/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
bugs.xml

debian/mandos-client.examples

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

/* -*- coding: utf-8 -*- */

* Usplash - Read a password from usplash and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* Plymouth - Read a password from Plymouth and output it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <stddef.h> /* NULL */

#include <string.h> /* strchr(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), fopen(),

fscanf() */

fscanf(), vasprintf(), fprintf(),

vfprintf() */

#include <unistd.h> /* close(), readlink(), read(),

fork(), setsid(), chdir(), dup2(),

STDERR_FILENO, execv(), access() */

#include <error.h> /* error() */

#include <errno.h> /* TEMP_FAILURE_RETRY */

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

const char plymouth_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

const char *plymouthd_default_argv[] = {"/sbin/plymouthd",

"--mode=boot",

"--attach-to-session",

"--pid-file="

"/dev/.initramfs/"

"plymouth.pid",

NULL };

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

100

error(status, errnum, "%s", text);

101

free(text);

102

}

103

104

/* Create prompt string */

105

char *makeprompt(void){

106

int ret = 0;

107

char *prompt;

108

const char *const cryptsource = getenv("cryptsource");

109

const char *const crypttarget = getenv("crypttarget");

const char prompt_start[] = "Enter passphrase to unlock the disk";

110

const char prompt_start[] = "Unlocking the disk";

111

const char prompt_end[] = "Enter passphrase";

112

113

if(cryptsource == NULL){

114

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s: ", prompt_start);

115

ret = asprintf(&prompt, "%s\n%s", prompt_start, prompt_end);

116

} else {

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

crypttarget);

117

ret = asprintf(&prompt, "%s (%s)\n%s", prompt_start,

118

crypttarget, prompt_end);

119

}

120

} else {

121

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

122

ret = asprintf(&prompt, "%s %s\n%s", prompt_start, cryptsource,

123

prompt_end);

124

} else {

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

cryptsource, crypttarget);

125

ret = asprintf(&prompt, "%s %s (%s)\n%s", prompt_start,

126

cryptsource, crypttarget, prompt_end);

127

}

128

}

129

if(ret == -1){

107

140

bool become_a_daemon(void){

108

141

int ret = setuid(geteuid());

109

142

if(ret == -1){

110

error(0, errno, "setuid");

143

error_plus(0, errno, "setuid");

111

144

}

112

145

113

146

setsid();

114

147

ret = chdir("/");

115

148

if(ret == -1){

116

error(0, errno, "chdir");

149

error_plus(0, errno, "chdir");

117

150

return false;

118

151

}

119

152

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

120

153

if(ret == -1){

121

error(0, errno, "dup2");

154

error_plus(0, errno, "dup2");

122

155

return false;

123

156

}

124

157

return true;

125

158

}

126

159

160

__attribute__((nonnull (2, 3)))

127

161

bool exec_and_wait(pid_t *pid_return, const char *path,

128

const char **argv, bool interruptable,

162

const char * const *argv, bool interruptable,

129

163

bool daemonize){

130

164

int status;

131

165

int ret;

132

166

pid_t pid;

133

167

pid = fork();

134

168

if(pid == -1){

135

error(0, errno, "fork");

169

error_plus(0, errno, "fork");

136

170

return false;

137

171

}

138

172

if(pid == 0){

142

176

_exit(EX_OSERR);

143

177

}

144

178

}

145

146

char **new_argv = NULL;

147

char *tmp;

179

180

char **new_argv = malloc(sizeof(const char *));

181

if(new_argv == NULL){

182

error_plus(0, errno, "malloc");

183

_exit(EX_OSERR);

184

}

185

char **tmp;

148

186

int i = 0;

149

for (; argv[i]!=(char *)NULL; i++){

150

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

151

if (tmp == NULL){

152

error(0, errno, "realloc");

187

for (; argv[i] != NULL; i++){

188

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

189

if(tmp == NULL){

190

error_plus(0, errno, "realloc");

153

191

free(new_argv);

154

192

_exit(EX_OSERR);

155

193

}

156

new_argv = (char **)tmp;

194

new_argv = tmp;

157

195

new_argv[i] = strdup(argv[i]);

158

196

}

159

new_argv[i] = (char *) NULL;

197

new_argv[i] = NULL;

