/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files removed:
initramfs-tools-hook-conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

122

123

gnutls_*

123

124

init_gnutls_session(),

124

125

GNUTLS_* */

126

#if GNUTLS_VERSION_NUMBER < 0x030600

125

127

#include <gnutls/openpgp.h>

126

128

/* gnutls_certificate_set_openpgp_key_file(),

127

129

GNUTLS_OPENPGP_FMT_BASE64 */

130

#elif GNUTLS_VERSION_NUMBER >= 0x030606

131

#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,

132

GNUTLS_PKCS_PLAIN,

133

GNUTLS_PKCS_NULL_PASSWORD */

134

#endif

128

135

129

136

/* GPGME */

130

137

#include <gpgme.h> /* All GPGME types, constants and

138

145

#define PATHDIR "/conf/conf.d/mandos"

139

146

#define SECKEY "seckey.txt"

140

147

#define PUBKEY "pubkey.txt"

148

#define TLS_PRIVKEY "tls-privkey.pem"

149

#define TLS_PUBKEY "tls-pubkey.pem"

141

150

#define HOOKDIR "/lib/mandos/network-hooks.d"

142

151

143

152

bool debug = false;

271

280

return true;

272

281

}

273

282

283

/* Set effective uid to 0, return errno */

284

__attribute__((warn_unused_result))

285

int raise_privileges(void){

286

int old_errno = errno;

287

int ret = 0;

288

if(seteuid(0) == -1){

289

ret = errno;

290

}

291

errno = old_errno;

292

return ret;

293

}

294

295

/* Set effective and real user ID to 0. Return errno. */

296

__attribute__((warn_unused_result))

297

int raise_privileges_permanently(void){

298

int old_errno = errno;

299

int ret = raise_privileges();

300

if(ret != 0){

301

errno = old_errno;

302

return ret;

303

}

304

if(setuid(0) == -1){

305

ret = errno;

306

}

307

errno = old_errno;

308

return ret;

309

}

310

311

/* Set effective user ID to unprivileged saved user ID */

312

__attribute__((warn_unused_result))

313

int lower_privileges(void){

314

int old_errno = errno;

315

int ret = 0;

316

if(seteuid(uid) == -1){

317

ret = errno;

318

}

319

errno = old_errno;

320

return ret;

321

}

322

323

/* Lower privileges permanently */

324

__attribute__((warn_unused_result))

325

int lower_privileges_permanently(void){

326

int old_errno = errno;

327

int ret = 0;

328

if(setuid(uid) == -1){

329

ret = errno;

330

}

331

errno = old_errno;

332

return ret;

333

}

334

274

335

275

336

* Initialize GPGME.

276

337

296

357

return false;

297

358

}

298

359

360

/* Workaround for systems without a real-time clock; see also

361

Debian bug #894495: <https://bugs.debian.org/894495> */

362

do {

363

{

364

time_t currtime = time(NULL);

365

if(currtime != (time_t)-1){

366

struct tm tm;

367

if(gmtime_r(&currtime, &tm) == NULL) {

368

perror_plus("gmtime_r");

369

break;

370

}

371

if(tm.tm_year != 70 or tm.tm_mon != 0){

372

break;

373

}

374

if(debug){

375

fprintf_plus(stderr, "System clock is January 1970");

376

}

377

} else {

378

if(debug){

379

fprintf_plus(stderr, "System clock is invalid");

380

}

381

}

382

}

383

struct stat keystat;

384

ret = fstat(fd, &keystat);

385

if(ret != 0){

386

perror_plus("fstat");

387

break;

388

}

389

ret = raise_privileges();

390

if(ret != 0){

391

errno = ret;

392

perror_plus("Failed to raise privileges");

393

break;

394

}

395

if(debug){

396

fprintf_plus(stderr,

397

"Setting system clock to key file mtime");

398

}

399

time_t keytime = keystat.st_mtim.tv_sec;

400

if(stime(&keytime) != 0){

401

perror_plus("stime");

402

}

403

ret = lower_privileges();

404

if(ret != 0){

405

errno = ret;

406

perror_plus("Failed to lower privileges");

407

}

408

} while(false);

409

299

410

rc = gpgme_data_new_from_fd(&pgp_data, fd);

300

411

if(rc != GPG_ERR_NO_ERROR){

301

412

fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

309

420

gpgme_strsource(rc), gpgme_strerror(rc));

