/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
bugs.xml

debian/mandos-client.examples

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

* Plymouth - Read a password from Plymouth and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <stddef.h> /* NULL */

#include <string.h> /* strchr(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), fopen(),

fscanf() */

fscanf(), vasprintf(), fprintf(),

vfprintf() */

#include <unistd.h> /* close(), readlink(), read(),

fork(), setsid(), chdir(), dup2(),

STDERR_FILENO, execv(), access() */

#include <error.h> /* error() */

#include <errno.h> /* TEMP_FAILURE_RETRY */

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

const char plymouth_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

const char *plymouthd_default_argv[] = {"/sbin/plymouthd",

"--mode=boot",

"--attach-to-session",

"--pid-file="

"/dev/.initramfs/"

"plymouth.pid",

NULL };

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

100

error(status, errnum, "%s", text);

101

free(text);

102

}

103

104

/* Create prompt string */

105

char *makeprompt(void){

106

int ret = 0;

109

140

bool become_a_daemon(void){

110

141

int ret = setuid(geteuid());

111

142

if(ret == -1){

112

error(0, errno, "setuid");

143

error_plus(0, errno, "setuid");

113

144

}

114

145

115

146

setsid();

116

147

ret = chdir("/");

117

148

if(ret == -1){

118

error(0, errno, "chdir");

149

error_plus(0, errno, "chdir");

119

150

return false;

120

151

}

121

152

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

122

153

if(ret == -1){

123

error(0, errno, "dup2");

154

error_plus(0, errno, "dup2");

124

155

return false;

125

156

}

126

157

return true;

127

158

}

128

159

160

__attribute__((nonnull (2, 3)))

129

161

bool exec_and_wait(pid_t *pid_return, const char *path,

130

const char **argv, bool interruptable,

162

const char * const *argv, bool interruptable,

131

163

bool daemonize){

132

164

int status;

133

165

int ret;

134

166

pid_t pid;

135

167

pid = fork();

136

168

if(pid == -1){

137

error(0, errno, "fork");

169

error_plus(0, errno, "fork");

138

170

return false;

139

171

}

140

172

if(pid == 0){

145

177

}

146

178

}

147

179

148

char **new_argv = NULL;

180

char **new_argv = malloc(sizeof(const char *));

181

if(new_argv == NULL){

182

error_plus(0, errno, "malloc");

183

_exit(EX_OSERR);

184

}

149

185

char **tmp;

150

186

int i = 0;

151

for (; argv[i]!=NULL; i++){

152

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

153

if (tmp == NULL){

154

error(0, errno, "realloc");

187

for (; argv[i] != NULL; i++){

188

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

189

if(tmp == NULL){

190

error_plus(0, errno, "realloc");

155

191

free(new_argv);

156

192

_exit(EX_OSERR);

157

193

}

161

197

new_argv[i] = NULL;

162

198

163

199

execv(path, (char *const *)new_argv);

164

error(0, errno, "execv");

200

error_plus(0, errno, "execv");

165

201

_exit(EXIT_FAILURE);

166

202

}

167

203

if(pid_return != NULL){

176

212

return false;

177

213

}

178

214

if(ret == -1){

179

error(0, errno, "waitpid");

215

error_plus(0, errno, "waitpid");

180

216

return false;

181

217

}

182

218

if(WIFEXITED(status) and (WEXITSTATUS(status) == 0)){

185

221

return false;

186

222

}

187

223

224

__attribute__((nonnull))

188

225

int is_plymouth(const struct dirent *proc_entry){

189

226

int ret;

190

227

{

191

uintmax_t maxvalue;

228

uintmax_t proc_id;

192

229

char *tmp;

193

230

errno = 0;

194

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

231

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

195

232

196

233

if(errno != 0 or *tmp != '\0'

197

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

234

or proc_id != (uintmax_t)((pid_t)proc_id)){

198

235

return 0;

199

236

}

200

237

}

201

char exe_target[sizeof(plymouth_path)];

