=== modified file 'debian/copyright' --- debian/copyright 2020-07-04 11:58:52 +0000 +++ debian/copyright 2021-02-03 08:33:43 +0000 @@ -4,8 +4,8 @@ Source: Files: * -Copyright: Copyright © 2008-2020 Teddy Hogeborn - Copyright © 2008-2020 Björn Påhlsson +Copyright: Copyright © 2008-2021 Teddy Hogeborn + Copyright © 2008-2021 Björn Påhlsson License: GPL-3+ This file is part of Mandos. . === modified file 'debian/po/fr.po' --- debian/po/fr.po 2019-08-16 19:32:47 +0000 +++ debian/po/fr.po 2021-02-01 19:30:45 +0000 @@ -56,8 +56,8 @@ #. Type: note #. Description #: ../mandos.templates:1001 -msgid "mandos-keygen -F/dev/null|grep ^key_id" -msgstr "mandos-keygen -F/dev/null|grep ^key_id" +msgid " mandos-keygen -F/dev/null|grep ^key_id" +msgstr " mandos-keygen -F/dev/null|grep ^key_id" #. Type: note #. Description === modified file 'dracut-module/password-agent.c' --- dracut-module/password-agent.c 2020-11-29 22:54:26 +0000 +++ dracut-module/password-agent.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Mandos password agent - Simple password agent to run Mandos client * - * Copyright © 2019-2020 Teddy Hogeborn - * Copyright © 2019-2020 Björn Påhlsson + * Copyright © 2019-2021 Teddy Hogeborn + * Copyright © 2019-2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,11 +23,13 @@ * Contact the authors at . */ -#define _GNU_SOURCE -#include /* uintmax_t, PRIuMAX, PRIdMAX, - intmax_t, uint32_t, SCNx32, - SCNuMAX, SCNxMAX */ -#include /* size_t */ +#define _GNU_SOURCE /* pipe2(), O_CLOEXEC, setresgid(), + setresuid(), asprintf(), getline(), + basename() */ +#include /* uintmax_t, strtoumax(), PRIuMAX, + PRIdMAX, intmax_t, uint32_t, + SCNx32, SCNuMAX, SCNxMAX */ +#include /* size_t, NULL */ #include /* pid_t, uid_t, gid_t, getuid(), getpid() */ #include /* bool, true, false */ @@ -40,10 +42,17 @@ NSIG, sigismember(), SA_ONSTACK, SIG_DFL, SIG_IGN, SIGINT, SIGQUIT, SIGHUP, SIGSTOP, SIG_UNBLOCK */ +#include /* uid_t, gid_t, close(), pipe2(), + fork(), _exit(), dup2(), + STDOUT_FILENO, setresgid(), + setresuid(), execv(), ssize_t, + read(), dup3(), getuid(), dup(), + STDERR_FILENO, pause(), write(), + rmdir(), unlink(), getpid() */ #include /* EXIT_SUCCESS, EXIT_FAILURE, - malloc(), free(), strtoumax(), - realloc(), setenv(), calloc(), - mkdtemp(), mkostemp() */ + malloc(), free(), realloc(), + setenv(), calloc(), mkdtemp(), + mkostemp() */ #include /* not, or, and, xor */ #include /* error() */ #include /* EX_USAGE, EX_OSERR, EX_OSFILE */ @@ -57,7 +66,7 @@ #include /* strdup(), memcpy(), explicit_bzero(), memset(), strcmp(), strlen(), strncpy(), - memcmp(), basename() */ + memcmp(), basename(), strerror() */ #include /* argz_create(), argz_count(), argz_extract(), argz_next(), argz_add() */ @@ -73,14 +82,7 @@ ARGP_ERR_UNKNOWN, ARGP_KEY_ARGS, struct argp, argp_parse(), ARGP_NO_EXIT */ -#include /* SIZE_MAX */ -#include /* uid_t, gid_t, close(), pipe2(), - fork(), _exit(), dup2(), - STDOUT_FILENO, setresgid(), - setresuid(), execv(), ssize_t, - read(), dup3(), getuid(), dup(), - STDERR_FILENO, pause(), write(), - rmdir(), unlink(), getpid() */ +#include /* SIZE_MAX, uint32_t */ #include /* munlock(), mlock() */ #include /* O_CLOEXEC, O_NONBLOCK, fcntl(), F_GETFD, F_GETFL, FD_CLOEXEC, @@ -110,8 +112,9 @@ g_assert_null(), g_assert_false(), g_assert_cmpint(), g_assert_cmpuint(), g_test_skip(), g_assert_cmpstr(), - g_test_init(), g_test_add(), g_test_run(), - GOptionContext, g_option_context_new(), + g_test_message(), g_test_init(), g_test_add(), + g_test_run(), GOptionContext, + g_option_context_new(), g_option_context_set_help_enabled(), FALSE, g_option_context_set_ignore_unknown_options(), gboolean, GOptionEntry, G_OPTION_ARG_NONE, @@ -5978,8 +5981,7 @@ g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB"); return; } - free(message_buffer); - message_buffer = malloc(message_size); + message_buffer = realloc(message_buffer, message_size); if(message_buffer == NULL){ g_test_skip("Skipping EMSGSIZE test"); g_test_message("Failed to malloc() %" PRIuMAX " bytes", @@ -6006,6 +6008,7 @@ g_test_message("Error on send(): %s", strerror(saved_errno)); return; } + break; } else if(ssret != (ssize_t)message_size){ g_test_skip("Skipping EMSGSIZE test"); g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX === modified file 'dracut-module/password-agent.xml' --- dracut-module/password-agent.xml 2020-11-29 21:54:00 +0000 +++ dracut-module/password-agent.xml 2021-02-03 08:33:43 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -32,6 +32,7 @@ 2019 + 2020 Teddy Hogeborn Björn Påhlsson === modified file 'intro.xml' --- intro.xml 2020-11-29 21:54:00 +0000 +++ intro.xml 2021-02-03 08:33:43 +0000 @@ -1,7 +1,7 @@ + %common; ]> @@ -39,6 +39,7 @@ 2017 2018 2019 + 2020 Teddy Hogeborn Björn Påhlsson === modified file 'plugin-helpers/mandos-client-iprouteadddel.c' --- plugin-helpers/mandos-client-iprouteadddel.c 2018-02-18 01:29:21 +0000 +++ plugin-helpers/mandos-client-iprouteadddel.c 2021-02-03 08:40:41 +0000 @@ -2,8 +2,8 @@ /* * iprouteadddel - Add or delete direct route to a local IP address * - * Copyright © 2015-2018 Teddy Hogeborn - * Copyright © 2015-2018 Björn Påhlsson + * Copyright © 2015-2018, 2021 Teddy Hogeborn + * Copyright © 2015-2018, 2021 Björn Påhlsson * * This file is part of Mandos. * @@ -25,49 +25,57 @@ #define _GNU_SOURCE /* program_invocation_short_name */ #include /* bool, false, true */ -#include /* fprintf(), stderr, FILE, vfprintf */ -#include /* program_invocation_short_name, - errno, perror(), EINVAL, ENOMEM */ -#include /* va_list, va_start */ -#include /* EXIT_SUCCESS */ -#include /* struct argp_option, error_t, struct - argp_state, ARGP_KEY_ARG, +#include /* argp_program_version, + argp_program_bug_address, + struct argp_option, + struct argp_state, ARGP_KEY_ARG, argp_usage(), ARGP_KEY_END, ARGP_ERR_UNKNOWN, struct argp, - argp_parse() */ -#include /* EX_USAGE, EX_OSERR */ -#include /* sa_family_t, AF_INET6, AF_INET */ -#include /* PRIdMAX, intmax_t */ - + argp_parse(), ARGP_IN_ORDER */ +#include /* errno, + program_invocation_short_name, + error_t, EINVAL, ENOMEM */ +#include /* fprintf(), stderr, perror(), FILE, + vfprintf() */ +#include /* va_list, va_start(), vfprintf() */ +#include /* EXIT_SUCCESS */ #include /* struct nl_addr, nl_addr_parse(), nl_geterror(), - nl_addr_get_family(), + nl_addr_get_family(), NLM_F_EXCL, nl_addr_put() */ -#include /* struct rtnl_route, - struct rtnl_nexthop, - rtnl_route_alloc(), - rtnl_route_set_family(), - rtnl_route_set_protocol(), - RTPROT_BOOT, - rtnl_route_set_scope(), - RT_SCOPE_LINK, - rtnl_route_set_type(), - RTN_UNICAST, - rtnl_route_set_dst(), - rtnl_route_set_table(), - RT_TABLE_MAIN, - rtnl_route_nh_alloc(), - rtnl_route_nh_set_ifindex(), - rtnl_route_add_nexthop(), - rtnl_route_add(), - rtnl_route_delete(), - rtnl_route_put(), - rtnl_route_nh_free() */ +#include /* NULL */ +#include /* struct rtnl_route, + struct rtnl_nexthop, NETLINK_ROUTE, + rtnl_route_alloc(), + rtnl_route_set_family(), + rtnl_route_set_protocol(), + RTPROT_BOOT, + rtnl_route_set_scope(), + RT_SCOPE_LINK, + rtnl_route_set_type(), RTN_UNICAST, + rtnl_route_set_dst(), + rtnl_route_set_table(), + RT_TABLE_MAIN, + rtnl_route_nh_alloc(), + rtnl_route_nh_set_ifindex(), + rtnl_route_add_nexthop(), + rtnl_route_add(), + rtnl_route_delete(), + rtnl_route_put(), + rtnl_route_nh_free() */ #include /* struct nl_sock, nl_socket_alloc(), nl_connect(), nl_socket_free() */ -#include /* rtnl_link_get_kernel(), +#include /* strcasecmp() */ +#include /* AF_UNSPEC, AF_INET6, AF_INET */ +#include /* EX_USAGE, EX_OSERR */ +#include /* struct rtnl_link, + rtnl_link_get_kernel(), rtnl_link_get_ifindex(), rtnl_link_put() */ +#include /* sa_family_t */ +#include /* PRIdMAX, intmax_t */ +#include /* uint8_t */ + bool debug = false; const char *argp_program_version = "mandos-client-iprouteadddel " VERSION; @@ -85,7 +93,7 @@ __attribute__((format (gnu_printf, 2, 3), nonnull)) int fprintf_plus(FILE *stream, const char *format, ...){ va_list ap; - va_start (ap, format); + va_start(ap, format); fprintf(stream, "Mandos plugin helper %s: ", program_invocation_short_name); === modified file 'plugin-runner.c' --- plugin-runner.c 2020-07-04 11:58:52 +0000 +++ plugin-runner.