310

421

return false;

311

422

}

423

{

424

gpgme_import_result_t import_result

425

= gpgme_op_import_result(mc->ctx);

426

if((import_result->imported < 1

427

or import_result->not_imported > 0)

428

and import_result->unchanged == 0){

429

fprintf_plus(stderr, "bad gpgme_op_import_results:\n");

430

fprintf_plus(stderr,

431

"The total number of considered keys: %d\n",

432

import_result->considered);

433

fprintf_plus(stderr,

434

"The number of keys without user ID: %d\n",

435

import_result->no_user_id);

436

fprintf_plus(stderr,

437

"The total number of imported keys: %d\n",

438

import_result->imported);

439

fprintf_plus(stderr, "The number of imported RSA keys: %d\n",

440

import_result->imported_rsa);

441

fprintf_plus(stderr, "The number of unchanged keys: %d\n",

442

import_result->unchanged);

443

fprintf_plus(stderr, "The number of new user IDs: %d\n",

444

import_result->new_user_ids);

445

fprintf_plus(stderr, "The number of new sub keys: %d\n",

446

import_result->new_sub_keys);

447

fprintf_plus(stderr, "The number of new signatures: %d\n",

448

import_result->new_signatures);

449

fprintf_plus(stderr, "The number of new revocations: %d\n",

450

import_result->new_revocations);

451

fprintf_plus(stderr,

452

"The total number of secret keys read: %d\n",

453

import_result->secret_read);

454

fprintf_plus(stderr,

455

"The number of imported secret keys: %d\n",

456

import_result->secret_imported);

457

fprintf_plus(stderr,

458

"The number of unchanged secret keys: %d\n",

459

import_result->secret_unchanged);

460

fprintf_plus(stderr, "The number of keys not imported: %d\n",

461

import_result->not_imported);

462

for(gpgme_import_status_t import_status

463

= import_result->imports;

464

import_status != NULL;

465

import_status = import_status->next){

466

fprintf_plus(stderr, "Import status for key: %s\n",

467

import_status->fpr);

468

if(import_status->result != GPG_ERR_NO_ERROR){

469

fprintf_plus(stderr, "Import result: %s: %s\n",

470

gpgme_strsource(import_status->result),

471

gpgme_strerror(import_status->result));

472

}

473

fprintf_plus(stderr, "Key status:\n");

474

fprintf_plus(stderr,

475

import_status->status & GPGME_IMPORT_NEW

476

? "The key was new.\n"

477

: "The key was not new.\n");

478

fprintf_plus(stderr,

479

import_status->status & GPGME_IMPORT_UID

480

? "The key contained new user IDs.\n"

481

: "The key did not contain new user IDs.\n");

482

fprintf_plus(stderr,

483

import_status->status & GPGME_IMPORT_SIG

484

? "The key contained new signatures.\n"

485

: "The key did not contain new signatures.\n");

486

fprintf_plus(stderr,

487

import_status->status & GPGME_IMPORT_SUBKEY

488

? "The key contained new sub keys.\n"

489

: "The key did not contain new sub keys.\n");

490

fprintf_plus(stderr,

491

import_status->status & GPGME_IMPORT_SECRET

492

? "The key contained a secret key.\n"

493

: "The key did not contain a secret key.\n");

494

}

495

return false;

496

}

497

}

312

498

313

499

ret = close(fd);

314

500

if(ret == -1){

355

541

/* Create new GPGME "context" */

356

542

rc = gpgme_new(&(mc->ctx));

357

543

if(rc != GPG_ERR_NO_ERROR){

358

fprintf_plus(stderr, "Mandos plugin mandos-client: "

359

"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),

360

gpgme_strerror(rc));

544

fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",

545

gpgme_strsource(rc), gpgme_strerror(rc));

361

546

return false;

362

547

}

363

548

399

584

/* Create new empty GPGME data buffer for the plaintext */

400

585

rc = gpgme_data_new(&dh_plain);

401

586

if(rc != GPG_ERR_NO_ERROR){

402

fprintf_plus(stderr, "Mandos plugin mandos-client: "

403

"bad gpgme_data_new: %s: %s\n",

587

fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",

404

588

gpgme_strsource(rc), gpgme_strerror(rc));

405

589

gpgme_data_release(dh_crypto);

