/mandos/release : revision 223

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/splashy.c

Committer: Teddy Hogeborn
Date: 2008-10-03 09:32:30 UTC
Revision ID: teddy@fukt.bsnet.se-20081003093230-rshn19e0c19zz12i

* .bzrignore (plugins.d/askpass-fifo): Added.

* Makefile (FORTIFY): Added "-fstack-protector-all".
  (mandos, mandos-keygen): Use more strict regexps when updating the
                           version number.

* mandos (Client.__init__): Use os.path.expandvars() and
                            os.path.expanduser() on the "secfile"
                            config value.

* plugins.d/splashy.c: Update comments and order of #include's.
  (main): Check user and group when looking for running splashy
          process.  Do not ignore ENOENT from execl().  Use _exit()
          instead of "return" when an error happens in child
          processes.  Bug fix: Only wait for splashy_update
          completion if it was started.  Bug fix: detect failing
          waitpid().  Only kill splashy_update if it is running.  Do
          the killing of the old splashy process before the fork().
          Do setsid() and setuid(geteuid()) before starting the new
          splashy.  Report failing execl().

* plugins.d/usplash.c: Update comments and order of #include's.
  (main): Check user and group when looking for running usplash
          process.  Do not report execv() error if interrupted by a
          signal.

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files removed:
NEWS

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

files modified:
INSTALL

Makefile

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.docs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

plugins.d/splashy.c

/* -*- coding: utf-8 -*- */

* Splashy - Read a password from splashy and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#define _GNU_SOURCE /* asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction,

#include <stddef.h> /* NULL */

#include <stdlib.h> /* getenv() */

#include <stdio.h> /* asprintf(), perror() */

#include <stdlib.h> /* EXIT_FAILURE, free(),

#include <stdlib.h> /* EXIT_FAILURE, free(), strtoul(),

EXIT_SUCCESS */

#include <sys/types.h> /* pid_t, DIR, struct dirent,

ssize_t */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <inttypes.h> /* intmax_t, strtoimax() */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

#include <iso646.h> /* not, or, and */

#include <unistd.h> /* readlink(), fork(), execl(),

sleep(), dup2() STDERR_FILENO,

STDOUT_FILENO, _exit(),

pause() */

STDOUT_FILENO, _exit() */

#include <string.h> /* memcmp() */

#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,

ENOENT, ENAMETOOLONG, EMFILE,

ENFILE, ENOMEM, ENOEXEC, EINVAL,

E2BIG, EFAULT, EIO, ETXTBSY,

EISDIR, ELIBBAD, EPERM, EINTR,

ECHILD */

#include <errno.h> /* errno */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS() */

#include <sysexits.h> /* EX_OSERR, EX_OSFILE,

EX_UNAVAILABLE */

sig_atomic_t interrupted_by_signal = 0;

int signal_received;

static void termination_handler(int signum){

if(interrupted_by_signal){

return;

}

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

signal_received = signum;

}

int main(__attribute__((unused))int argc,

__attribute__((unused))char **argv){

int ret = 0;

/* Create prompt string */

char *prompt = NULL;

DIR *proc_dir = NULL;

pid_t splashy_pid = 0;

pid_t splashy_command_pid = 0;

int exitstatus = EXIT_FAILURE;

/* Create prompt string */

{

const char *const cryptsource = getenv("cryptsource");

const char *const crypttarget = getenv("crypttarget");

}

if(ret == -1){

100

prompt = NULL;

101

exitstatus = EX_OSERR;

102

goto failure;

return EXIT_FAILURE;

103

}

104

}

105

106

/* Find splashy process */

pid_t splashy_pid = 0;

107

{

108

const char splashy_name[] = "/sbin/splashy";

109

proc_dir = opendir("/proc");

DIR *proc_dir = opendir("/proc");

110

if(proc_dir == NULL){

111

int e = errno;

free(prompt);

112

perror("opendir");

113

switch(e){

114

case EACCES:

115

case ENOTDIR:

116

case ELOOP:

117

case ENOENT:

118

default:

119

exitstatus = EX_OSFILE;

120

break;

121

case ENAMETOOLONG:

122

case EMFILE:

123

case ENFILE:

124

case ENOMEM:

125

exitstatus = EX_OSERR;

126

break;

127

}

128

goto failure;

return EXIT_FAILURE;

129

}

130

for(struct dirent *proc_ent = readdir(proc_dir);

131

proc_ent != NULL;

132

proc_ent = readdir(proc_dir)){

133

pid_t pid;

134

{

135

intmax_t tmpmax;

136

char *tmp;

137

errno = 0;

138

tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);

139

if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'

140

or tmpmax != (pid_t)tmpmax){

141

/* Not a process */

142

continue;

143

}

144

pid = (pid_t)tmpmax;

pid_t pid = (pid_t) strtoul(proc_ent->d_name, NULL, 10);

if(pid == 0){

/* Not a process */

continue;

145

}

146

/* Find the executable name by doing readlink() on the

147

/proc/<pid>/exe link */

152

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

153

if(ret == -1){

154

perror("asprintf");

155

exitstatus = EX_OSERR;

156

goto failure;

free(prompt);

closedir(proc_dir);

return EXIT_FAILURE;

157

}

158

159

/* Check that it refers to a symlink owned by root:root */

160

struct stat exe_stat;

161

ret = lstat(exe_link, &exe_stat);

162

if(ret == -1){

163

if(errno == ENOENT){

164

free(exe_link);

165

continue;

166

}

167

int e = errno;

168

perror("lstat");

169

free(exe_link);

170

switch(e){

171

case EACCES:

172

case ENOTDIR:

173

case ELOOP:

174

default:

175

exitstatus = EX_OSFILE;

176

break;

177

case ENAMETOOLONG:

178

exitstatus = EX_OSERR;

179

break;

180

}

181

goto failure;

100

free(prompt);

101

closedir(proc_dir);

102

return EXIT_FAILURE;

182

103

}

183

104

if(not S_ISLNK(exe_stat.st_mode)

184

105

or exe_stat.st_uid != 0

198

119

}

199

120

}

200

121

closedir(proc_dir);

201

proc_dir = NULL;

202

122

}

203

123

if(splashy_pid == 0){

204

exitstatus = EX_UNAVAILABLE;

205

goto failure;

124

free(prompt);

125

return EXIT_FAILURE;

206

126

}

207

127

208

128

/* Set up the signal handler */

211

131

new_action = { .sa_handler = termination_handler,

212

132

.sa_flags = 0 };

213

133

sigemptyset(&new_action.sa_mask);

214

ret = sigaddset(&new_action.sa_mask, SIGINT);

215

if(ret == -1){

216

perror("sigaddset");

217

exitstatus = EX_OSERR;

218

goto failure;

219

}

220

ret = sigaddset(&new_action.sa_mask, SIGHUP);

221

if(ret == -1){

222

perror("sigaddset");

223

exitstatus = EX_OSERR;

224

goto failure;

225

}

226

ret = sigaddset(&new_action.sa_mask, SIGTERM);

227

if(ret == -1){

228

perror("sigaddset");

229

exitstatus = EX_OSERR;

230

goto failure;

231

}

134

sigaddset(&new_action.sa_mask, SIGINT);

135

sigaddset(&new_action.sa_mask, SIGHUP);

136

sigaddset(&new_action.sa_mask, SIGTERM);

232

137

ret = sigaction(SIGINT, NULL, &old_action);

233

138

if(ret == -1){

234

139

perror("sigaction");

235

exitstatus = EX_OSERR;

236

goto failure;

140

free(prompt);

141

return EXIT_FAILURE;

237

142

}

238

143

if(old_action.sa_handler != SIG_IGN){

239

144

ret = sigaction(SIGINT, &new_action, NULL);

