/mandos/release : revision 237.7.512

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:34:15 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 370.
Revision ID: teddy@recompile.se-20190209233415-m1ntebuepwna1xg1

Doc fix: Change some "/etc/mandos" to "/etc/keys/mandos"

* clients.conf: Change "/etc/mandos" to "/etc/keys/mandos" where
appropriate
* mandos-keygen.xml: - '' -

files added:
bugs.xml

debian/mandos-client.examples

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

/* -*- coding: utf-8 -*- */

* Usplash - Read a password from usplash and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* Plymouth - Read a password from Plymouth and output it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <stddef.h> /* NULL */

#include <string.h> /* strchr(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), fopen(),

fscanf() */

fscanf(), vasprintf(), fprintf(),

vfprintf() */

#include <unistd.h> /* close(), readlink(), read(),

fork(), setsid(), chdir(), dup2(),

STDERR_FILENO, execv(), access() */

#include <error.h> /* error() */

#include <errno.h> /* TEMP_FAILURE_RETRY */

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

const char plymouth_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

const char *plymouthd_default_argv[] = {"/sbin/plymouthd",

"--mode=boot",

"--attach-to-session",

"--pid-file="

"/dev/.initramfs/"

"plymouth.pid",

NULL };

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

100

error(status, errnum, "%s", text);

101

free(text);

102

}

103

104

/* Create prompt string */

105

char *makeprompt(void){

106

int ret = 0;

107

char *prompt;

108

const char *const cryptsource = getenv("cryptsource");

109

const char *const crypttarget = getenv("crypttarget");

const char prompt_start[] = "Enter passphrase to unlock the disk";

110

const char prompt_start[] = "Unlocking the disk";

111

const char prompt_end[] = "Enter passphrase";

112

113

if(cryptsource == NULL){

114

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s: ", prompt_start);

115

ret = asprintf(&prompt, "%s\n%s", prompt_start, prompt_end);

116

} else {

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

crypttarget);

117

ret = asprintf(&prompt, "%s (%s)\n%s", prompt_start,

118

crypttarget, prompt_end);

119

}

120

} else {

121

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

122

ret = asprintf(&prompt, "%s %s\n%s", prompt_start, cryptsource,

123

prompt_end);

124

} else {

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

cryptsource, crypttarget);

125

ret = asprintf(&prompt, "%s %s (%s)\n%s", prompt_start,

126

cryptsource, crypttarget, prompt_end);

127

}

128

}

129

if(ret == -1){

107

140

bool become_a_daemon(void){

108

141

int ret = setuid(geteuid());

109

142

if(ret == -1){

110

error(0, errno, "setuid");

143

error_plus(0, errno, "setuid");

111

144

}

112

145

113

146

setsid();

114

147

ret = chdir("/");

115

148

if(ret == -1){

116

error(0, errno, "chdir");

149

error_plus(0, errno, "chdir");

117

150

return false;

118

151

}

119

152

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

120

153

if(ret == -1){

121

error(0, errno, "dup2");

154

error_plus(0, errno, "dup2");

122

155

return false;

123

156

}

124

157

return true;

125

158

}

126

159

160

__attribute__((nonnull (2, 3)))

127

161

bool exec_and_wait(pid_t *pid_return, const char *path,

128

const char **argv, bool interruptable,

162

const char * const *argv, bool interruptable,

129

163

bool daemonize){

130

164

int status;

131

165

int ret;

132

166

pid_t pid;

133

167

pid = fork();

134

168

if(pid == -1){

135

error(0, errno, "fork");

169

error_plus(0, errno, "fork");

136

170

return false;

137

171

}

138

172

if(pid == 0){

142

176

_exit(EX_OSERR);

143

177

}

144

178

}

145

146

char **new_argv = NULL;

147

char *tmp;

179

180

char **new_argv = malloc(sizeof(const char *));

181

if(new_argv == NULL){

182

error_plus(0, errno, "malloc");

183

_exit(EX_OSERR);

184

}

185

char **tmp;

148

186

int i = 0;

149

for (; argv[i]!=(char *)NULL; i++){

150

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

151

if (tmp == NULL){

152

error(0, errno, "realloc");

187

for (; argv[i] != NULL; i++){

188

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

189

if(tmp == NULL){

190

error_plus(0, errno, "realloc");

153

191

free(new_argv);

154

192

_exit(EX_OSERR);

155

193

}

156

new_argv = (char **)tmp;

194

new_argv = tmp;

157

195

new_argv[i] = strdup(argv[i]);

158

196

}

159

new_argv[i] = (char *) NULL;