160

198

161

199

execv(path, (char *const *)new_argv);

162

error(0, errno, "execv");

200

error_plus(0, errno, "execv");

163

201

_exit(EXIT_FAILURE);

164

202

}

165

203

if(pid_return != NULL){

174

212

return false;

175

213

}

176

214

if(ret == -1){

177

error(0, errno, "waitpid");

215

error_plus(0, errno, "waitpid");

178

216

return false;

179

217

}

180

218

if(WIFEXITED(status) and (WEXITSTATUS(status) == 0)){

183

221

return false;

184

222

}

185

223

224

__attribute__((nonnull))

186

225

int is_plymouth(const struct dirent *proc_entry){

187

226

int ret;

188

227

{

189

uintmax_t maxvalue;

228

uintmax_t proc_id;

190

229

char *tmp;

191

230

errno = 0;

192

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

231

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

193

232

194

233

if(errno != 0 or *tmp != '\0'

195

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

234

or proc_id != (uintmax_t)((pid_t)proc_id)){

196

235

return 0;

197

236

}

198

237

}

200

239

char *exe_link;

201

240

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

202

241

if(ret == -1){

203

error(0, errno, "asprintf");

242

error_plus(0, errno, "asprintf");

204

243

return 0;

205

244

}

206

245

209

248

if(ret == -1){

210

249

free(exe_link);

211

250

if(errno != ENOENT){

212

error(0, errno, "lstat");

251

error_plus(0, errno, "lstat");

213

252

}

214

253

return 0;

215

254

}

233

272

234

273

pid_t get_pid(void){

235

274

int ret;

275

uintmax_t proc_id = 0;

236

276

FILE *pidfile = fopen(plymouth_pid, "r");

237

uintmax_t maxvalue = 0;

277

/* Try the new pid file location */

238

278

if(pidfile != NULL){

239

ret = fscanf(pidfile, "%" SCNuMAX, &maxvalue);

279

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

240

280

if(ret != 1){

241

maxvalue = 0;

281

proc_id = 0;

242

282

}

243

283

fclose(pidfile);

244

284

}

245

if(maxvalue == 0){

246

struct dirent **direntries;

285

/* Try the old pid file location */

286

if(proc_id == 0){

287

pidfile = fopen(plymouth_old_pid, "r");

288

if(pidfile != NULL){

289

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

290

if(ret != 1){

291

proc_id = 0;

292

}

293

fclose(pidfile);

294

}

295

}

296

/* Try the old old pid file location */

297

if(proc_id == 0){

298

pidfile = fopen(plymouth_old_old_pid, "r");

299

if(pidfile != NULL){

300

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

301

if(ret != 1){

302

proc_id = 0;

303

}

304

fclose(pidfile);

305

}

306

}

307

/* Look for a plymouth process */

308

if(proc_id == 0){

309

struct dirent **direntries = NULL;

247

310

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

248

if (ret == -1){

249

error(0, errno, "scandir");

311

if(ret == -1){

312

error_plus(0, errno, "scandir");

250

313

}

251

if (ret > 0){

252

ret = sscanf(direntries[0]->d_name, "%" SCNuMAX, &maxvalue);

253

if (ret < 0){

254

error(0, errno, "sscanf");

314

if(ret > 0){

315

for(int i = ret-1; i >= 0; i--){

316

if(proc_id == 0){

317

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

318

if(ret < 0){

319

error_plus(0, errno, "sscanf");

320

}

321

}

322

free(direntries[i]);

255

323

}

256

324

}

325

/* scandir might preallocate for this variable (man page unclear).

326

even if ret == 0, therefore we need to free it. */

327

free(direntries);

257

328

}

258

329

pid_t pid;

259

pid = (pid_t)maxvalue;

260

if((uintmax_t)pid == maxvalue){

330

pid = (pid_t)proc_id;

331

if((uintmax_t)pid == proc_id){

261

332

return pid;

262

333

}

263

334

264

335

return 0;

265

336

}

266

337

267

const char **getargv(pid_t pid){

338

char **getargv(pid_t pid){

268

339

int cl_fd;

269

340

char *cmdline_filename;

270

341

ssize_t sret;

273

344

ret = asprintf(&cmdline_filename, "/proc/%" PRIuMAX "/cmdline",

274

345

(uintmax_t)pid);