240

145

if(ret == -1){

241

146

perror("sigaction");

242

exitstatus = EX_OSERR;

243

goto failure;

147

free(prompt);

148

return EXIT_FAILURE;

244

149

}

245

150

}

246

151

ret = sigaction(SIGHUP, NULL, &old_action);

247

152

if(ret == -1){

248

153

perror("sigaction");

249

exitstatus = EX_OSERR;

250

goto failure;

154

free(prompt);

155

return EXIT_FAILURE;

251

156

}

252

157

if(old_action.sa_handler != SIG_IGN){

253

158

ret = sigaction(SIGHUP, &new_action, NULL);

254

159

if(ret == -1){

255

160

perror("sigaction");

256

exitstatus = EX_OSERR;

257

goto failure;

161

free(prompt);

162

return EXIT_FAILURE;

258

163

}

259

164

}

260

165

ret = sigaction(SIGTERM, NULL, &old_action);

261

166

if(ret == -1){

262

167

perror("sigaction");

263

exitstatus = EX_OSERR;

264

goto failure;

168

free(prompt);

169

return EXIT_FAILURE;

265

170

}

266

171

if(old_action.sa_handler != SIG_IGN){

267

172

ret = sigaction(SIGTERM, &new_action, NULL);

268

173

if(ret == -1){

269

174

perror("sigaction");

270

exitstatus = EX_OSERR;

271

goto failure;

175

free(prompt);

176

return EXIT_FAILURE;

272

177

}

273

178

}

274

179

}

275

180

276

if(interrupted_by_signal){

277

goto failure;

278

}

279

280

181

/* Fork off the splashy command to prompt for password */

281

splashy_command_pid = fork();

282

if(splashy_command_pid != 0 and interrupted_by_signal){

283

goto failure;

284

}

285

if(splashy_command_pid == -1){

286

perror("fork");

287

exitstatus = EX_OSERR;

288

goto failure;

289

}

290

/* Child */

291

if(splashy_command_pid == 0){

292

if(not interrupted_by_signal){

182

pid_t splashy_command_pid = 0;

183

if(not interrupted_by_signal){

184

splashy_command_pid = fork();

185

if(splashy_command_pid == -1){

186

if(not interrupted_by_signal){

187

perror("fork");

188

}

189

return EXIT_FAILURE;

190

}

191

/* Child */

192

if(splashy_command_pid == 0){

293

193

const char splashy_command[] = "/sbin/splashy_update";

294

execl(splashy_command, splashy_command, prompt, (char *)NULL);

295

int e = errno;

296

perror("execl");

297

switch(e){

298

case EACCES:

299

case ENOENT:

300

case ENOEXEC:

301

case EINVAL:

302

_exit(EX_UNAVAILABLE);

303

case ENAMETOOLONG:

304

case E2BIG:

305

case ENOMEM:

306

case EFAULT:

307

case EIO:

308

case EMFILE:

309

case ENFILE:

310

case ETXTBSY:

311

default:

312

_exit(EX_OSERR);

313

case ENOTDIR:

314

case ELOOP:

315

case EISDIR:

316

case ELIBBAD:

317

case EPERM:

318

_exit(EX_OSFILE);

194

ret = execl(splashy_command, splashy_command, prompt,

195

(char *)NULL);

196

if(not interrupted_by_signal){

197

perror("execl");

319

198

}

199

free(prompt);

200

_exit(EXIT_FAILURE);

320

201

}

321

free(prompt);

322

_exit(EXIT_FAILURE);

323

202

}

324

203

325

204

/* Parent */

326

205

free(prompt);

327

prompt = NULL;

328

329

if(interrupted_by_signal){

330

goto failure;

331

}

332

206

333

207

/* Wait for command to complete */

334

{

208

if(not interrupted_by_signal and splashy_command_pid != 0){

335

209

int status;

336

do {

337

ret = waitpid(splashy_command_pid, &status, 0);

338

} while(ret == -1 and errno == EINTR

339

and not interrupted_by_signal);