197

new_argv[i] = NULL;

160

198

161

199

execv(path, (char *const *)new_argv);

162

error(0, errno, "execv");

200

error_plus(0, errno, "execv");

163

201

_exit(EXIT_FAILURE);

164

202

}

165

203

if(pid_return != NULL){

174

212

return false;

175

213

}

176

214

if(ret == -1){

177

error(0, errno, "waitpid");

215

error_plus(0, errno, "waitpid");

178

216

return false;

179

217

}

180

218

if(WIFEXITED(status) and (WEXITSTATUS(status) == 0)){

183

221

return false;

184

222

}

185

223

224

__attribute__((nonnull))

186

225

int is_plymouth(const struct dirent *proc_entry){

187

226

int ret;

188

227

{

189

uintmax_t maxvalue;

228

uintmax_t proc_id;

190

229

char *tmp;

191

230

errno = 0;

192

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

231

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

193

232

194

233

if(errno != 0 or *tmp != '\0'

195

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

234

or proc_id != (uintmax_t)((pid_t)proc_id)){

196

235

return 0;

197

236

}

198

237

}

199

char exe_target[sizeof(plymouth_path)];

238

char exe_target[sizeof(plymouthd_path)];

200

239

char *exe_link;

201

240

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

202

241

if(ret == -1){

203

error(0, errno, "asprintf");

242

error_plus(0, errno, "asprintf");

204

243

return 0;

205

244

}

206

245

209

248

if(ret == -1){

210

249

free(exe_link);

211

250

if(errno != ENOENT){

212

error(0, errno, "lstat");

251

error_plus(0, errno, "lstat");

213

252

}

214

253

return 0;

215

254

}

223

262

224

263

ssize_t sret = readlink(exe_link, exe_target, sizeof(exe_target));

225

264

free(exe_link);

226

if((sret != (ssize_t)sizeof(plymouth_path)-1) or

227

(memcmp(plymouth_path, exe_target,

228

sizeof(plymouth_path)-1) != 0)){

265

if((sret != (ssize_t)sizeof(plymouthd_path)-1) or

266

(memcmp(plymouthd_path, exe_target,

267

sizeof(plymouthd_path)-1) != 0)){

229

268

return 0;

230

269

}

231

270

return 1;

233

272

234

273

pid_t get_pid(void){

235

274

int ret;

275

uintmax_t proc_id = 0;

236

276

FILE *pidfile = fopen(plymouth_pid, "r");

237

uintmax_t maxvalue = 0;

277

/* Try the new pid file location */

238

278

if(pidfile != NULL){

239

ret = fscanf(pidfile, "%" SCNuMAX, &maxvalue);

279

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

240

280

if(ret != 1){

241

maxvalue = 0;

281

proc_id = 0;

242

282

}

243

283

fclose(pidfile);

244

284

}

245

if(maxvalue == 0){

246

struct dirent **direntries;

285

/* Try the old pid file location */

286

if(proc_id == 0){

287

pidfile = fopen(plymouth_old_pid, "r");

288

if(pidfile != NULL){

289

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

290

if(ret != 1){

291

proc_id = 0;

292

}

293

fclose(pidfile);

294

}

295

}

296

/* Try the old old pid file location */

297

if(proc_id == 0){

298

pidfile = fopen(plymouth_old_old_pid, "r");

299

if(pidfile != NULL){

300

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

301

if(ret != 1){

302

proc_id = 0;

303

}

304

fclose(pidfile);

305

}

306

}

307

/* Look for a plymouth process */

308

if(proc_id == 0){

309

struct dirent **direntries = NULL;

247

310

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

248

sscanf(direntries[0]->d_name, "%" SCNuMAX, &maxvalue);

311

if(ret == -1){

312

error_plus(0, errno, "scandir");

313

}

314

if(ret > 0){

315

for(int i = ret-1; i >= 0; i--){

316

if(proc_id == 0){

317

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

318

if(ret < 0){

319

error_plus(0, errno, "sscanf");

320

}

321

}

322

free(direntries[i]);

323

}

324

}

325

/* scandir might preallocate for this variable (man page unclear).