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Mandos plugin runner - Run Mandos plugins * - * Copyright © 2008-2020 Teddy Hogeborn - * Copyright © 2008-2020 Björn Påhlsson + * Copyright © 2008-2021 Teddy Hogeborn + * Copyright © 2008-2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,55 +23,69 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(), - O_CLOEXEC, pipe2() */ +#define _GNU_SOURCE /* strchrnul(), TEMP_FAILURE_RETRY(), + getline(), asprintf(), O_CLOEXEC, + scandirat(), pipe2() */ +#include /* argp_program_version, + argp_program_bug_address, + struct argp_option, + struct argp_state, argp_error(), + ARGP_NO_EXIT, argp_state_help, + ARGP_HELP_STD_HELP, + ARGP_HELP_USAGE, ARGP_HELP_EXIT_OK, + ARGP_KEY_ARG, ARGP_ERR_UNKNOWN, + struct argp, argp_parse(), + ARGP_IN_ORDER, ARGP_NO_HELP */ +#include /* bool, false, true */ +#include /* pid_t, sig_atomic_t, uid_t, gid_t, + getuid(), setgid(), setuid() */ #include /* size_t, NULL */ -#include /* malloc(), reallocarray(), realloc(), - EXIT_SUCCESS, exit() */ -#include /* bool, true, false */ -#include /* fileno(), fprintf(), - stderr, STDOUT_FILENO, fclose() */ -#include /* fstat(), struct stat, waitpid(), - WIFEXITED(), WEXITSTATUS(), wait(), - pid_t, uid_t, gid_t, getuid(), - getgid() */ -#include /* fd_set, select(), FD_ZERO(), - FD_SET(), FD_ISSET(), FD_CLR */ -#include /* wait(), waitpid(), WIFEXITED(), - WEXITSTATUS(), WTERMSIG() */ -#include /* struct stat, fstat(), S_ISREG() */ -#include /* and, or, not */ -#include /* struct dirent, scandirat() */ -#include /* fcntl(), F_GETFD, F_SETFD, - FD_CLOEXEC, write(), STDOUT_FILENO, - struct stat, fstat(), close(), - setgid(), setuid(), S_ISREG(), - faccessat() pipe2(), fork(), - _exit(), dup2(), fexecve(), read() - */ +#include /* or, and, not */ +#include /* strcmp(), strdup(), strchrnul(), + strncmp(), strlen(), strcpy(), + strsep(), strchr(), strsignal() */ +#include /* malloc(), free(), reallocarray(), + realloc(), EXIT_SUCCESS */ +#include /* errno, EINTR, ENOMEM, ECHILD, + error_t, EINVAL, EMFILE, ENFILE, + ENOENT, ESRCH */ +#include /* SIZE_MAX */ +#define _GNU_SOURCE /* strchrnul(), TEMP_FAILURE_RETRY(), + getline(), asprintf(), O_CLOEXEC, + scandirat(), pipe2() */ +#include /* TEMP_FAILURE_RETRY(), ssize_t, + write(), STDOUT_FILENO, uid_t, + gid_t, getuid(), fchown(), close(), + symlink(), setgid(), setuid(), + faccessat(), X_OK, pipe(), pipe2(), + fork(), _exit(), dup2(), fexecve(), + read(), getpass() */ #include /* fcntl(), F_GETFD, F_SETFD, - FD_CLOEXEC, openat(), scandirat(), - pipe2() */ -#include /* strsep, strlen(), strsignal(), - strcmp(), strncmp() */ -#include /* errno */ -#include /* struct argp_option, struct - argp_state, struct argp, - argp_parse(), ARGP_ERR_UNKNOWN, - ARGP_KEY_END, ARGP_KEY_ARG, - error_t */ -#include /* struct sigaction, sigemptyset(), - sigaddset(), sigaction(), - sigprocmask(), SIG_BLOCK, SIGCHLD, - SIG_UNBLOCK, kill(), sig_atomic_t - */ -#include /* errno, EBADF */ -#include /* intmax_t, PRIdMAX, strtoimax() */ + FD_CLOEXEC, open(), O_RDONLY, + O_CLOEXEC, openat() */ +#include /* waitpid(), WNOHANG, WIFEXITED(), + WEXITSTATUS(), WIFSIGNALED(), + WTERMSIG(), wait() */ +#include /* error() */ +#include /* FILE, fprintf(), fopen(), + getline(), fclose(), EOF, + asprintf(), stderr */ +#include /* struct dirent, scandirat(), + alphasort() */ +#include /* struct stat, fstat(), S_ISDIR(), + lstat(), S_ISREG() */ +#include /* fd_set, FD_ZERO(), FD_SETSIZE, + FD_SET(), select(), FD_CLR(), + FD_ISSET() */ +#include /* struct sigaction, SA_NOCLDSTOP, + sigemptyset(), sigaddset(), + SIGCHLD, sigprocmask(), SIG_BLOCK, + SIG_UNBLOCK, kill(), SIGTERM */ #include /* EX_OSERR, EX_USAGE, EX_IOERR, EX_CONFIG, EX_UNAVAILABLE, EX_OK */ -#include /* errno */ -#include /* error() */ -#include /* fnmatch() */ +#include /* intmax_t, strtoimax(), PRIdMAX */ +#include /* fnmatch(), FNM_FILE_NAME, + FNM_PERIOD, FNM_NOMATCH */ #define BUFFER_SIZE 256 @@ -858,6 +872,15 @@ } close(plugindir_fd); } + + /* Work around Debian bug #981302 + */ + if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){ + ret = symlink("/proc/self/fd", "/dev/fd"); + if(ret == -1){ + error(0, errno, "Failed to create /dev/fd symlink"); + } + } } /* Lower permissions */ === modified file 'plugins.d/askpass-fifo.c' --- plugins.d/askpass-fifo.c 2019-02-11 07:06:55 +0000 +++ plugins.d/askpass-fifo.