/mandos/release : revision 237.7.679

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2019-07-29 16:35:53 UTC
mto: This revision was merged to the branch mainline in revision 384.
Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537

Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

files added:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/templates.pot

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

* Plymouth - Read a password from Plymouth and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <stddef.h> /* NULL */

#include <string.h> /* strchr(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), fopen(),

fscanf(), vasprintf(), fprintf(), vfprintf() */

fscanf(), vasprintf(), fprintf(),

vfprintf() */

#include <unistd.h> /* close(), readlink(), read(),

fork(), setsid(), chdir(), dup2(),

STDERR_FILENO, execv(), access() */

#include <errno.h> /* TEMP_FAILURE_RETRY */

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

#include <argp.h>

sig_atomic_t interrupted_by_signal = 0;

const char plymouth_pid[] = "/dev/.initramfs/plymouth.pid";

const char *argp_program_version = "plymouth " VERSION;

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

const char *plymouthd_default_argv[] = {"/sbin/plymouthd",

"--mode=boot",

"--attach-to-session",

"--pid-file="

"/dev/.initramfs/"

"plymouth.pid",

NULL };

bool debug = false;

static void termination_handler(__attribute__((unused))int signum){

if(interrupted_by_signal){

interrupted_by_signal = 1;

}

__attribute__((format (gnu_printf, 2, 3), nonnull))

int fprintf_plus(FILE *stream, const char *format, ...){

va_list ap;

va_start (ap, format);

fprintf(stream, "Mandos plugin %s: ", program_invocation_short_name);

return vfprintf(stream, format, ap);

}

/* Function to use when printing errors */

void error_plus(int status, int errnum, const char *formatstring, ...){

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

100

va_start(ap, formatstring);

101

ret = vasprintf(&text, formatstring, ap);

if (ret == -1){

fprintf(stderr, "Mandos plugin %s: ", program_invocation_short_name);

102

if(ret == -1){

103

fprintf(stderr, "Mandos plugin %s: ",

104

program_invocation_short_name);

105

vfprintf(stderr, formatstring, ap);

106

fprintf(stderr, ": ");

107

fprintf(stderr, "%s\n", strerror(errnum));

148

169

return true;

149

170

}

150

171

172

__attribute__((nonnull (2, 3)))

151

173

bool exec_and_wait(pid_t *pid_return, const char *path,

152

const char **argv, bool interruptable,

174

const char * const * const argv, bool interruptable,

153

175

bool daemonize){

154

176

int status;

155

177

int ret;

156

178

pid_t pid;

179

if(debug){

180

for(const char * const *arg = argv; *arg != NULL; arg++){

181

fprintf_plus(stderr, "exec_and_wait arg: %s\n", *arg);

182

}

183

fprintf_plus(stderr, "exec_and_wait end of args\n");

184

}

185

157

186

pid = fork();

158

187

if(pid == -1){

159

188

error_plus(0, errno, "fork");

167

196

}

168

197

}

169

198

170

char **new_argv = NULL;

199

char **new_argv = malloc(sizeof(const char *));

200

if(new_argv == NULL){

201

error_plus(0, errno, "malloc");

202

_exit(EX_OSERR);

203

}

171

204

char **tmp;

172

205

int i = 0;

173

for (; argv[i]!=NULL; i++){

174

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

175

if (tmp == NULL){

206

for (; argv[i] != NULL; i++){

207

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

208

if(tmp == NULL){

176

209

error_plus(0, errno, "realloc");

177

210

free(new_argv);

178

211

_exit(EX_OSERR);

195

228

and ((not interrupted_by_signal)

196

229

or (not interruptable)));

197

230

if(interrupted_by_signal and interruptable){

231

if(debug){

232

fprintf_plus(stderr, "Interrupted by signal\n");

233

}

198

234

return false;

199

235

}

200

236

if(ret == -1){

201

237

error_plus(0, errno, "waitpid");

202

238

return false;

203

239

}

240

if(debug){

241

if(WIFEXITED(status)){

242

fprintf_plus(stderr, "exec_and_wait exited: %d\n",

243

WEXITSTATUS(status));

