2088
2514
.doc = "GnuTLS priority string for the TLS handshake",
2143
2569
}
2144
2570
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2145
2571
break;
2572
case 134: /* --dh-params */
2573
dh_params_file = arg;
2574
break;
2146
2575
case 130: /* --priority */
2147
2576
mc.priority = arg;
2148
2577
break;
2188
2617
.args_doc = "",
2189
2618
.doc = "Mandos client -- Get and decrypt"
2190
2619
" passwords from a Mandos server" };
2191
ret = argp_parse(&argp, argc, argv,
2192
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2193
switch(ret){
2620
ret_errno = argp_parse(&argp, argc, argv,
2621
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2622
switch(ret_errno){
2194
2623
case 0:
2195
2624
break;
2196
2625
case ENOMEM:
2197
2626
default:
2198
errno = ret;
2627
errno = ret_errno;
2199
2628
perror_plus("argp_parse");
2200
2629
exitcode = EX_OSERR;
2201
2630
goto end;
2204
2633
goto end;
2205
2634
}
2206
2635
}
2207
2636
2208
2637
{
2209
2638
/* Work around Debian bug #633582:
2210
<http://bugs.debian.org/633582> */
2639
<https://bugs.debian.org/633582> */
2211
2640
2212
2641
/* Re-raise privileges */
2213
ret_errno = raise_privileges();
2214
if(ret_errno != 0){
2215
errno = ret_errno;
2642
ret = raise_privileges();
2643
if(ret != 0){
2644
errno = ret;
2216
2645
perror_plus("Failed to raise privileges");
2217
2646
} else {
2218
2647
struct stat st;
2234
2663
}
2235
2664
}
2236
2665
}
2237
TEMP_FAILURE_RETRY(close(seckey_fd));
2666
close(seckey_fd);
2238
2667
}
2239
2668
}
2240
2669
2241
2670
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2242
2671
int pubkey_fd = open(pubkey, O_RDONLY);
2243
2672
if(pubkey_fd == -1){
2255
2684
}
2256
2685
}
2257
2686
}
2258
TEMP_FAILURE_RETRY(close(pubkey_fd));
2259
}
2260
}
2261
2687
close(pubkey_fd);
2688
}
2689
}
2690
2691
if(dh_params_file != NULL
2692
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2693
int dhparams_fd = open(dh_params_file, O_RDONLY);
2694
if(dhparams_fd == -1){
2695
perror_plus("open");
2696
} else {
2697
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2698
if(ret == -1){
2699
perror_plus("fstat");
2700
} else {
2701
if(S_ISREG(st.st_mode)
2702
and st.st_uid == 0 and st.st_gid == 0){
2703
ret = fchown(dhparams_fd, uid, gid);
2704
if(ret == -1){
2705
perror_plus("fchown");
2706
}
2707
}
2708
}
2709
close(dhparams_fd);
2710
}
2711
}
2712
2262
2713
/* Lower privileges */
2263
ret_errno = lower_privileges();
2264
if(ret_errno != 0){
2265
errno = ret_errno;
2714
ret = lower_privileges();
2715
if(ret != 0){
2716
errno = ret;
2266
2717
perror_plus("Failed to lower privileges");
2267
2718
}
2268
2719
}
2438
2889
errno = bring_up_interface(interface, delay);
2439
2890
if(not interface_was_up){
2440
2891
if(errno != 0){
2441
perror_plus("Failed to bring up interface");
2892
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2893
" %s\n", interface, strerror(errno));
2442
2894
} else {
2443
2895
errno = argz_add(&interfaces_to_take_down,
2444
2896
&interfaces_to_take_down_size,
2467
2919
goto end;
2468
2920
}
2469
2921
2470
ret = init_gnutls_global(pubkey, seckey, &mc);
2922
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
2471
2923
if(ret == -1){
2472
2924
fprintf_plus(stderr, "init_gnutls_global failed\n");
2473
2925
exitcode = EX_UNAVAILABLE;
2595
3047
2596
3048
/* Allocate a new server */
2597
3049
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2598
&config, NULL, NULL, &ret_errno);
3050
&config, NULL, NULL, &ret);
2599
3051
2600
3052
/* Free the Avahi configuration data */
2601
3053
avahi_server_config_free(&config);
2604
3056
/* Check if creating the Avahi server object succeeded */
2605
3057
if(mc.server == NULL){
2606
3058
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
2607
avahi_strerror(ret_errno));
3059
avahi_strerror(ret));
2608
3060
exitcode = EX_UNAVAILABLE;
2609
3061
goto end;
2610
3062
}
2645
3097
end:
2646
3098
2647
3099
if(debug){
2648
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3100
if(signal_received){
3101
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3102
argv[0], signal_received,
3103
strsignal(signal_received));
3104
} else {
3105
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3106
}
2649
3107
}
2650
3108
2651
3109
/* Cleanup things */
2662
3120
2663
3121
if(gnutls_initialized){
2664
3122
gnutls_certificate_free_credentials(mc.cred);
2665
gnutls_global_deinit();
2666
3123
gnutls_dh_params_deinit(mc.dh_params);