340

if(interrupted_by_signal){

341

goto failure;

342

}

210

ret = waitpid(splashy_command_pid, &status, 0);

343

211

if(ret == -1){

344

perror("waitpid");

212

if(errno != EINTR){

213

perror("waitpid");

214

}

345

215

if(errno == ECHILD){

346

216

splashy_command_pid = 0;

347

217

}

348

218

} else {

349

219

/* The child process has exited */

350

220

splashy_command_pid = 0;

351

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

221

if(not interrupted_by_signal and WIFEXITED(status)

222

and WEXITSTATUS(status)==0){

352

223

return EXIT_SUCCESS;

353

224

}

354

225

}

355

226

}

356

357

failure:

358

359

free(prompt);

360

361

if(proc_dir != NULL){

362

TEMP_FAILURE_RETRY(closedir(proc_dir));

363

}

364

365

if(splashy_command_pid != 0){

366

TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));

367

368

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));

369

sleep(2);

370

while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){

371

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));

372

sleep(1);

373

}

374

pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());

375

if(new_splashy_pid == 0){

376

/* Child; will become new splashy process */

377

378

/* Make the effective user ID (root) the only user ID instead of

379

the real user ID (_mandos) */

380

ret = setuid(geteuid());

381

if(ret == -1){

382

perror("setuid");

383

}

384

385

setsid();

386

ret = chdir("/");

387

if(ret == -1){

388

perror("chdir");

389

}

390

/* if(fork() != 0){ */

391

/* _exit(EXIT_SUCCESS); */

392

/* } */

393

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */

394

if(ret == -1){

395

perror("dup2");

396

_exit(EX_OSERR);

397

}

398

399

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

400

{

401

int e = errno;

402

perror("execl");

403

switch(e){

404

case EACCES:

405

case ENOENT:

406

case ENOEXEC:

407

default:

408

_exit(EX_UNAVAILABLE);

409

case ENAMETOOLONG:

410

case E2BIG:

411

case ENOMEM:

412

_exit(EX_OSERR);

413

case ENOTDIR:

414

case ELOOP:

415

_exit(EX_OSFILE);

416

}

417

}

418

}

419

}

420

421

if(interrupted_by_signal){

422

struct sigaction signal_action;

423

sigemptyset(&signal_action.sa_mask);

424

signal_action.sa_handler = SIG_DFL;

425

ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,

426

&signal_action, NULL));

427

if(ret == -1){

428

perror("sigaction");

429

}

430

do {

431

ret = raise(signal_received);

432

} while(ret != 0 and errno == EINTR);

433

if(ret != 0){

434

perror("raise");

435

abort();

436

}

437

TEMP_FAILURE_RETRY(pause());

438

}

439

440

return exitstatus;

227

kill(splashy_pid, SIGTERM);

228

if(interrupted_by_signal and splashy_command_pid != 0){

229

kill(splashy_command_pid, SIGTERM);

230

}

231

sleep(2);

232

while(kill(splashy_pid, 0) == 0){

233

kill(splashy_pid, SIGKILL);

234

sleep(1);

235

}

236

pid_t new_splashy_pid = fork();

237

if(new_splashy_pid == 0){

238

/* Child; will become new splashy process */

239

240

/* Make the effective user ID (root) the only user ID instead of

241

the real user ID (mandos) */

242

ret = setuid(geteuid());

243

if(ret == -1){

244

perror("setuid");

245

}

246

247

setsid();

248

ret = chdir("/");

249

/* if(fork() != 0){ */

250

/* _exit(EXIT_SUCCESS); */

251

/* } */

252

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

253

if(ret == -1){

254

perror("dup2");

255

_exit(EXIT_FAILURE);

256

}

257

258

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

259

if(not interrupted_by_signal){

260

perror("execl");

261

}

262

_exit(EXIT_FAILURE);

263

}

264

265

return EXIT_FAILURE;

441

266

}

Older »