/mandos/release : revision 237.2.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/usplash.c

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
mto: (24.1.114 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 238.
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
NEWS

common.ent

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

plugins.d/usplash.c

/* -*- coding: utf-8 -*- */

* Passprompt - Read a password from usplash and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(),

sigaction, SIGINT, SIG_IGN, SIGHUP,

SIGTERM, kill(), SIGKILL */

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction(),

SIG_IGN, kill(), SIGKILL */

#include <stdbool.h> /* bool, false, true */

#include <fcntl.h> /* open(), O_WRONLY, O_RDONLY */

#include <iso646.h> /* and, or, not*/

#include <errno.h> /* errno, EINTR */

#include <sys/types.h> /* size_t, ssize_t, pid_t, DIR, struct

dirent */

#include <stddef.h> /* NULL */

#include <string.h> /* strlen(), memcmp() */

#include <stdio.h> /* asprintf(), perror() */

#include <unistd.h> /* close(), write(), readlink(),

read(), STDOUT_FILENO, sleep(),

fork(), setuid(), geteuid(),

setsid(), chdir(), dup2(),

STDERR_FILENO, execv() */

#include <stdlib.h> /* free(), EXIT_FAILURE, strtoul(),

realloc(), EXIT_SUCCESS, malloc(),

_exit() */

#include <stdlib.h> /* getenv() */

#include <stdio.h> /* asprintf(), perror() */

#include <stdlib.h> /* EXIT_FAILURE, EXIT_SUCCESS,

strtoul(), free() */

#include <sys/types.h> /* pid_t, DIR, struct dirent,

ssize_t */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <unistd.h> /* readlink(), fork(), execl(),

_exit */

#include <string.h> /* memcmp() */

#include <iso646.h> /* and */

#include <stdbool.h> /* bool, false, true */

#include <errno.h> /* errno */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS() */

#include <fcntl.h> /* open(), O_RDONLY */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

sig_atomic_t interrupted_by_signal = 0;

interrupted_by_signal = 1;

}

static bool usplash_write(const char *cmd, const char *arg){

* usplash_write("TIMEOUT", "15") will write "TIMEOUT 15\0"

* usplash_write("PULSATE", NULL) will write "PULSATE\0"

* SEE ALSO

* usplash_write(8)

int ret;

int fifo_fd;

do{

fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);

if(fifo_fd == -1 and (errno != EINTR or interrupted_by_signal)){

return false;

}

}while(fifo_fd == -1);

const char *cmd_line;

size_t cmd_line_len;

char *cmd_line_alloc = NULL;

if(arg == NULL){

cmd_line = cmd;

cmd_line_len = strlen(cmd);

}else{

do{

ret = asprintf(&cmd_line_alloc, "%s %s", cmd, arg);

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

int e = errno;

close(fifo_fd);

errno = e;

return false;

}

}while(ret == -1);

cmd_line = cmd_line_alloc;

cmd_line_len = (size_t)ret + 1;

}

size_t written = 0;

while(not interrupted_by_signal and written < cmd_line_len){

ret = write(fifo_fd, cmd_line + written,

cmd_line_len - written);

if(ret == -1){

if(errno != EINTR or interrupted_by_signal){

100

int e = errno;

101

close(fifo_fd);

102

free(cmd_line_alloc);

103

errno = e;

104

return false;

105

} else {

106

continue;

107

}

108

}

109

written += (size_t)ret;

110

}

111

free(cmd_line_alloc);

112

do{

113

ret = close(fifo_fd);

114

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

115

return false;

116

}

117

}while(ret == -1);

118

if(interrupted_by_signal){

119

return false;

120

}

121

return true;

122

}

123

124

int main(__attribute__((unused))int argc,

125

__attribute__((unused))char **argv){

126

int ret = 0;

132

{

133

const char *const cryptsource = getenv("cryptsource");

134

const char *const crypttarget = getenv("crypttarget");

const char *const prompt_start = "Enter passphrase to unlock the disk";

135

const char prompt_start[] = "Enter passphrase to unlock the disk";

136

137

if(cryptsource == NULL){

138

if(crypttarget == NULL){

158

pid_t usplash_pid = 0;

159

char *cmdline = NULL;

160

size_t cmdline_len = 0;

161

const char usplash_name[] = "/sbin/usplash";

162

{

const char usplash_name[] = "/sbin/usplash";

163

DIR *proc_dir = opendir("/proc");

164

if(proc_dir == NULL){

165

free(prompt);

178

/proc/<pid>/exe link */

179

char exe_target[sizeof(usplash_name)];

180

{

181

/* create file name string */

182

char *exe_link;

183

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

184

if(ret == -1){

187

closedir(proc_dir);

188

return EXIT_FAILURE;

189

}

190

191

/* Check that it refers to a symlink owned by root:root */

192

struct stat exe_stat;

193

ret = lstat(exe_link, &exe_stat);

194

if(ret == -1){

195

perror("lstat");

196

free(exe_link);

197

free(prompt);

