1
#define _GNU_SOURCE /* asprintf() */
1
/* -*- coding: utf-8 -*- */
3
* Splashy - Read a password from splashy and output it
5
* Copyright © 2008-2010 Teddy Hogeborn
6
* Copyright © 2008-2010 Björn Påhlsson
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
13
* This program is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
* General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
22
* Contact the authors at <mandos@fukt.bsnet.se>.
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
2
26
#include <signal.h> /* sig_atomic_t, struct sigaction,
3
27
sigemptyset(), sigaddset(), SIGINT,
4
28
SIGHUP, SIGTERM, sigaction,
5
29
SIG_IGN, kill(), SIGKILL */
6
30
#include <stddef.h> /* NULL */
7
31
#include <stdlib.h> /* getenv() */
8
#include <stdio.h> /* asprintf(), perror() */
9
#include <stdlib.h> /* EXIT_FAILURE, free(), strtoul(),
32
#include <stdio.h> /* asprintf() */
33
#include <stdlib.h> /* EXIT_FAILURE, free(),
11
35
#include <sys/types.h> /* pid_t, DIR, struct dirent,
13
37
#include <dirent.h> /* opendir(), readdir(), closedir() */
38
#include <inttypes.h> /* intmax_t, strtoimax() */
14
39
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */
15
40
#include <iso646.h> /* not, or, and */
16
41
#include <unistd.h> /* readlink(), fork(), execl(),
17
42
sleep(), dup2() STDERR_FILENO,
18
STDOUT_FILENO, _exit() */
43
STDOUT_FILENO, _exit(),
19
45
#include <string.h> /* memcmp() */
20
#include <errno.h> /* errno */
46
#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,
47
ENOENT, ENAMETOOLONG, EMFILE,
48
ENFILE, ENOMEM, ENOEXEC, EINVAL,
49
E2BIG, EFAULT, EIO, ETXTBSY,
50
EISDIR, ELIBBAD, EPERM, EINTR,
52
#include <error.h> /* error() */
21
53
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
55
#include <sysexits.h> /* EX_OSERR, EX_OSFILE,
24
58
sig_atomic_t interrupted_by_signal = 0;
26
static void termination_handler(__attribute__((unused))int signum){
61
static void termination_handler(int signum){
62
if(interrupted_by_signal){
27
65
interrupted_by_signal = 1;
66
signal_received = signum;
30
69
int main(__attribute__((unused))int argc,
31
70
__attribute__((unused))char **argv){
74
pid_t splashy_pid = 0;
75
pid_t splashy_command_pid = 0;
76
int exitstatus = EXIT_FAILURE;
34
78
/* Create prompt string */
37
80
const char *const cryptsource = getenv("cryptsource");
38
81
const char *const crypttarget = getenv("crypttarget");
131
212
new_action = { .sa_handler = termination_handler,
133
214
sigemptyset(&new_action.sa_mask);
134
sigaddset(&new_action.sa_mask, SIGINT);
135
sigaddset(&new_action.sa_mask, SIGHUP);
136
sigaddset(&new_action.sa_mask, SIGTERM);
215
ret = sigaddset(&new_action.sa_mask, SIGINT);
217
error(0, errno, "sigaddset");
218
exitstatus = EX_OSERR;
221
ret = sigaddset(&new_action.sa_mask, SIGHUP);
223
error(0, errno, "sigaddset");
224
exitstatus = EX_OSERR;
227
ret = sigaddset(&new_action.sa_mask, SIGTERM);
229
error(0, errno, "sigaddset");
230
exitstatus = EX_OSERR;
137
233
ret = sigaction(SIGINT, NULL, &old_action);
235
error(0, errno, "sigaction");
236
exitstatus = EX_OSERR;
143
239
if(old_action.sa_handler != SIG_IGN){
144
240
ret = sigaction(SIGINT, &new_action, NULL);
242
error(0, errno, "sigaction");
243
exitstatus = EX_OSERR;
151
247
ret = sigaction(SIGHUP, NULL, &old_action);
249
error(0, errno, "sigaction");
250
exitstatus = EX_OSERR;
157
253
if(old_action.sa_handler != SIG_IGN){
158
254
ret = sigaction(SIGHUP, &new_action, NULL);
256
error(0, errno, "sigaction");
257
exitstatus = EX_OSERR;
165
261
ret = sigaction(SIGTERM, NULL, &old_action);
263
error(0, errno, "sigaction");
264
exitstatus = EX_OSERR;
171
267
if(old_action.sa_handler != SIG_IGN){
172
268
