=== modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2008-09-05 23:39:07 +0000 +++ initramfs-tools-hook 2008-09-06 15:34:21 +0000 @@ -52,11 +52,13 @@ fi mandos_user="`{ getent passwd mandos \ - || getent passwd nobody \ - || echo ::65534::::; } | awk -F: '{ print $3 }'`" + || getent passwd nobody \ + || echo ::65534::::; } \ + | awk --field-separator=: '{ print $3 }'`" mandos_group="`{ getent group mandos \ - || getent group nogroup \ - || echo ::65534:; } | awk -F: '{ print $3 }'`" + || getent group nogroup \ + || echo ::65534:; } \ + | awk --field-separator=: '{ print $3 }'`" # The Mandos network client uses the network auto_add_modules net @@ -104,8 +106,9 @@ done # GPGME needs /usr/bin/gpg -if ! [ -e "${DESTDIR}/usr/bin/gpg" ] \ - && [ -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* 2>/dev/null`" ]; then +if [ ! -e "${DESTDIR}/usr/bin/gpg" \ + -a -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* \ + 2>/dev/null`" ]; then copy_exec /usr/bin/gpg fi @@ -154,6 +157,6 @@ fi done for dir in /lib /usr/lib; do - find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -o -print0 \ + find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -or -print0 \ | xargs --null --no-run-if-empty chmod a+rX done === modified file 'mandos-keygen' --- mandos-keygen 2008-09-05 23:39:07 +0000 +++ mandos-keygen 2008-09-06 15:34:21 +0000 @@ -148,8 +148,8 @@ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;; esac - if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \ - && [ "$FORCE" -eq 0 ]; then + if [ \( -e "$SECKEYFILE" -o -e "$PUBKEYFILE" \) \ + -a "$FORCE" -eq 0 ]; then echo "Refusing to overwrite old key files; use --force" >&2 exit 1 fi @@ -254,7 +254,8 @@ FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \ --enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \ --fingerprint --with-colons \ - | sed -n -e '/^fpr:/{s/^fpr:.*:\\([0-9A-Z]*\\):\$/\\1/p;q}'`" + | sed --quiet \ + --expression='/^fpr:/{s/^fpr:.*:\\([0-9A-Z]*\\):\$/\\1/p;q}'`" test -n "$FINGERPRINT" @@ -262,7 +263,7 @@ stty -echo echo -n "Enter passphrase: " >&2 - sed -e '1q' \ + head --lines=1 | tr --delete '\n' \ | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \ --homedir "$RINGDIR" --trust-model always --armor --encrypt \ --recipient "$FINGERPRINT" --comment "$FILECOMMENT" \ @@ -276,7 +277,7 @@ fingerprint = $FINGERPRINT secret = EOF - sed -n -e ' + sed --quiet --expression=' /^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{ /^$/,${ # Remove 24-bit Radix-64 checksum === modified file 'plugin-runner.c' --- plugin-runner.c 2008-09-04 19:59:05 +0000 +++ plugin-runner.c 2008-09-06 15:34:21 +0000 @@ -255,9 +255,6 @@ /* Prints out a password to stdout */ bool print_out_password(const char *buffer, size_t length){ ssize_t ret; - if(length>0 and buffer[length-1] == '\n'){ - length--; - } for(size_t written = 0; written < length; written += (size_t)ret){ ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written, length - written)); @@ -1041,7 +1038,13 @@ bool bret; fprintf(stderr, "Going to fallback mode using getpass(3)\n"); char *passwordbuffer = getpass("Password: "); - bret = print_out_password(passwordbuffer, strlen(passwordbuffer)); + size_t len = strlen(passwordbuffer); + /* Strip trailing newline */ + if(len > 0 and passwordbuffer[len-1] == '\n'){ + passwordbuffer[len-1] = '\0'; /* not strictly necessary */ + len--; + } + bret = print_out_password(passwordbuffer, len); if(not bret){ perror("print_out_password"); exitstatus = EXIT_FAILURE; === modified file 'plugin-runner.xml' --- plugin-runner.xml 2008-09-05 18:19:52 +0000 +++ plugin-runner.xml 2008-09-06 15:34:21 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -416,6 +416,11 @@ console. + If the password is a single-line, manually entered passprase, + a final trailing newline character should + not be printed. + + The plugin will run in the initial RAM disk environment, so care must be taken not to depend on any files or running services not available there. === modified file 'plugins.d/password-prompt.c' --- plugins.d/password-prompt.c 2008-09-06 00:19:53 +0000 +++ plugins.d/password-prompt.c 2008-09-06 15:34:21 +0000 @@ -216,6 +216,11 @@ status = EXIT_SUCCESS; /* Make n = data size instead of allocated buffer size */ n = (size_t)ret; + /* Strip final newline */ + if(n>0 and buffer[n-1] == '\n'){ + buffer[n-1] = '\0'; /* not strictly necessary */ + n--; + } size_t written = 0; while(written < n){ ret = write(STDOUT_FILENO, buffer + written, n - written); === modified file 'plugins.d/password-request.c' --- plugins.d/password-request.c 2008-09-06 00:19:53 +0000 +++ plugins.d/password-request.c 2008-09-06 15:34:21 +0000 @@ -107,7 +107,7 @@ #define PATHDIR "/conf/conf.d/mandos" #define SECKEY "seckey.txt" -#define PUBKEY "pupkey.txt" +#define PUBKEY "pubkey.txt" bool debug = false; static const char mandos_protocol_version[] = "1"; @@ -150,7 +150,7 @@ int ret; gpgme_error_t rc; gpgme_engine_info_t engine_info; - + /* * Helper function to insert pub and seckey to the enigne keyring. @@ -171,14 +171,14 @@ gpgme_strsource(rc), gpgme_strerror(rc)); return false; } - + rc = gpgme_op_import(mc->ctx, pgp_data); if (rc != GPG_ERR_NO_ERROR){ fprintf(stderr, "bad gpgme_op_import: %s: %s\n", gpgme_strsource(rc), gpgme_strerror(rc)); return false; } - + ret = TEMP_FAILURE_RETRY(close(fd)); if(ret == -1){ perror("close"); @@ -190,7 +190,7 @@ if (debug){ fprintf(stderr, "Initialize gpgme\n"); } - + /* Init GPGME */ gpgme_check_version(NULL); rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); @@ -199,7 +199,7 @@ gpgme_strsource(rc), gpgme_strerror(rc)); return false; } - + /* Set GPGME home directory for the OpenPGP engine only */ rc = gpgme_get_engine_info (&engine_info); if (rc != GPG_ERR_NO_ERROR){ @@ -219,7 +219,7 @@ fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir); return false; } - + /* Create new GPGME "context" */ rc = gpgme_new(&(mc->ctx)); if (rc != GPG_ERR_NO_ERROR){ @@ -1099,11 +1099,11 @@ gnutls_certificate_free_credentials(mc.cred); gnutls_global_deinit (); } - + if(pgpme_initalized){ gpgme_release(mc.ctx); } - + /* Removes the temp directory used by GPGME */ if(tempdir[0] != '\0'){ DIR *d;