406

590

return -1;

419

603

if(result == NULL){

420

604

fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");

421

605

} else {

422

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

423

result->unsupported_algorithm);

424

fprintf_plus(stderr, "Wrong key usage: %u\n",

425

result->wrong_key_usage);

606

if(result->unsupported_algorithm != NULL) {

607

fprintf_plus(stderr, "Unsupported algorithm: %s\n",

608

result->unsupported_algorithm);

609

}

610

fprintf_plus(stderr, "Wrong key usage: %s\n",

611

result->wrong_key_usage ? "Yes" : "No");

426

612

if(result->file_name != NULL){

427

613

fprintf_plus(stderr, "File name: %s\n", result->file_name);

428

614

}

429

gpgme_recipient_t recipient;

430

recipient = result->recipients;

431

while(recipient != NULL){

615

616

for(gpgme_recipient_t r = result->recipients; r != NULL;

617

r = r->next){

432

618

fprintf_plus(stderr, "Public key algorithm: %s\n",

433

gpgme_pubkey_algo_name

434

(recipient->pubkey_algo));

435

fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);

619

gpgme_pubkey_algo_name(r->pubkey_algo));

620

fprintf_plus(stderr, "Key ID: %s\n", r->keyid);

436

621

fprintf_plus(stderr, "Secret key available: %s\n",

437

recipient->status == GPG_ERR_NO_SECKEY

438

? "No" : "Yes");

439

recipient = recipient->next;

622

r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

440

623

}

441

624

}

442

625

}

524

707

const char *dhparamsfilename,

525

708

mandos_context *mc){

526

709

int ret;

527

unsigned int uret;

528

710

529

711

if(debug){

530

712

fprintf_plus(stderr, "Initializing GnuTLS\n");

547

729

}

548

730

549

731

if(debug){

550

fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"

551

" secret key %s as GnuTLS credentials\n",

732

fprintf_plus(stderr, "Attempting to use public key %s and"

733

" private key %s as GnuTLS credentials\n",

552

734

pubkeyfilename,

553

735

seckeyfilename);

554

736

}

555

737

738

#if GNUTLS_VERSION_NUMBER >= 0x030606

739

ret = gnutls_certificate_set_rawpk_key_file

740

(mc->cred, pubkeyfilename, seckeyfilename,

741

GNUTLS_X509_FMT_PEM, /* format */

742

NULL, /* pass */

743

/* key_usage */

744

GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,

745

NULL, /* names */

746

0, /* names_length */

747

/* privkey_flags */

748

GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,

749

0); /* pkcs11_flags */

750

#elif GNUTLS_VERSION_NUMBER < 0x030600

556

751

ret = gnutls_certificate_set_openpgp_key_file

557

752

(mc->cred, pubkeyfilename, seckeyfilename,

558

753

GNUTLS_OPENPGP_FMT_BASE64);

754

#else

755

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

756

#endif

559

757

if(ret != GNUTLS_E_SUCCESS){

560

758

fprintf_plus(stderr,

561

"Error[%d] while reading the OpenPGP key pair ('%s',"

759

"Error[%d] while reading the key pair ('%s',"

562

760

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

563

761

fprintf_plus(stderr, "The GnuTLS error is: %s\n",

564

762

safer_gnutls_strerror(ret));

612

810

}

613

811

params.size += (unsigned int)bytes_read;

614

812

}

813

ret = close(dhpfile);

814

if(ret == -1){

815

perror_plus("close");

816

}

615

817

if(params.data == NULL){

616

818

dhparamsfilename = NULL;

617

819

}

631

833

}

632

834

if(dhparamsfilename == NULL){

633

835

if(mc->dh_bits == 0){

836

#if GNUTLS_VERSION_NUMBER < 0x030600

634

837

/* Find out the optimal number of DH bits */

635

838

/* Try to read the private key file */

636

839

gnutls_datum_t buffer = { .data = NULL, .size = 0 };

716

919

}

717

920

}

718

921

}

719

uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);

922

unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);

720

923

if(uret != 0){

721

924

mc->dh_bits = uret;

722

925

if(debug){

734

937

safer_gnutls_strerror(ret));

735

938

goto globalfail;

736

939

}

737

} else if(debug){

738

fprintf_plus(stderr, "DH bits explicitly set to %u\n",

739

mc->dh_bits);