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Askpass-FIFO - Read a password from a FIFO and output it * - * Copyright © 2008-2019 Teddy Hogeborn - * Copyright © 2008-2019 Björn Påhlsson + * Copyright © 2008-2019, 2021 Teddy Hogeborn + * Copyright © 2008-2019, 2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,27 +23,31 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */ -#include /* uid_t, gid_t, ssize_t */ -#include /* mkfifo(), S_IRUSR, S_IWUSR */ -#include /* and */ -#include /* errno, EACCES, ENOTDIR, ELOOP, +#define _GNU_SOURCE /* vasprintf(), + program_invocation_short_name */ +#include /* uid_t, gid_t, getuid(), getgid(), + setgid(), setuid() */ +#include /* uid_t, gid_t, ssize_t, getuid(), + getgid(), setgid(), setuid(), + read(), close(), write(), + STDOUT_FILENO */ +#include /* va_list, va_start(), vfprintf() */ +#include /* vasprintf(), fprintf(), stderr, + vfprintf() */ +#include /* program_invocation_short_name, + errno, EACCES, ENOTDIR, ELOOP, ENAMETOOLONG, ENOSPC, EROFS, ENOENT, EEXIST, EFAULT, EMFILE, ENFILE, ENOMEM, EBADF, EINVAL, EIO, EISDIR, EFBIG */ +#include /* strerror() */ #include /* error() */ -#include /* fprintf(), vfprintf(), - vasprintf() */ -#include /* EXIT_FAILURE, NULL, size_t, free(), - realloc(), EXIT_SUCCESS */ +#include /* free(), realloc(), EXIT_SUCCESS */ +#include /* mkfifo(), S_IRUSR, S_IWUSR */ +#include /* EX_OSFILE, EX_OSERR, + EX_UNAVAILABLE, EX_IOERR */ #include /* open(), O_RDONLY */ -#include /* read(), close(), write(), - STDOUT_FILENO */ -#include /* EX_OSERR, EX_OSFILE, - EX_UNAVAILABLE, EX_IOERR */ -#include /* strerror() */ -#include /* va_list, va_start(), ... */ +#include /* NULL, size_t */ uid_t uid = 65534; gid_t gid = 65534; === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2020-07-04 11:58:52 +0000 +++ plugins.d/mandos-client.c 2021-02-03 08:33:43 +0000 @@ -9,8 +9,8 @@ * "browse_callback", and parts of "main". * * Everything else is - * Copyright © 2008-2020 Teddy Hogeborn - * Copyright © 2008-2020 Björn Påhlsson + * Copyright © 2008-2021 Teddy Hogeborn + * Copyright © 2008-2021 Björn Påhlsson * * This file is part of Mandos. * @@ -38,69 +38,103 @@ #define _FILE_OFFSET_BITS 64 #endif /* not _FILE_OFFSET_BITS */ -#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */ - -#include /* fprintf(), stderr, fwrite(), - stdout, ferror() */ -#include /* uint16_t, uint32_t, intptr_t */ -#include /* NULL, size_t, ssize_t */ -#include /* free(), EXIT_SUCCESS, srand(), - strtof(), abort() */ +#define _GNU_SOURCE /* program_invocation_short_name, + TEMP_FAILURE_RETRY(), O_CLOEXEC, + scandirat(), asprintf() */ #include /* bool, false, true */ -#include /* strcmp(), strlen(), strerror(), - asprintf(), strncpy(), strsignal() - */ -#include /* ioctl */ -#include /* socket(), inet_pton(), sockaddr, - sockaddr_in6, PF_INET6, - SOCK_STREAM, uid_t, gid_t, open(), - opendir(), DIR */ -#include /* open(), S_ISREG */ -#include /* socket(), struct sockaddr_in6, - inet_pton(), connect(), - getnameinfo() */ -#include /* open(), unlinkat(), AT_REMOVEDIR */ -#include /* opendir(), struct dirent, readdir() - */ -#include /* PRIu16, PRIdMAX, intmax_t, - strtoimax() */ -#include /* perror(), errno, EINTR, EINVAL, - EAI_SYSTEM, ENETUNREACH, +#include /* argp_program_version, + argp_program_bug_address, + struct argp_option, + struct argp_state, argp_error(), + argp_state_help, + ARGP_HELP_STD_HELP, + ARGP_HELP_EXIT_ERR, + ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE, + argp_err_exit_status, + ARGP_ERR_UNKNOWN, struct argp, + argp_parse(), ARGP_IN_ORDER, + ARGP_NO_HELP */ +#include /* NULL, size_t */ +#include /* uid_t, gid_t, sig_atomic_t, + seteuid(), setuid(), pid_t, + setgid(), getuid(), getgid() */ +#include /* uid_t, gid_t, TEMP_FAILURE_RETRY(), + seteuid(), setuid(), close(), + ssize_t, read(), fork(), setgid(), + _exit(), dup2(), STDIN_FILENO, + STDERR_FILENO, STDOUT_FILENO, + fexecve(), write(), getuid(), + getgid(), fchown(), symlink(), + sleep(), unlinkat(), pause() */ +#include /* in_port_t, struct sockaddr_in6, + sa_family_t, struct sockaddr_in, + htons(), IN6_IS_ADDR_LINKLOCAL, + INET_ADDRSTRLEN, INET6_ADDRSTRLEN, + ntohl(), IPPROTO_IP */ +#include /* struct timespec, clock_gettime(), + CLOCK_MONOTONIC, time_t, struct tm, + gmtime_r(), clock_settime(), + CLOCK_REALTIME, nanosleep() */ +#include /* errno, + program_invocation_short_name, + EINTR, EINVAL, ENETUNREACH, EHOSTUNREACH, ECONNREFUSED, EPROTO, - EIO, ENOENT, ENXIO, ENOMEM, EISDIR, - ENOTEMPTY, - program_invocation_short_name */ -#include /* nanosleep(), time(), sleep() */ -#include /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, - SIOCSIFFLAGS, if_indextoname(), - if_nametoindex(), IF_NAMESIZE */ -#include /* IN6_IS_ADDR_LINKLOCAL, - INET_ADDRSTRLEN, INET6_ADDRSTRLEN - */ -#include /* close(), SEEK_SET, off_t, write(), - getuid(), getgid(), seteuid(), - setgid(), pause(), _exit(), - unlinkat() */ -#include /* inet_pton(), htons() */ -#include /* not, or, and */ -#include /* struct argp_option, error_t, struct - argp_state, struct argp, - argp_parse(), ARGP_KEY_ARG, - ARGP_KEY_END, ARGP_ERR_UNKNOWN */ -#include /* sigemptyset(), sigaddset(), - sigaction(), SIGTERM, sig_atomic_t, - raise() */ -#include /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE, - EX_NOHOST, EX_IOERR, EX_PROTOCOL */ + EIO, ENOENT, ENXIO, error_t, + ENOMEM, EISDIR, ENOTEMPTY */ +#include /* fprintf(), stderr, perror(), FILE, + vfprintf(), off_t, SEEK_SET, + stdout, fwrite(), ferror(), + fflush(), asprintf() */ +#include /* va_list, va_start(), vfprintf() */ +#include /* realloc(), free(), malloc(), + getenv(), EXIT_FAILURE, setenv(), + EXIT_SUCCESS, strtof(), strtod(), + srand(), mkdtemp(), abort() */ +#include /* strdup(), strcmp(), strlen(), + strerror(), strncpy(), strspn(), + memcpy(), strrchr(), strchr(), + strsignal() */ +#include /* open(), O_RDONLY, O_DIRECTORY, + O_PATH, O_CLOEXEC, openat(), + O_NOFOLLOW, AT_REMOVEDIR */ +#include /* or, and, not */ +#include /* struct stat, fstat(), fstatat(), + S_ISREG(), S_IXUSR, S_IXGRP, + S_IXOTH, lstat() */ +#include /* IF_NAMESIZE, if_indextoname(), + if_nametoindex(), SIOCGIFFLAGS, + IFF_LOOPBACK, IFF_POINTOPOINT, + IFF_BROADCAST, IFF_NOARP, IFF_UP, + IFF_RUNNING, SIOCSIFFLAGS */ +#include /* EX_NOPERM, EX_OSERR, + EX_UNAVAILABLE, EX_USAGE */ +#include /* setgroups() */ #include /* waitpid(), WIFEXITED(), - WEXITSTATUS(), WTERMSIG() */ -#include /* setgroups() */ -#include /* argz_add_sep(), argz_next(), - argz_delete(), argz_append(), - argz_stringify(), argz_add(), - argz_count() */ + WEXITSTATUS(), WIFSIGNALED(), + WTERMSIG() */ +#include /* kill(), SIGTERM, struct sigaction, + SIG_DFL, sigemptyset(), + sigaddset(), SIGINT, SIGHUP, + SIG_IGN, raise() */ +#include /* struct sockaddr_storage, AF_INET6, + PF_INET6, AF_INET, PF_INET, + socket(), SOCK_STREAM, + SOCK_CLOEXEC, struct sockaddr, + connect(), SOCK_DGRAM */ +#include /* argz_next(), argz_add_sep(), + argz_delete(), argz_stringify(), + argz_add(), argz_count() */ +#include /* PRIuMAX, uintmax_t, uint32_t, + PRIdMAX, PRIu16, intmax_t, + strtoimax() */ +#include /* inet_pton() */ +#include /* uint32_t, intptr_t, uint16_t */ #include /* getnameinfo(), NI_NUMERICHOST, EAI_SYSTEM, gai_strerror() */ +#include /* ioctl() */ +#include /* struct dirent, scandirat(), + alphasort(), scandir() */ +#include /* INT_MAX */ #ifdef __linux__ #include /* klogctl() */ @@ -119,26 +153,22 @@ /* GnuTLS */ #include /* All GnuTLS types, constants and - functions: - gnutls_* - init_gnutls_session(), - GNUTLS_* */ + functions: gnutls_*, GNUTLS_* */ #if GNUTLS_VERSION_NUMBER < 0x030600 #include /* gnutls_certificate_set_openpgp_key_file(), GNUTLS_OPENPGP_FMT_BASE64 */ #elif GNUTLS_VERSION_NUMBER >= 0x030606 -#include /* gnutls_pkcs_encrypt_flags_t, - GNUTLS_PKCS_PLAIN, - GNUTLS_PKCS_NULL_PASSWORD */ +#include /* GNUTLS_PKCS_PLAIN, + GNUTLS_PKCS_NULL_PASSWORD */ #endif /* GPGME */ #include /* All GPGME types, constants and functions: - gpgme_* - GPGME_PROTOCOL_OpenPGP, - GPG_ERR_NO_* */ + gpgme_*, GPG_ERR_NO_*, + GPGME_IMPORT_* + GPGME_PROTOCOL_OpenPGP */ #define