275

346

if(ret == -1){

276

error(0, errno, "asprintf");

347

error_plus(0, errno, "asprintf");

277

348

return NULL;

278

349

}

279

350

281

352

cl_fd = open(cmdline_filename, O_RDONLY);

282

353

free(cmdline_filename);

283

354

if(cl_fd == -1){

284

error(0, errno, "open");

355

error_plus(0, errno, "open");

285

356

return NULL;

286

357

}

287

358

295

366

if(cmdline_len + blocksize > cmdline_allocated){

296

367

tmp = realloc(cmdline, cmdline_allocated + blocksize);

297

368

if(tmp == NULL){

298

error(0, errno, "realloc");

369

error_plus(0, errno, "realloc");

299

370

free(cmdline);

300

371

close(cl_fd);

301

372

return NULL;

308

379

sret = read(cl_fd, cmdline + cmdline_len,

309

380

cmdline_allocated - cmdline_len);

310

381

if(sret == -1){

311

error(0, errno, "read");

382

error_plus(0, errno, "read");

312

383

free(cmdline);

313

384

close(cl_fd);

314

385

return NULL;

317

388

} while(sret != 0);

318

389

ret = close(cl_fd);

319

390

if(ret == -1){

320

error(0, errno, "close");

391

error_plus(0, errno, "close");

321

392

free(cmdline);

322

393

return NULL;

323

394

}

326

397

char **argv = malloc((argz_count(cmdline, cmdline_len) + 1)

327

398

* sizeof(char *)); /* Get number of args */

328

399

if(argv == NULL){

329

error(0, errno, "argv = malloc()");

400

error_plus(0, errno, "argv = malloc()");

330

401

free(cmdline);

331

402

return NULL;

332

403

}

333

404

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

334

return (const char **)argv;

405

return argv;

335

406

}

336

407

337

408

int main(__attribute__((unused))int argc,

359

430

*sig != 0; sig++){

360

431

ret = sigaddset(&new_action.sa_mask, *sig);

361

432

if(ret == -1){

362

error(EX_OSERR, errno, "sigaddset");

433

error_plus(EX_OSERR, errno, "sigaddset");

363

434

}

364

435

ret = sigaction(*sig, NULL, &old_action);

365

436

if(ret == -1){

366

error(EX_OSERR, errno, "sigaction");

437

error_plus(EX_OSERR, errno, "sigaction");

367

438

}

368

439

if(old_action.sa_handler != SIG_IGN){

369

440

ret = sigaction(*sig, &new_action, NULL);

370

441

if(ret == -1){

371

error(EX_OSERR, errno, "sigaction");

442

error_plus(EX_OSERR, errno, "sigaction");

372

443

}

373

444

}

374

445

}

393

464

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

394

465

free(prompt);

395

466

if(ret == -1){

396

error(EX_OSERR, errno, "asprintf");

467

error_plus(EX_OSERR, errno, "asprintf");

397

468

}

398

469

399

470

/* plymouth ask-for-password --prompt="$prompt" */

412

483

}

413

484

kill_and_wait(plymouth_command_pid);

414

485

415

const char **plymouthd_argv;

486

char **plymouthd_argv = NULL;

416

487

pid_t pid = get_pid();

417

488

if(pid == 0){

418

error(0, 0, "plymouthd pid not found");

419

plymouthd_argv = plymouthd_default_argv;

489

error_plus(0, 0, "plymouthd pid not found");

420

490

} else {

421

491

plymouthd_argv = getargv(pid);

422

492

}

425

495

{ plymouth_path, "quit", NULL },

426

496

false, false);

427

497

if(not bret){

498

if(plymouthd_argv != NULL){

499

free(*plymouthd_argv);

500

free(plymouthd_argv);

501

}

428

502

exit(EXIT_FAILURE);

429

503

}

430

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

504

bret = exec_and_wait(NULL, plymouthd_path,

505

(plymouthd_argv != NULL)

506

? (const char * const *)plymouthd_argv

507

: plymouthd_default_argv,

431

508

false, true);

509

if(plymouthd_argv != NULL){

510

free(*plymouthd_argv);

511

free(plymouthd_argv);

512

}

432

513

if(not bret){

433

514

exit(EXIT_FAILURE);

434

515

}

Older »