740

}

741

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

742

if(ret != GNUTLS_E_SUCCESS){

743

fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"

744

" bits): %s\n", mc->dh_bits,

745

safer_gnutls_strerror(ret));

746

goto globalfail;

940

#endif

941

} else { /* dh_bits != 0 */

942

if(debug){

943

fprintf_plus(stderr, "DH bits explicitly set to %u\n",

944

mc->dh_bits);

945

}

946

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

947

if(ret != GNUTLS_E_SUCCESS){

948

fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"

949

" bits): %s\n", mc->dh_bits,

950

safer_gnutls_strerror(ret));

951

goto globalfail;

952

}

953

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

747

954

}

748

955

}

749

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

750

956

751

957

return 0;

752

958

763

969

int ret;

764

970

/* GnuTLS session creation */

765

971

do {

766

ret = gnutls_init(session, GNUTLS_SERVER);

972

ret = gnutls_init(session, (GNUTLS_SERVER

973

#if GNUTLS_VERSION_NUMBER >= 0x030506

974

| GNUTLS_NO_TICKETS

975

#endif

976

#if GNUTLS_VERSION_NUMBER >= 0x030606

977

| GNUTLS_ENABLE_RAWPK

978

#endif

979

));

767

980

if(quit_now){

768

981

return -1;

769

982

}

817

1030

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

818

1031

__attribute__((unused)) const char *txt){}

819

1032

820

/* Set effective uid to 0, return errno */

821

__attribute__((warn_unused_result))

822

int raise_privileges(void){

823

int old_errno = errno;

824

int ret = 0;

825

if(seteuid(0) == -1){

826

ret = errno;

827

}

828

errno = old_errno;

829

return ret;

830

}

831

832

/* Set effective and real user ID to 0. Return errno. */

833

__attribute__((warn_unused_result))

834

int raise_privileges_permanently(void){

835

int old_errno = errno;

836

int ret = raise_privileges();

837

if(ret != 0){

838

errno = old_errno;

839

return ret;

840

}

841

if(setuid(0) == -1){

842

ret = errno;

843

}

844

errno = old_errno;

845

return ret;

846

}

847

848

/* Set effective user ID to unprivileged saved user ID */

849

__attribute__((warn_unused_result))

850

int lower_privileges(void){

851

int old_errno = errno;

852

int ret = 0;

853

if(seteuid(uid) == -1){

854

ret = errno;

855

}

856

errno = old_errno;

857

return ret;

858

}

859

860

/* Lower privileges permanently */

861

__attribute__((warn_unused_result))

862

int lower_privileges_permanently(void){

863

int old_errno = errno;

864

int ret = 0;

865

if(setuid(uid) == -1){

866

ret = errno;

867

}

868

errno = old_errno;

869

return ret;

870

}

871

872

1033

/* Helper function to add_local_route() and delete_local_route() */

873

1034

__attribute__((nonnull, warn_unused_result))

874

1035

static bool add_delete_local_route(const bool add,

1654

1815

perror_plus("ioctl SIOCGIFFLAGS");

1655

1816

errno = old_errno;

1656

1817

}

1818

if((close(s) == -1) and debug){

1819

old_errno = errno;

1820

perror_plus("close");

1821

errno = old_errno;

1822

}

1657

1823

return false;

1658

1824

}

1825

if((close(s) == -1) and debug){

1826

old_errno = errno;

1827

perror_plus("close");

1828

errno = old_errno;

1829

}

1659

1830

return true;

1660

1831

}

1661

1832

1922

2093

return;

1923

2094

}

1924

2095

}

2096

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

2097

if(devnull == -1){

2098

perror_plus("open(\"/dev/null\", O_RDONLY)");

2099

return;

2100

}

1925

2101

int numhooks = scandirat(hookdir_fd, ".", &direntries,

1926

2102

runnable_hook, alphasort);

1927

2103

if(numhooks == -1){

1928

2104

perror_plus("scandir");

2105

close(devnull);

1929

2106

return;

1930

2107

}

1931

2108

struct dirent *direntry;

1932

2109

int ret;

1933

int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));

1934

if(devnull == -1){

1935

perror_plus("open(\"/dev/null\", O_RDONLY)");

1936

return;

1937

}

1938

2110

for(int i = 0; i < numhooks; i++){

1939

2111

direntry = direntries[i];