ret = sigaction(SIGTERM, &new_action, NULL);
270
error(0, errno, "sigaction");
271
exitstatus = EX_OSERR;
277
if(interrupted_by_signal){
181
281
/* Fork off the splashy command to prompt for password */
182
pid_t splashy_command_pid = 0;
183
if(not interrupted_by_signal){
184
splashy_command_pid = fork();
185
if(splashy_command_pid == -1){
186
if(not interrupted_by_signal){
192
if(splashy_command_pid == 0){
282
splashy_command_pid = fork();
283
if(splashy_command_pid != 0 and interrupted_by_signal){
286
if(splashy_command_pid == -1){
287
error(0, errno, "fork");
288
exitstatus = EX_OSERR;
292
if(splashy_command_pid == 0){
293
if(not interrupted_by_signal){
193
294
const char splashy_command[] = "/sbin/splashy_update";
194
ret = execl(splashy_command, splashy_command, prompt,
196
if(not interrupted_by_signal){
295
execl(splashy_command, splashy_command, prompt, (char *)NULL);
297
error(0, errno, "execl");
303
_exit(EX_UNAVAILABLE);
318
case ELIBBAD: /* Linux only */
332
if(interrupted_by_signal){
207
336
/* Wait for command to complete */
208
if(not interrupted_by_signal and splashy_command_pid != 0){
210
ret = waitpid(splashy_command_pid, &status, 0);
340
ret = waitpid(splashy_command_pid, &status, 0);
341
} while(ret == -1 and errno == EINTR
342
and not interrupted_by_signal);
343
if(interrupted_by_signal){
347
error(0, errno, "waitpid");
215
348
if(errno == ECHILD){
216
349
splashy_command_pid = 0;
219
352
/* The child process has exited */
220
353
splashy_command_pid = 0;
221
if(not interrupted_by_signal and WIFEXITED(status)
222
and WEXITSTATUS(status)==0){
354
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
223
355
return EXIT_SUCCESS;
227
kill(splashy_pid, SIGTERM);
228
if(interrupted_by_signal and splashy_command_pid != 0){
229
kill(splashy_command_pid, SIGTERM);
232
while(kill(splashy_pid, 0) == 0){
233
kill(splashy_pid, SIGKILL);
236
pid_t new_splashy_pid = fork();
237
if(new_splashy_pid == 0){
238
/* Child; will become new splashy process */
240
/* Make the effective user ID (root) the only user ID instead of
241
the real user ID (mandos) */
242
ret = setuid(geteuid());
249
/* if(fork() != 0){ */
250
/* _exit(EXIT_SUCCESS); */
252
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */
258
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
259
if(not interrupted_by_signal){
364
if(proc_dir != NULL){
365
TEMP_FAILURE_RETRY(closedir(proc_dir));
368
if(splashy_command_pid != 0){
369
TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));
371
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));
373
while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){
374
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));
377
pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());
378
if(new_splashy_pid == 0){
379
/* Child; will become new splashy process */
381
/* Make the effective user ID (root) the only user ID instead of
382
the real user ID (_mandos) */
383
ret = setuid(geteuid());
385
error(0, errno, "setuid");
391
error(0, errno, "chdir");
393
/* if(fork() != 0){ */
394
/* _exit(EXIT_SUCCESS); */
396
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */
398
error(0, errno, "dup2");
402
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
405
error(0, errno, "execl");
411
_exit(EX_UNAVAILABLE);
424
if(interrupted_by_signal){
425
struct sigaction signal_action;
426
sigemptyset(&signal_action.sa_mask);
427
signal_action.sa_handler = SIG_DFL;
428
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
429
&signal_action, NULL));
431
error(0, errno, "sigaction");
434
ret = raise(signal_received);
435
} while(ret != 0 and errno == EINTR);
437
error(0, errno, "raise");
440
TEMP_FAILURE_RETRY(pause());