238

char exe_target[sizeof(plymouthd_path)];

202

239

char *exe_link;

203

240

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

204

241

if(ret == -1){

205

error(0, errno, "asprintf");

242

error_plus(0, errno, "asprintf");

206

243

return 0;

207

244

}

208

245

211

248

if(ret == -1){

212

249

free(exe_link);

213

250

if(errno != ENOENT){

214

error(0, errno, "lstat");

251

error_plus(0, errno, "lstat");

215

252

}

216

253

return 0;

217

254

}

225

262

226

263

ssize_t sret = readlink(exe_link, exe_target, sizeof(exe_target));

227

264

free(exe_link);

228

if((sret != (ssize_t)sizeof(plymouth_path)-1) or

229

(memcmp(plymouth_path, exe_target,

230

sizeof(plymouth_path)-1) != 0)){

265

if((sret != (ssize_t)sizeof(plymouthd_path)-1) or

266

(memcmp(plymouthd_path, exe_target,

267

sizeof(plymouthd_path)-1) != 0)){

231

268

return 0;

232

269

}

233

270

return 1;

235

272

236

273

pid_t get_pid(void){

237

274

int ret;

275

uintmax_t proc_id = 0;

238

276

FILE *pidfile = fopen(plymouth_pid, "r");

239

uintmax_t maxvalue = 0;

277

/* Try the new pid file location */

240

278

if(pidfile != NULL){

241

ret = fscanf(pidfile, "%" SCNuMAX, &maxvalue);

279

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

242

280

if(ret != 1){

243

maxvalue = 0;

281

proc_id = 0;

244

282

}

245

283

fclose(pidfile);

246

284

}

247

if(maxvalue == 0){

248

struct dirent **direntries;

285

/* Try the old pid file location */

286

if(proc_id == 0){

287

pidfile = fopen(plymouth_old_pid, "r");

288

if(pidfile != NULL){

289

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

290

if(ret != 1){

291

proc_id = 0;

292

}

293

fclose(pidfile);

294

}

295

}

296

/* Try the old old pid file location */

297

if(proc_id == 0){

298

pidfile = fopen(plymouth_old_old_pid, "r");

299

if(pidfile != NULL){

300

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

301

if(ret != 1){

302

proc_id = 0;

303

}

304

fclose(pidfile);

305

}

306

}

307

/* Look for a plymouth process */

308

if(proc_id == 0){

309

struct dirent **direntries = NULL;

249

310

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

250

sscanf(direntries[0]->d_name, "%" SCNuMAX, &maxvalue);

311

if(ret == -1){

312

error_plus(0, errno, "scandir");

313

}

314

if(ret > 0){

315

for(int i = ret-1; i >= 0; i--){

316

if(proc_id == 0){

317

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

318

if(ret < 0){

319

error_plus(0, errno, "sscanf");

320

}

321

}

322

free(direntries[i]);

323

}

324

}

325

/* scandir might preallocate for this variable (man page unclear).

326

even if ret == 0, therefore we need to free it. */

327

free(direntries);

251

328

}

252

329

pid_t pid;

253

pid = (pid_t)maxvalue;

254

if((uintmax_t)pid == maxvalue){

330

pid = (pid_t)proc_id;

331

if((uintmax_t)pid == proc_id){

255

332

return pid;

256

333

}

257

334

258

335

return 0;

259

336

}

260

337

261

const char **getargv(pid_t pid){

338

char **getargv(pid_t pid){

262

339

int cl_fd;

263

340

char *cmdline_filename;

264

341

ssize_t sret;

267

344

ret = asprintf(&cmdline_filename, "/proc/%" PRIuMAX "/cmdline",

268

345

(uintmax_t)pid);

269

346

if(ret == -1){

270

error(0, errno, "asprintf");

347

error_plus(0, errno, "asprintf");

271

348

return NULL;

272

349

}

273

350

275

352

cl_fd = open(cmdline_filename, O_RDONLY);

276

353

free(cmdline_filename);