1940

2112

if(debug){

2289

2461

2290

2462

int main(int argc, char *argv[]){

2291

2463

mandos_context mc = { .server = NULL, .dh_bits = 0,

2464

#if GNUTLS_VERSION_NUMBER >= 0x030606

2465

.priority = "SECURE128:!CTYPE-X.509"

2466

":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"

2467

":%PROFILE_ULTRA",

2468

#elif GNUTLS_VERSION_NUMBER < 0x030600

2292

2469

.priority = "SECURE256:!CTYPE-X.509"

2293

2470

":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",

2471

#else

2472

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

2473

#endif

2294

2474

.current_server = NULL, .interfaces = NULL,

2295

2475

.interfaces_size = 0 };

2296

2476

AvahiSServiceBrowser *sb = NULL;

2307

2487

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

2308

2488

const char *seckey = PATHDIR "/" SECKEY;

2309

2489

const char *pubkey = PATHDIR "/" PUBKEY;

2490

#if GNUTLS_VERSION_NUMBER >= 0x030606

2491

const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;

2492

const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;

2493

#endif

2310

2494

const char *dh_params_file = NULL;

2311

2495

char *interfaces_hooks = NULL;

2312

2496

2360

2544

{ .name = "pubkey", .key = 'p',

2361

2545

.arg = "FILE",

2362

2546

.doc = "OpenPGP public key file base name",

2363

.group = 2 },

2547

.group = 1 },

2548

{ .name = "tls-privkey", .key = 't',

2549

.arg = "FILE",

2550

#if GNUTLS_VERSION_NUMBER >= 0x030606

2551

.doc = "TLS private key file base name",

2552

#else

2553

.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",

2554

#endif

2555

.group = 1 },

2556

{ .name = "tls-pubkey", .key = 'T',

2557

.arg = "FILE",

2558

#if GNUTLS_VERSION_NUMBER >= 0x030606

2559

.doc = "TLS public key file base name",

2560

#else

2561

.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",

2562

#endif

2563

.group = 1 },

2364

2564

{ .name = "dh-bits", .key = 129,

2365

2565

.arg = "BITS",

2366

2566

.doc = "Bit length of the prime number used in the"

2422

2622

case 'p': /* --pubkey */

2423

2623

pubkey = arg;

2424

2624

break;

2625

case 't': /* --tls-privkey */

2626

#if GNUTLS_VERSION_NUMBER >= 0x030606

2627

tls_privkey = arg;

2628

#endif

2629

break;

2630

case 'T': /* --tls-pubkey */

2631

#if GNUTLS_VERSION_NUMBER >= 0x030606

2632

tls_pubkey = arg;

2633

#endif

2634

break;

2425

2635

case 129: /* --dh-bits */

2426

2636

errno = 0;

2427

2637

tmpmax = strtoimax(arg, &tmp, 10);

2781

2991

goto end;

2782

2992

}

2783

2993

2994

#if GNUTLS_VERSION_NUMBER >= 0x030606

2995

ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);

2996

#elif GNUTLS_VERSION_NUMBER < 0x030600

2784

2997

ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);

2998

#else

2999

#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"

3000

#endif

2785

3001

if(ret == -1){

2786

3002

fprintf_plus(stderr, "init_gnutls_global failed\n");

2787

3003

exitcode = EX_UNAVAILABLE;

3060

3276

| O_PATH));

3061

3277

if(dir_fd == -1){

3062

3278

perror_plus("open");

3279

return;

3063

3280

}

3064

3281

int numentries = scandirat(dir_fd, ".", &direntries,

3065

3282

notdotentries, alphasort);

3082

3299

clean_dir_at(dir_fd, direntries[i]->d_name, level+1);

3083

3300

dret = 0;

3084

3301

}

3085

if(dret == -1){

3302

if((dret == -1) and (errno != ENOENT)){

3086

3303

fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,

3087

3304

direntries[i]->d_name, strerror(errno));

3088

3305

}

3092

3309

3093

3310

/* need to clean even if 0 because man page doesn't specify */

3094

3311

free(direntries);

3095

if(numentries == -1){

3096

perror_plus("scandirat");

3097

}

3098

3312

dret = unlinkat(base, dirname, AT_REMOVEDIR);

3099

3313

if(dret == -1 and errno != ENOENT){

3100

3314

perror_plus("rmdir");

Older »