198

closedir(proc_dir);

199

return EXIT_FAILURE;

200

}

201

if(not S_ISLNK(exe_stat.st_mode)

202

or exe_stat.st_uid != 0

203

or exe_stat.st_gid != 0){

204

free(exe_link);

205

continue;

206

}

207

208

sret = readlink(exe_link, exe_target, sizeof(exe_target));

209

free(exe_link);

210

if(sret == -1){

211

continue;

212

}

213

}

214

if((sret == ((ssize_t)sizeof(exe_target)-1))

215

and (memcmp(usplash_name, exe_target,

177

293

free(prompt);

178

294

return EXIT_FAILURE;

179

295

}

180

if (old_action.sa_handler != SIG_IGN){

296

if(old_action.sa_handler != SIG_IGN){

181

297

ret = sigaction(SIGINT, &new_action, NULL);

182

298

if(ret == -1){

183

299

perror("sigaction");

191

307

free(prompt);

192

308

return EXIT_FAILURE;

193

309

}

194

if (old_action.sa_handler != SIG_IGN){

310

if(old_action.sa_handler != SIG_IGN){

195

311

ret = sigaction(SIGHUP, &new_action, NULL);

196

312

if(ret == -1){

197

313

perror("sigaction");

205

321

free(prompt);

206

322

return EXIT_FAILURE;

207

323

}

208

if (old_action.sa_handler != SIG_IGN){

324

if(old_action.sa_handler != SIG_IGN){

209

325

ret = sigaction(SIGTERM, &new_action, NULL);

210

326

if(ret == -1){

211

327

perror("sigaction");

217

333

218

334

/* Write command to FIFO */

219

335

if(not interrupted_by_signal){

220

int fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);

221

if(fifo_fd == -1){

222

perror("open");

223

free(prompt);

224

return EXIT_FAILURE;

225

}

226

char *command;

227

ret = asprintf(&command, "INPUTQUIET %s", prompt);

228

if(ret == -1){

229

perror("asprintf");

230

free(prompt);

231

return EXIT_FAILURE;

232

}

233

free(prompt);

234

235

size_t command_len = (size_t)ret + 1;

236

size_t written = 0;

237

while(not interrupted_by_signal and written < command_len){

238

ret = write(fifo_fd, command + written, command_len - written);

239

if(ret == -1){

240

if(interrupted_by_signal){

241

break;

242

}

243

perror("write");

244

if(written == 0){

245

free(command);

246

return EXIT_FAILURE;

247

}

248

an_error_occured = true;

249

break;

250

}

251

written += (size_t)ret;

252

}

253

ret = close(fifo_fd);

254

if(ret == -1 and not interrupted_by_signal){

255

an_error_occured = true;

256

}

257

free(command);

258

}else{

259

free(prompt);

260

}

336

if(not usplash_write("TIMEOUT", "0")

337

and (errno != EINTR)){

338

perror("usplash_write");

339

an_error_occured = true;

340

}

341

}

342

if(not interrupted_by_signal and not an_error_occured){

343

if(not usplash_write("INPUTQUIET", prompt)

344

and (errno != EINTR)){

345

perror("usplash_write");

346

an_error_occured = true;

347

}

348

}

349

free(prompt);

261

350

262

{

351

/* This is not really a loop; while() is used to be able to "break"

352

out of it; those breaks are marked "Big" */

353

while(not interrupted_by_signal and not an_error_occured){

263

354

char *buf = NULL;

264

355

size_t buf_len = 0;

265

356

357

/* Open FIFO */

358

int fifo_fd;

359

do{

360

fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);

361

if(fifo_fd == -1){

362

if(errno != EINTR){

363

perror("open");

364

an_error_occured = true;

365

break;

366

}

367

if(interrupted_by_signal){

368

break;

369

}

370

}

371

}while(fifo_fd == -1);

372

if(interrupted_by_signal or an_error_occured){

373

break; /* Big */

374

}

375

266

376

/* Read from FIFO */

267

if(not interrupted_by_signal and not an_error_occured){

268

int fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);

269

if(fifo_fd == -1 and not interrupted_by_signal){

270

perror("open");

271

return EXIT_FAILURE;

377

size_t buf_allocated = 0;

378

const size_t blocksize = 1024;

379

do{

380

if(buf_len + blocksize > buf_allocated){

381

char *tmp = realloc(buf, buf_allocated + blocksize);

382

if(tmp == NULL){

383

perror("realloc");

384

an_error_occured = true;

385

break;

386

}

387

buf = tmp;

388

buf_allocated += blocksize;

272

389

}

273

size_t buf_allocated = 0;

274

const int blocksize = 1024;

275

390

do{

276

if(buf_len + blocksize > buf_allocated){

277

char *tmp = realloc(buf, buf_allocated + blocksize);

278

if(tmp == NULL){

279

perror("realloc");

280

an_error_occured = true;

281

break;

282

}

283

buf = tmp;

284

buf_allocated += blocksize;

285

}

286

391

sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);