277

354

if(cl_fd == -1){

278

error(0, errno, "open");

355

error_plus(0, errno, "open");

279

356

return NULL;

280

357

}

281

358

289

366

if(cmdline_len + blocksize > cmdline_allocated){

290

367

tmp = realloc(cmdline, cmdline_allocated + blocksize);

291

368

if(tmp == NULL){

292

error(0, errno, "realloc");

369

error_plus(0, errno, "realloc");

293

370

free(cmdline);

294

371

close(cl_fd);

295

372

return NULL;

302

379

sret = read(cl_fd, cmdline + cmdline_len,

303

380

cmdline_allocated - cmdline_len);

304

381

if(sret == -1){

305

error(0, errno, "read");

382

error_plus(0, errno, "read");

306

383

free(cmdline);

307

384

close(cl_fd);

308

385

return NULL;

311

388

} while(sret != 0);

312

389

ret = close(cl_fd);

313

390

if(ret == -1){

314

error(0, errno, "close");

391

error_plus(0, errno, "close");

315

392

free(cmdline);

316

393

return NULL;

317

394

}

320

397

char **argv = malloc((argz_count(cmdline, cmdline_len) + 1)

321

398

* sizeof(char *)); /* Get number of args */

322

399

if(argv == NULL){

323

error(0, errno, "argv = malloc()");

400

error_plus(0, errno, "argv = malloc()");

324

401

free(cmdline);

325

402

return NULL;

326

403

}

327

404

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

328

return (const char **)argv;

405

return argv;

329

406

}

330

407

331

408

int main(__attribute__((unused))int argc,

353

430

*sig != 0; sig++){

354

431

ret = sigaddset(&new_action.sa_mask, *sig);

355

432

if(ret == -1){

356

error(EX_OSERR, errno, "sigaddset");

433

error_plus(EX_OSERR, errno, "sigaddset");

357

434

}

358

435

ret = sigaction(*sig, NULL, &old_action);

359

436

if(ret == -1){

360

error(EX_OSERR, errno, "sigaction");

437

error_plus(EX_OSERR, errno, "sigaction");

361

438

}

362

439

if(old_action.sa_handler != SIG_IGN){

363

440

ret = sigaction(*sig, &new_action, NULL);

364

441

if(ret == -1){

365

error(EX_OSERR, errno, "sigaction");

442

error_plus(EX_OSERR, errno, "sigaction");

366

443

}

367

444

}

368

445

}

387

464

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

388

465

free(prompt);

389

466

if(ret == -1){

390

error(EX_OSERR, errno, "asprintf");

467

error_plus(EX_OSERR, errno, "asprintf");

391

468

}

392

469

393

470

/* plymouth ask-for-password --prompt="$prompt" */

406

483

}

407

484

kill_and_wait(plymouth_command_pid);

408

485

409

const char **plymouthd_argv;

486

char **plymouthd_argv = NULL;

410

487

pid_t pid = get_pid();

411

488

if(pid == 0){

412

error(0, 0, "plymouthd pid not found");

413

plymouthd_argv = plymouthd_default_argv;

489

error_plus(0, 0, "plymouthd pid not found");

414

490

} else {

415

491

plymouthd_argv = getargv(pid);

416

492

}

419

495

{ plymouth_path, "quit", NULL },

420

496

false, false);

421

497

if(not bret){

498

if(plymouthd_argv != NULL){

499

free(*plymouthd_argv);

500

free(plymouthd_argv);

501

}

422

502

exit(EXIT_FAILURE);

423

503

}

424

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

504

bret = exec_and_wait(NULL, plymouthd_path,

505

(plymouthd_argv != NULL)

506

? (const char * const *)plymouthd_argv

507

: plymouthd_default_argv,

425

508

false, true);

509

if(plymouthd_argv != NULL){

510

free(*plymouthd_argv);

511

free(plymouthd_argv);

512

}

426

513

if(not bret){

427

514

exit(EXIT_FAILURE);

428

515

}

Older »