326

even if ret == 0, therefore we need to free it. */

327

free(direntries);

249

328

}

250

329

pid_t pid;

251

pid = (pid_t)maxvalue;

252

if((uintmax_t)pid == maxvalue){

330

pid = (pid_t)proc_id;

331

if((uintmax_t)pid == proc_id){

253

332

return pid;

254

333

}

255

334

256

335

return 0;

257

336

}

258

337

259

const char **getargv(pid_t pid){

338

char **getargv(pid_t pid){

260

339

int cl_fd;

261

340

char *cmdline_filename;

262

341

ssize_t sret;

265

344

ret = asprintf(&cmdline_filename, "/proc/%" PRIuMAX "/cmdline",

266

345

(uintmax_t)pid);

267

346

if(ret == -1){

268

error(0, errno, "asprintf");

347

error_plus(0, errno, "asprintf");

269

348

return NULL;

270

349

}

271

350

273

352

cl_fd = open(cmdline_filename, O_RDONLY);

274

353

free(cmdline_filename);

275

354

if(cl_fd == -1){

276

error(0, errno, "open");

355

error_plus(0, errno, "open");

277

356

return NULL;

278

357

}

279

358

287

366

if(cmdline_len + blocksize > cmdline_allocated){

288

367

tmp = realloc(cmdline, cmdline_allocated + blocksize);

289

368

if(tmp == NULL){

290

error(0, errno, "realloc");

369

error_plus(0, errno, "realloc");

291

370

free(cmdline);

292

371

close(cl_fd);

293

372

return NULL;

300

379

sret = read(cl_fd, cmdline + cmdline_len,

301

380

cmdline_allocated - cmdline_len);

302

381

if(sret == -1){

303

error(0, errno, "read");

382

error_plus(0, errno, "read");

304

383

free(cmdline);

305

384

close(cl_fd);

306

385

return NULL;

309

388

} while(sret != 0);

310

389

ret = close(cl_fd);

311

390

if(ret == -1){

312

error(0, errno, "close");

391

error_plus(0, errno, "close");

313

392

free(cmdline);

314

393

return NULL;

315

394

}

318

397

char **argv = malloc((argz_count(cmdline, cmdline_len) + 1)

319

398

* sizeof(char *)); /* Get number of args */

320

399

if(argv == NULL){

321

error(0, errno, "argv = malloc()");

400

error_plus(0, errno, "argv = malloc()");

322

401

free(cmdline);

323

402

return NULL;

324

403

}

325

404

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

326

return (const char **)argv;

405

return argv;

327

406

}

328

407

329

408

int main(__attribute__((unused))int argc,

351

430

*sig != 0; sig++){

352

431

ret = sigaddset(&new_action.sa_mask, *sig);

353

432

if(ret == -1){

354

error(EX_OSERR, errno, "sigaddset");

433

error_plus(EX_OSERR, errno, "sigaddset");

355

434

}

356

435

ret = sigaction(*sig, NULL, &old_action);

357

436

if(ret == -1){

358

error(EX_OSERR, errno, "sigaction");

437

error_plus(EX_OSERR, errno, "sigaction");

359

438

}

360

439

if(old_action.sa_handler != SIG_IGN){

361

440

ret = sigaction(*sig, &new_action, NULL);

362

441

if(ret == -1){

363

error(EX_OSERR, errno, "sigaction");

442

error_plus(EX_OSERR, errno, "sigaction");

364

443

}

365

444

}

366

445

}

385

464

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

386

465

free(prompt);

387

466

if(ret == -1){

388

error(EX_OSERR, errno, "asprintf");

467

error_plus(EX_OSERR, errno, "asprintf");

389

468

}

390

469

391

470

/* plymouth ask-for-password --prompt="$prompt" */

404

483

}

405

484

kill_and_wait(plymouth_command_pid);

406

485

407

const char **plymouthd_argv;

486

char **plymouthd_argv = NULL;

408

487

pid_t pid = get_pid();

409

488

if(pid == 0){

410

error(0, 0, "plymouthd pid not found");

411

plymouthd_argv = plymouthd_default_argv;

489

error_plus(0, 0, "plymouthd pid not found");

412

490

} else {

413

491

plymouthd_argv = getargv(pid);

414

492

}

417

495

{ plymouth_path, "quit", NULL },

418

496

false, false);

419

497

if(not bret){

498

if(plymouthd_argv != NULL){

499

free(*plymouthd_argv);

500

free(plymouthd_argv);

501

}

420

502

exit(EXIT_FAILURE);

421

503

}

422

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

504

bret = exec_and_wait(NULL, plymouthd_path,

505

(plymouthd_argv != NULL)

506

? (const char * const *)plymouthd_argv

507

: plymouthd_default_argv,

423

508

false, true);

509

if(plymouthd_argv != NULL){

510

free(*plymouthd_argv);

511

free(plymouthd_argv);

512

}

424

513

if(not bret){

425

514

exit(EXIT_FAILURE);

426

515

}

Older »