287

392

if(sret == -1){

288

perror("read");

289

an_error_occured = true;

290

break;

393

if(errno != EINTR){

394

perror("read");

395

an_error_occured = true;

396

break;

397

}

398

if(interrupted_by_signal){

399

break;

400

}

291

401

}

292

buf_len += (size_t)sret;

293

}while(not interrupted_by_signal and sret != 0);

294

close(fifo_fd);

295

}

296

402

}while(sret == -1);

403

if(interrupted_by_signal or an_error_occured){

404

break;

405

}

406

407

buf_len += (size_t)sret;

408

}while(sret != 0);

409

close(fifo_fd);

410

if(interrupted_by_signal or an_error_occured){

411

break; /* Big */

412

}

413

414

if(not usplash_write("TIMEOUT", "15")

415

and (errno != EINTR)){

416

perror("usplash_write");

417

an_error_occured = true;

418

}

419

if(interrupted_by_signal or an_error_occured){

420

break; /* Big */

421

}

422

297

423

/* Print password to stdout */

298

if(not interrupted_by_signal and not an_error_occured){

299

size_t written = 0;

424

size_t written = 0;

425

while(written < buf_len){

300

426

do{

301

427

sret = write(STDOUT_FILENO, buf + written, buf_len - written);

302

if(sret == -1 and not interrupted_by_signal){

303

perror("write");

304

an_error_occured = true;

305

break;

428

if(sret == -1){

429

if(errno != EINTR){

430

perror("write");

431

an_error_occured = true;

432

break;

433

}

434

if(interrupted_by_signal){

435

break;

436

}

306

437

}

307

written += (size_t)sret;

308

}while(written < buf_len);

309

if(not interrupted_by_signal and not an_error_occured){

310

return EXIT_SUCCESS;

438

}while(sret == -1);

439

if(interrupted_by_signal or an_error_occured){

440

break;

311

441

}

312

}

313

}

314

315

kill(usplash_pid, SIGTERM);

316

442

written += (size_t)sret;

443

}

444

free(buf);

445

if(not interrupted_by_signal and not an_error_occured){

446

free(cmdline);

447

return EXIT_SUCCESS;

448

}

449

break; /* Big */

450

} /* end of non-loop while() */

451

452

/* If we got here, an error or interrupt must have happened */

453

454

/* Create argc and argv for new usplash*/

317

455

int cmdline_argc = 0;

318

456

char **cmdline_argv = malloc(sizeof(char *));

319

/* Create argv and argc for new usplash*/

320

457

{

321

ptrdiff_t position = 0;

322

while((size_t)position < cmdline_len){

458

size_t position = 0;

459

while(position < cmdline_len){

323

460

char **tmp = realloc(cmdline_argv,

324

(sizeof(char *) * (size_t)(cmdline_argc + 2)));

461

(sizeof(char *)

462

* (size_t)(cmdline_argc + 2)));

325

463

if(tmp == NULL){

326

464

perror("realloc");

327

465

free(cmdline_argv);

330

468

cmdline_argv = tmp;

331

469

cmdline_argv[cmdline_argc] = cmdline + position;

332

470

cmdline_argc++;

333

position = (char *)rawmemchr(cmdline + position, '\0')

334

- cmdline + 1;

471

position += strlen(cmdline + position) + 1;

335

472

}

336

473

cmdline_argv[cmdline_argc] = NULL;

337

474

}

475

/* Kill old usplash */

476

kill(usplash_pid, SIGTERM);

477

sleep(2);

478

while(kill(usplash_pid, 0) == 0){

479

kill(usplash_pid, SIGKILL);

480

sleep(1);

481

}

338

482

pid_t new_usplash_pid = fork();

339

483

if(new_usplash_pid == 0){

340

484

/* Child; will become new usplash process */

341

while(kill(usplash_pid, 0)){

342

sleep(2);

343

kill(usplash_pid, SIGKILL);

344

sleep(1);

485

486

/* Make the effective user ID (root) the only user ID instead of

487

the real user ID (mandos) */

488

ret = setuid(geteuid());

489

if(ret == -1){

490

perror("setuid");

345

491

}

492

493

setsid();

494

ret = chdir("/");

495

/* if(fork() != 0){ */

496

/* _exit(EXIT_SUCCESS); */

497

/* } */

346

498

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

347

499

if(ret == -1){

348

500

perror("dup2");

349

501

_exit(EXIT_FAILURE);

350

502

}

351

execv("/sbin/usplash", cmdline_argv);

503

504

execv(usplash_name, cmdline_argv);

505

if(not interrupted_by_signal){

506

perror("execv");

507

}

508

free(cmdline);

509

free(cmdline_argv);

510

_exit(EXIT_FAILURE);

511

}

512

free(cmdline);

513

free(cmdline_argv);

514

sleep(2);

515

if(not usplash_write("PULSATE", NULL)

516

and (errno != EINTR)){

517

perror("usplash_write");

352

518

}

353

519

354

520

return EXIT_FAILURE;

Older »