BUFFER_SIZE 256 @@ -2715,9 +2745,6 @@ } { - /* Work around Debian bug #633582: - */ - /* Re-raise privileges */ ret = raise_privileges(); if(ret != 0){ @@ -2726,6 +2753,9 @@ } else { struct stat st; + /* Work around Debian bug #633582: + */ + if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){ int seckey_fd = open(seckey, O_RDONLY); if(seckey_fd == -1){ @@ -2790,6 +2820,15 @@ } } + /* Work around Debian bug #981302 + */ + if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){ + ret = symlink("/proc/self/fd", "/dev/fd"); + if(ret == -1){ + perror_plus("Failed to create /dev/fd symlink"); + } + } + /* Lower privileges */ ret = lower_privileges(); if(ret != 0){ === modified file 'plugins.d/password-prompt.c' --- plugins.d/password-prompt.c 2019-07-27 10:11:45 +0000 +++ plugins.d/password-prompt.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Password-prompt - Read a password from the terminal and print it * - * Copyright © 2008-2019 Teddy Hogeborn - * Copyright © 2008-2019 Björn Påhlsson + * Copyright © 2008-2019, 2021 Teddy Hogeborn + * Copyright © 2008-2019, 2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,47 +23,52 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* getline(), asprintf() */ - -#include /* struct termios, tcsetattr(), - TCSAFLUSH, tcgetattr(), ECHO */ -#include /* access(), struct termios, - tcsetattr(), STDIN_FILENO, - TCSAFLUSH, tcgetattr(), ECHO, - readlink() */ -#include /* sig_atomic_t, raise(), struct - sigaction, sigemptyset(), - sigaction(), sigaddset(), SIGINT, - SIGQUIT, SIGHUP, SIGTERM, +#define _GNU_SOURCE /* vasprintf(), + program_invocation_short_name, + asprintf(), getline() */ +#include /* sig_atomic_t, pid_t */ +#include /* bool, false, true */ +#include /* argp_program_version, + argp_program_bug_address, + struct argp_option, + struct argp_state, argp_state_help, + ARGP_HELP_STD_HELP, + ARGP_HELP_EXIT_ERR, + ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE, + argp_err_exit_status, + ARGP_ERR_UNKNOWN, argp_parse(), + ARGP_IN_ORDER, ARGP_NO_HELP */ +#include /* va_list, va_start(), vfprintf() */ +#include /* vasprintf(), fprintf(), stderr, + vfprintf(), asprintf(), getline(), + stdin, feof(), clearerr(), + fputc() */ +#include /* program_invocation_short_name, + errno, ENOENT, error_t, ENOMEM, + EINVAL, EBADF, ENOTTY, EFAULT, + EFBIG, EIO, ENOSPC, EINTR */ +#include /* strerror(), strrchr(), strcmp() */ +#include /* error() */ +#include /* free(), realloc(), EXIT_SUCCESS, + EXIT_FAILURE, getenv() */ +#include /* access(), R_OK, ssize_t, close(), + read(), STDIN_FILENO, write(), + STDOUT_FILENO */ +#include /* struct dirent, scandir(), + alphasort() */ +#include /* uintmax_t, strtoumax() */ +#include /* or, and, not */ +#include /* open(), O_RDONLY */ +#include /* NULL, size_t */ +#include /* struct termios, tcgetattr(), + tcflag_t, ECHO, tcsetattr(), + TCSAFLUSH */ +#include /* struct sigaction, sigemptyset(), + sigaddset(), SIGINT, SIGHUP, + SIGTERM, SIG_IGN, SIG_DFL, raise() */ -#include /* NULL, size_t, ssize_t */ -#include /* ssize_t, struct dirent, pid_t, - ssize_t, open() */ -#include /* EXIT_SUCCESS, EXIT_FAILURE, - getenv(), free() */ -#include /* scandir(), alphasort() */ -#include /* fprintf(), stderr, getline(), - stdin, feof(), fputc(), vfprintf(), - vasprintf() */ -#include /* errno, EBADF, ENOTTY, EINVAL, - EFAULT, EFBIG, EIO, ENOSPC, EINTR - */ -#include /* error() */ -#include /* or, not */ -#include /* bool, false, true */ -#include /* strtoumax() */ -#include /* struct stat, lstat(), open() */ -#include /* strlen, rindex, memcmp, strerror() - */ -#include /* struct argp_option, struct - argp_state, struct argp, - argp_parse(), error_t, - ARGP_KEY_ARG, ARGP_KEY_END, - ARGP_ERR_UNKNOWN */ -#include /* EX_SOFTWARE, EX_OSERR, - EX_UNAVAILABLE, EX_IOERR, EX_OK */ -#include /* open() */ -#include /* va_list, va_start(), ... */ +#include /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE, + EX_IOERR, EX_OSFILE, EX_OK */ volatile sig_atomic_t quit_now = 0; int signal_received; === modified file 'plugins.d/plymouth.c' --- plugins.d/plymouth.c 2020-07-04 11:58:52 +0000 +++ plugins.d/plymouth.