244

} else if(WIFSIGNALED(status)) {

245

fprintf_plus(stderr, "exec_and_wait signaled: %d\n",

246

WTERMSIG(status));

247

}

248

}

204

249

if(WIFEXITED(status) and (WEXITSTATUS(status) == 0)){

205

250

return true;

206

251

}

207

252

return false;

208

253

}

209

254

255

__attribute__((nonnull))

210

256

int is_plymouth(const struct dirent *proc_entry){

211

257

int ret;

212

258

{

213

uintmax_t maxvalue;

259

uintmax_t proc_id;

214

260

char *tmp;

215

261

errno = 0;

216

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

262

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

217

263

218

264

if(errno != 0 or *tmp != '\0'

219

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

265

or proc_id != (uintmax_t)((pid_t)proc_id)){

220

266

return 0;

221

267

}

222

268

}

257

303

258

304

pid_t get_pid(void){

259

305

int ret;

306

uintmax_t proc_id = 0;

260

307

FILE *pidfile = fopen(plymouth_pid, "r");

261

uintmax_t maxvalue = 0;

308

/* Try the new pid file location */

262

309

if(pidfile != NULL){

263

ret = fscanf(pidfile, "%" SCNuMAX, &maxvalue);

310

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

264

311

if(ret != 1){

265

maxvalue = 0;

312

proc_id = 0;

266

313

}

267

314

fclose(pidfile);

268

315

}

269

if(maxvalue == 0){

316

/* Try the old pid file location */

317

if(proc_id == 0){

318

pidfile = fopen(plymouth_old_pid, "r");

319

if(pidfile != NULL){

320

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

321

if(ret != 1){

322

proc_id = 0;

323

}

324

fclose(pidfile);

325

}

326

}

327

/* Try the old old pid file location */

328

if(proc_id == 0){

329

pidfile = fopen(plymouth_old_old_pid, "r");

330

if(pidfile != NULL){

331

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

332

if(ret != 1){

333

proc_id = 0;

334

}

335

fclose(pidfile);

336

}

337

}

338

/* Look for a plymouth process */

339

if(proc_id == 0){

270

340

struct dirent **direntries = NULL;

271

341

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

272

if (ret == -1){

342

if(ret == -1){

273

343

error_plus(0, errno, "scandir");

274

344

}

275

if (ret > 0){

276

ret = sscanf(direntries[0]->d_name, "%" SCNuMAX, &maxvalue);

277

if (ret < 0){

278

error_plus(0, errno, "sscanf");

345

if(ret > 0){

346

for(int i = ret-1; i >= 0; i--){

347

if(proc_id == 0){

348

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

349

if(ret < 0){

350

error_plus(0, errno, "sscanf");

351

}

352

}

353

free(direntries[i]);

279

354

}

280

355

}

281

356

/* scandir might preallocate for this variable (man page unclear).

282

even if ret == 0, we need to free it. */

357

even if ret == 0, therefore we need to free it. */

283

358

free(direntries);

284

359

}

285

360

pid_t pid;

286

pid = (pid_t)maxvalue;

287

if((uintmax_t)pid == maxvalue){

361

pid = (pid_t)proc_id;

362

if((uintmax_t)pid == proc_id){

288

363

return pid;

289

364

}

290

365

291

366

return 0;

292

367

}

293

368

294

const char **getargv(pid_t pid){

369

char **getargv(pid_t pid){

295

370

int cl_fd;

296

371

char *cmdline_filename;

297

372

ssize_t sret;

358

433

return NULL;

359

434

}

360

435

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

361

return (const char **)argv;

436

return argv;

362

437

}

363

438

364

439

int main(__attribute__((unused))int argc,

365

440

__attribute__((unused))char **argv){

366

char *prompt;

441

char *prompt = NULL;

367

442

char *prompt_arg;

368

443

pid_t plymouth_command_pid;

369

444

int ret;

370

445

bool bret;

