31
30
#include <stddef.h> /* NULL */
32
31
#include <stdlib.h> /* getenv() */
33
32
#include <stdio.h> /* asprintf(), perror() */
34
#include <stdlib.h> /* EXIT_FAILURE, free(), strtoul(),
33
#include <stdlib.h> /* EXIT_FAILURE, free(),
36
35
#include <sys/types.h> /* pid_t, DIR, struct dirent,
38
37
#include <dirent.h> /* opendir(), readdir(), closedir() */
38
#include <inttypes.h> /* intmax_t, strtoimax() */
39
39
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */
40
40
#include <iso646.h> /* not, or, and */
41
41
#include <unistd.h> /* readlink(), fork(), execl(),
42
42
sleep(), dup2() STDERR_FILENO,
43
STDOUT_FILENO, _exit() */
43
STDOUT_FILENO, _exit(),
44
45
#include <string.h> /* memcmp() */
45
46
#include <errno.h> /* errno */
46
47
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
49
50
sig_atomic_t interrupted_by_signal = 0;
51
static void termination_handler(__attribute__((unused))int signum){
53
static void termination_handler(int signum){
54
if(interrupted_by_signal){
52
57
interrupted_by_signal = 1;
58
signal_received = signum;
55
61
int main(__attribute__((unused))int argc,
56
62
__attribute__((unused))char **argv){
66
pid_t splashy_pid = 0;
67
pid_t splashy_command_pid = 0;
59
69
/* Create prompt string */
62
71
const char *const cryptsource = getenv("cryptsource");
63
72
const char *const crypttarget = getenv("crypttarget");
158
174
sigemptyset(&new_action.sa_mask);
159
175
sigaddset(&new_action.sa_mask, SIGINT);
160
180
sigaddset(&new_action.sa_mask, SIGHUP);
161
185
sigaddset(&new_action.sa_mask, SIGTERM);
162
190
ret = sigaction(SIGINT, NULL, &old_action);
164
192
perror("sigaction");
168
195
if(old_action.sa_handler != SIG_IGN){
169
196
ret = sigaction(SIGINT, &new_action, NULL);
171
198
perror("sigaction");
176
202
ret = sigaction(SIGHUP, NULL, &old_action);
178
204
perror("sigaction");
182
207
if(old_action.sa_handler != SIG_IGN){
183
208
ret = sigaction(SIGHUP, &new_action, NULL);
185
210
perror("sigaction");
190
214
ret = sigaction(SIGTERM, NULL, &old_action);
192
216
perror("sigaction");
196
219
if(old_action.sa_handler != SIG_IGN){
197
220
ret = sigaction(SIGTERM, &new_action, NULL);
199
222
perror("sigaction");
228
if(interrupted_by_signal){
206
232
/* Fork off the splashy command to prompt for password */
207
pid_t splashy_command_pid = 0;
208
if(not interrupted_by_signal){
209
splashy_command_pid = fork();
210
if(splashy_command_pid == -1){
211
if(not interrupted_by_signal){
217
if(splashy_command_pid == 0){
233
splashy_command_pid = fork();
234
if(splashy_command_pid != 0 and interrupted_by_signal){
237
if(splashy_command_pid == -1){
242
if(splashy_command_pid == 0){
243
if(not interrupted_by_signal){
218
244
const char splashy_command[] = "/sbin/splashy_update";
219
ret = execl(splashy_command, splashy_command, prompt,
221
if(not interrupted_by_signal){
245
execl(splashy_command, splashy_command, prompt, (char *)NULL);
256
if(interrupted_by_signal){
232
260
/* Wait for command to complete */
233
if(not interrupted_by_signal and splashy_command_pid != 0){
235
ret = waitpid(splashy_command_pid, &status, 0);
264
ret = waitpid(splashy_command_pid, &status, 0);
265
} while(ret == -1 and errno == EINTR
266
and not interrupted_by_signal);
267
if(interrupted_by_signal){
240
272
if(errno == ECHILD){
241
273
splashy_command_pid = 0;
244
276
/* The child process has exited */
245
277
splashy_command_pid = 0;
246
if(not interrupted_by_signal and WIFEXITED(status)
247
and WEXITSTATUS(status)==0){
278
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
248
279
return EXIT_SUCCESS;
252
kill(splashy_pid, SIGTERM);
253
if(interrupted_by_signal and splashy_command_pid != 0){
254
kill(splashy_command_pid, SIGTERM);
257
while(kill(splashy_pid, 0) == 0){
258
kill(splashy_pid, SIGKILL);
261
pid_t new_splashy_pid = fork();
262
if(new_splashy_pid == 0){
263
/* Child; will become new splashy process */
288
if(proc_dir != NULL){
289
TEMP_FAILURE_RETRY(closedir(proc_dir));
292
if(splashy_command_pid != 0){
293
TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));
265
/* Make the effective user ID (root) the only user ID instead of
266
the real user ID (mandos) */
267
ret = setuid(geteuid());
295
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));
297
while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){
298
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));
301
pid_t new_splashy_pid = TEMP_FAILURE_RETRY(fork());
302
if(new_splashy_pid == 0){
303
/* Child; will become new splashy process */
305
/* Make the effective user ID (root) the only user ID instead of
306
the real user ID (_mandos) */
307
ret = setuid(geteuid());
317
/* if(fork() != 0){ */
318
/* _exit(EXIT_SUCCESS); */
320
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */
274
/* if(fork() != 0){ */
275
/* _exit(EXIT_SUCCESS); */
277
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */
326
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
280
328
_exit(EXIT_FAILURE);
283
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
284
if(not interrupted_by_signal){
332
if(interrupted_by_signal){
333
struct sigaction signal_action;
334
sigemptyset(&signal_action.sa_mask);
335
signal_action.sa_handler = SIG_DFL;
336
ret = TEMP_FAILURE_RETRY(sigaction(signal_received,
337
&signal_action, NULL));
342
ret = raise(signal_received);
343
} while(ret != 0 and errno == EINTR);
348
TEMP_FAILURE_RETRY(pause());
290
351
return EXIT_FAILURE;