2667
3124
}
2668
3125
2691
3148
2692
3149
/* Re-raise privileges */
2693
3150
{
2694
ret_errno = raise_privileges();
2695
if(ret_errno != 0){
2696
errno = ret_errno;
3151
ret = raise_privileges();
3152
if(ret != 0){
3153
errno = ret;
2697
3154
perror_plus("Failed to raise privileges");
2698
3155
} else {
2699
3156
2704
3161
/* Take down the network interfaces which were brought up */
2705
3162
{
2706
3163
char *interface = NULL;
2707
while((interface=argz_next(interfaces_to_take_down,
2708
interfaces_to_take_down_size,
2709
interface))){
2710
ret_errno = take_down_interface(interface);
2711
if(ret_errno != 0){
2712
errno = ret_errno;
3164
while((interface = argz_next(interfaces_to_take_down,
3165
interfaces_to_take_down_size,
3166
interface))){
3167
ret = take_down_interface(interface);
3168
if(ret != 0){
3169
errno = ret;
2713
3170
perror_plus("Failed to take down interface");
2714
3171
}
2715
3172
}
2720
3177
}
2721
3178
}
2722
3179
2723
ret_errno = lower_privileges_permanently();
2724
if(ret_errno != 0){
2725
errno = ret_errno;
3180
ret = lower_privileges_permanently();
3181
if(ret != 0){
3182
errno = ret;
2726
3183
perror_plus("Failed to lower privileges permanently");
2727
3184
}
2728
3185
}
2730
3187
free(interfaces_to_take_down);
2731
3188
free(interfaces_hooks);
2732
3189
3190
void clean_dir_at(int base, const char * const dirname,
3191
uintmax_t level){
3192
struct dirent **direntries = NULL;
3193
int dret;
3194
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3195
O_RDONLY
3196
| O_NOFOLLOW
3197
| O_DIRECTORY
3198
| O_PATH));
3199
if(dir_fd == -1){
3200
perror_plus("open");
3201
return;
3202
}
3203
int numentries = scandirat(dir_fd, ".", &direntries,
3204
notdotentries, alphasort);
3205
if(numentries >= 0){
3206
for(int i = 0; i < numentries; i++){
3207
if(debug){
3208
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3209
dirname, direntries[i]->d_name);
3210
}
3211
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3212
if(dret == -1){
3213
if(errno == EISDIR){
3214
dret = unlinkat(dir_fd, direntries[i]->d_name,
3215
AT_REMOVEDIR);
3216
}
3217
if((dret == -1) and (errno == ENOTEMPTY)
3218
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3219
== 0) and (level == 0)){
3220
/* Recurse only in this special case */
3221
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3222
dret = 0;
3223
}
3224
if((dret == -1) and (errno != ENOENT)){
3225
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3226
direntries[i]->d_name, strerror(errno));
3227
}
3228
}
3229
free(direntries[i]);
3230
}
3231
3232
/* need to clean even if 0 because man page doesn't specify */
3233
free(direntries);
3234
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3235
if(dret == -1 and errno != ENOENT){
3236
perror_plus("rmdir");
3237
}
3238
} else {
3239
perror_plus("scandirat");
3240
}
3241
close(dir_fd);
3242
}
3243
2733
3244
/* Removes the GPGME temp directory and all files inside */
2734
3245
if(tempdir != NULL){
2735
struct dirent **direntries = NULL;
2736
int tempdir_fd = (int)TEMP_FAILURE_RETRY(open(tempdir, O_RDONLY |
2737
O_NOFOLLOW));
2738
if(tempdir_fd == -1){
2739
perror_plus("open");
2740
} else {
2741
#ifdef __GLIBC__
2742
#if __GLIBC_PREREQ(2, 15)
2743
int numentries = scandirat(tempdir_fd, ".", &direntries,
2744
notdotentries, alphasort);
2745
#else /* not __GLIBC_PREREQ(2, 15) */
2746
int numentries = scandir(tempdir, &direntries, notdotentries,
2747
alphasort);
2748
#endif /* not __GLIBC_PREREQ(2, 15) */
2749
#else /* not __GLIBC__ */
2750
int numentries = scandir(tempdir, &direntries, notdotentries,
2751
alphasort);
2752
#endif /* not __GLIBC__ */
2753
if(numentries >= 0){
2754
for(int i = 0; i < numentries; i++){
2755
ret = unlinkat(tempdir_fd, direntries[i]->d_name, 0);
2756
if(ret == -1){
2757
fprintf_plus(stderr, "unlinkat(open(\"%s\", O_RDONLY),"
2758
" \"%s\", 0): %s\n", tempdir,
2759
direntries[i]->d_name, strerror(errno));
2760
}
2761
free(direntries[i]);
2762
}
2763
2764
/* need to clean even if 0 because man page doesn't specify */
2765
free(direntries);
2766
if(numentries == -1){
2767
perror_plus("scandir");
2768
}
2769
ret = rmdir(tempdir);
2770
if(ret == -1 and errno != ENOENT){
2771
perror_plus("rmdir");
2772
}
2773
}
2774
TEMP_FAILURE_RETRY(close(tempdir_fd));
2775
}
3246
clean_dir_at(-1, tempdir, 0);
2776
3247
}
2777
3248
2778
3249
if(quit_now){
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0