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Plymouth - Read a password from Plymouth and output it * - * Copyright © 2010-2020 Teddy Hogeborn - * Copyright © 2010-2020 Björn Påhlsson + * Copyright © 2010-2021 Teddy Hogeborn + * Copyright © 2010-2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,37 +23,55 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */ -#include /* sig_atomic_t, struct sigaction, - sigemptyset(), sigaddset(), SIGINT, - SIGHUP, SIGTERM, sigaction(), - kill(), SIG_IGN */ +#define _GNU_SOURCE /* program_invocation_short_name, + vasprintf(), asprintf(), + TEMP_FAILURE_RETRY() */ +#include /* sig_atomic_t, pid_t, setuid(), + geteuid(), setsid() */ +#include /* argp_program_version, + argp_program_bug_address, + struct argp_option, + struct argp_state, + ARGP_ERR_UNKNOWN, struct argp, + argp_parse(), ARGP_IN_ORDER */ +#include /* NULL, size_t */ #include /* bool, false, true */ +#include /* FILE, fprintf(), vfprintf(), + vasprintf(), stderr, asprintf(), + fopen(), fscanf(), fclose(), + sscanf() */ +#include /* va_list, va_start(), vfprintf() */ +#include /* program_invocation_short_name, + errno, ENOMEM, EINTR, ENOENT, + error_t, EINVAL */ +#include /* strerror(), strdup(), memcmp() */ +#include /* error() */ +#include /* free(), getenv(), malloc(), + reallocarray(), realloc(), + EXIT_FAILURE, EXIT_SUCCESS */ +#include /* TEMP_FAILURE_RETRY(), setuid(), + geteuid(), setsid(), chdir(), + dup2(), STDERR_FILENO, + STDOUT_FILENO, fork(), _exit(), + execv(), ssize_t, readlink(), + close(), read(), access(), X_OK */ +#include /* kill(), SIGTERM, struct sigaction, + sigemptyset(), SIGINT, SIGHUP, + sigaddset(), SIG_IGN */ +#include /* waitpid(), WIFEXITED(), + WEXITSTATUS(), WIFSIGNALED(), + WTERMSIG() */ +#include /* not, and, or */ +#include /* EX_OSERR, EX_USAGE, + EX_UNAVAILABLE */ +#include /* SIZE_MAX */ +#include /* struct dirent, scandir(), + alphasort() */ +#include /* uintmax_t, strtoumax(), SCNuMAX, + PRIuMAX */ +#include /* struct stat, lstat(), S_ISLNK() */ #include /* open(), O_RDONLY */ -#include /* and, or, not*/ -#include /* size_t, ssize_t, pid_t, struct - dirent, waitpid() */ -#include /* waitpid() */ -#include /* NULL */ -#include /* strchr(), memcmp() */ -#include /* asprintf(), perror(), fopen(), - fscanf(), vasprintf(), fprintf(), - vfprintf() */ -#include /* close(), readlink(), read(), - fork(), setsid(), chdir(), dup2(), - STDERR_FILENO, execv(), access() */ -#include /* free(), EXIT_FAILURE, realloc(), - EXIT_SUCCESS, malloc(), _exit(), - getenv(), reallocarray() */ -#include /* scandir(), alphasort() */ -#include /* intmax_t, strtoumax(), SCNuMAX */ -#include /* struct stat, lstat() */ -#include /* EX_OSERR, EX_UNAVAILABLE */ -#include /* error() */ -#include /* TEMP_FAILURE_RETRY */ #include /* argz_count(), argz_extract() */ -#include /* va_list, va_start(), ... */ -#include sig_atomic_t interrupted_by_signal = 0; const char *argp_program_version = "plymouth " VERSION; === modified file 'plugins.d/splashy.c' --- plugins.d/splashy.c 2018-02-08 10:23:55 +0000 +++ plugins.d/splashy.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Splashy - Read a password from splashy and output it * - * Copyright © 2008-2018 Teddy Hogeborn - * Copyright © 2008-2018 Björn Påhlsson + * Copyright © 2008-2018, 2021 Teddy Hogeborn + * Copyright © 2008-2018, 2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,40 +23,45 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */ -#include /* sig_atomic_t, struct sigaction, - sigemptyset(), sigaddset(), SIGINT, - SIGHUP, SIGTERM, sigaction, - SIG_IGN, kill(), SIGKILL */ -#include /* NULL */ -#include /* getenv() */ -#include /* asprintf(), vasprintf(), vprintf(), - fprintf() */ -#include /* EXIT_FAILURE, free(), - EXIT_SUCCESS */ -#include /* pid_t, DIR, struct dirent, - ssize_t */ -#include /* opendir(), readdir(), closedir() */ -#include /* intmax_t, strtoimax() */ -#include /* struct stat, lstat(), S_ISLNK */ -#include /* not, or, and */ -#include /* readlink(), fork(), execl(), - sleep(), dup2() STDERR_FILENO, - STDOUT_FILENO, _exit(), - pause() */ -#include /* memcmp(), strerror() */ -#include /* errno, EACCES, ENOTDIR, ELOOP, +#define _GNU_SOURCE /* vasprintf(), + program_invocation_short_name, + asprintf(), TEMP_FAILURE_RETRY() */ +#include /* sig_atomic_t, pid_t, setuid(), + geteuid(), setsid() */ +#include /* va_list, va_start(), vfprintf() */ +#include /* vasprintf(), fprintf(), stderr, + vfprintf(), asprintf() */ +#include /* program_invocation_short_name, + errno, EACCES, ENOTDIR, ELOOP, ENOENT, ENAMETOOLONG, EMFILE, ENFILE, ENOMEM, ENOEXEC, EINVAL, E2BIG, EFAULT, EIO, ETXTBSY, EISDIR, ELIBBAD, EPERM, EINTR, ECHILD */ +#include /* strerror(), memcmp() */ #include /* error() */ +#include /* free(), EXIT_FAILURE, getenv(), + EXIT_SUCCESS, abort() */ +#include /* NULL */ +#include /* DIR, opendir(), struct dirent, + readdir(), closedir() */ +#include /* EX_OSERR, EX_OSFILE, + EX_UNAVAILABLE */ +#include /* intmax_t, strtoimax() */ +#include /* or, not, and */ +#include /* ssize_t, readlink(), fork(), + execl(), _exit(), + TEMP_FAILURE_RETRY(), sleep(), + setuid(), geteuid(), setsid(), + chdir(), dup2(), STDERR_FILENO, + STDOUT_FILENO, pause() */ +#include /* struct stat, lstat(), S_ISLNK() */ +#include /* struct sigaction, sigemptyset(), + sigaddset(), SIGINT, SIGHUP, + SIGTERM, SIG_IGN, kill(), SIGKILL, + SIG_DFL, raise() */ #include /* waitpid(), WIFEXITED(), WEXITSTATUS() */ -#include /* EX_OSERR, EX_OSFILE, - EX_UNAVAILABLE */ -#include /* va_list, va_start(), ... */ sig_atomic_t interrupted_by_signal = 0; int signal_received; === modified file 'plugins.d/usplash.c' --- plugins.d/usplash.c 2018-02-08 10:23:55 +0000 +++ plugins.d/usplash.c 2021-02-03 08:33:43 +0000 @@ -2,8 +2,8 @@ /* * Usplash - Read a password from usplash and output it * - * Copyright © 2008-2018 Teddy Hogeborn - * Copyright © 2008-2018 Björn Påhlsson + * Copyright © 2008-2018, 2021 Teddy Hogeborn + * Copyright © 2008-2018, 2021 Björn Påhlsson * * This file is part of Mandos. * @@ -23,36 +23,42 @@ * Contact the authors at . */ -#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */ -#include /* sig_atomic_t, struct sigaction, - sigemptyset(), sigaddset(), SIGINT, - SIGHUP, SIGTERM, sigaction(), - SIG_IGN, kill(), SIGKILL */ +#define _GNU_SOURCE /* vasprintf(), + program_invocation_short_name, + asprintf(), TEMP_FAILURE_RETRY() */ +#include /* sig_atomic_t, pid_t, setuid(), + geteuid(), setsid() */ +#include /* va_list, va_start(), vfprintf() */ +#include /* vasprintf(), fprintf(), stderr, + vfprintf(), asprintf() */ +#include /* program_invocation_short_name, + errno, ENOENT, EINTR */ +#include /* strerror(), strlen(), memcmp() */ +#include /* error() */ +#include /* free(), getenv(), realloc(), + EXIT_FAILURE, EXIT_SUCCESS, + malloc(), abort() */ #include /* bool, false, true */ #include /* open(), O_WRONLY, O_RDONLY */ -#include /* and, or, not*/ -#include /* errno, EINTR */ -#include -#include /* size_t, ssize_t, pid_t, DIR, struct - dirent */ -#include /* NULL */ -#include /* strlen(), memcmp(), strerror() */ -#include /* asprintf(), vasprintf(), vprintf(), - fprintf() */ -#include /* close(), write(), readlink(), - read(), STDOUT_FILENO, sleep(), - fork(), setuid(), geteuid(), - setsid(), chdir(), dup2(), - STDERR_FILENO, execv() */ -#include /* free(), EXIT_FAILURE, realloc(), - EXIT_SUCCESS, malloc(), _exit(), - getenv() */ -#include /* opendir(), readdir(), closedir() */ +#include /* size_t, NULL */ +#include /* close(), ssize_t, write(), + readlink(), read(), STDOUT_FILENO, + sleep(), fork(), setuid(), + geteuid(), setsid(), chdir(), + _exit(), dup2(), STDERR_FILENO, + execv(), TEMP_FAILURE_RETRY(), + pause() */ +#include /* DIR, opendir(), struct dirent, + readdir(), closedir() */ #include /* intmax_t, strtoimax() */ -#include /* struct stat, lstat(), S_ISLNK */ +#include /* or, not, and */ +#include /* struct stat, lstat(), S_ISLNK() */ #include /* EX_OSERR, EX_UNAVAILABLE */ +#include /* struct sigaction, sigemptyset(), + sigaddset(), SIGINT, SIGHUP, + SIGTERM, SIG_IGN, kill(), SIGKILL, + SIG_DFL, raise() */ #include /* argz_count(), argz_extract() */ -#include /* va_list, va_start(), ... */ sig_atomic_t interrupted_by_signal = 0; int signal_received;