371

446

447

{

448

struct argp_option options[] = {

449

{ .name = "prompt", .key = 128, .arg = "PROMPT",

450

.doc = "The prompt to show" },

451

{ .name = "debug", .key = 129,

452

.doc = "Debug mode" },

453

{ .name = NULL }

454

};

455

456

__attribute__((nonnull(3)))

457

error_t parse_opt (int key, char *arg, __attribute__((unused))

458

struct argp_state *state){

459

errno = 0;

460

switch (key){

461

case 128: /* --prompt */

462

prompt = arg;

463

if(debug){

464

fprintf_plus(stderr, "Custom prompt \"%s\"\n", prompt);

465

}

466

break;

467

case 129: /* --debug */

468

debug = true;

469

break;

470

default:

471

return ARGP_ERR_UNKNOWN;

472

}

473

return errno;

474

}

475

476

struct argp argp = { .options = options, .parser = parse_opt,

477

.args_doc = "",

478

.doc = "Mandos plymouth -- Read and"

479

" output a password" };

480

ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, NULL, NULL);

481

switch(ret){

482

case 0:

483

break;

484

case ENOMEM:

485

default:

486

errno = ret;

487

error_plus(0, errno, "argp_parse");

488

return EX_OSERR;

489

case EINVAL:

490

error_plus(0, errno, "argp_parse");

491

return EX_USAGE;

492

}

493

}

494

372

495

/* test -x /bin/plymouth */

373

496

ret = access(plymouth_path, X_OK);

374

497

if(ret == -1){

375

498

/* Plymouth is probably not installed. Don't print an error

376

499

message, just exit. */

500

if(debug){

501

fprintf_plus(stderr, "Plymouth (%s) not found\n",

502

plymouth_path);

503

}

377

504

exit(EX_UNAVAILABLE);

378

505

}

379

506

413

540

}

414

541

/* Plymouth is probably not running. Don't print an error

415

542

message, just exit. */

543

if(debug){

544

fprintf_plus(stderr, "Plymouth not running\n");

545

}

416

546

exit(EX_UNAVAILABLE);

417

547

}

418

548

419

prompt = makeprompt();

420

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

421

free(prompt);

549

if(prompt != NULL){

550

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

551

} else {

552

char *made_prompt = makeprompt();

553

ret = asprintf(&prompt_arg, "--prompt=%s", made_prompt);

554

free(made_prompt);

555

}

422

556

if(ret == -1){

423

557

error_plus(EX_OSERR, errno, "asprintf");

424

558

}

425

559

426

560

/* plymouth ask-for-password --prompt="$prompt" */

561

if(debug){

562

fprintf_plus(stderr, "Prompting for password via Plymouth\n");

563

}

427

564

bret = exec_and_wait(&plymouth_command_pid,

428

565

plymouth_path, (const char *[])

429

566

{ plymouth_path, "ask-for-password",

439

576

}

440

577

kill_and_wait(plymouth_command_pid);

441

578

442

const char **plymouthd_argv;

579

char **plymouthd_argv = NULL;

443

580

pid_t pid = get_pid();

444

581

if(pid == 0){

445

582

error_plus(0, 0, "plymouthd pid not found");

446

plymouthd_argv = plymouthd_default_argv;

447

583

} else {

448

584

plymouthd_argv = getargv(pid);

449

585

}

452

588

{ plymouth_path, "quit", NULL },

453

589

false, false);

454

590

if(not bret){

591

if(plymouthd_argv != NULL){

592

free(*plymouthd_argv);

593

free(plymouthd_argv);

594

}

455

595

exit(EXIT_FAILURE);

456

596

}

457

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

597

bret = exec_and_wait(NULL, plymouthd_path,

598

(plymouthd_argv != NULL)

599

? (const char * const *)plymouthd_argv

600

: plymouthd_default_argv,

458

601

false, true);

602

if(plymouthd_argv != NULL){

603

free(*plymouthd_argv);

604

free(plymouthd_argv);

605

}

459

606

if(not bret){

460

607

exit(EXIT_FAILURE);

461

608

}

Older »