/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

  • Committer: Teddy Hogeborn
  • Date: 2019-08-03 11:52:41 UTC
  • mto: This revision was merged to the branch mainline in revision 386.
  • Revision ID: teddy@recompile.se-20190803115241-oe9726lcojsaij33
dracut-module/password-agent.c: Require agent directory

Require the --agent-directory (by default "/run/systemd/ask-password")
to be an actual directory; fail otherwise.

* dracut-module/password-agent.c (main): Make ENOTDIR from
  add_inotify_dir_watch() result in EX_OSFILE.
  (add_inotify_dir_watch): Add "IN_ONLYDIR" flag to
                           inotify_add_watch().
  (test_add_inotify_dir_watch_nondir): New test.
  (run_tests): Add new test.

Show diffs side-by-side

added added

removed removed

Lines of Context:
431
431
    case EACCES:
432
432
    case ENAMETOOLONG:
433
433
    case ENOENT:
 
434
    case ENOTDIR:
434
435
      return EX_OSFILE;
435
436
    default:
436
437
      return EX_OSERR;
1018
1019
  }
1019
1020
 
1020
1021
  if(inotify_add_watch(fd, dir, IN_CLOSE_WRITE | IN_MOVED_TO
1021
 
                       | IN_MOVED_FROM| IN_DELETE | IN_EXCL_UNLINK)
 
1022
                       | IN_MOVED_FROM| IN_DELETE | IN_EXCL_UNLINK
 
1023
                       | IN_ONLYDIR)
1022
1024
     == -1){
1023
1025
    error(0, errno, "Failed to create inotify watch on %s", dir);
1024
1026
    return false;
3452
3454
  g_assert_cmpuint((unsigned int)queue->length, ==, 0);
3453
3455
}
3454
3456
 
 
3457
static void test_add_inotify_dir_watch_nondir(__attribute__((unused))
 
3458
                                              test_fixture *fixture,
 
3459
                                            __attribute__((unused))
 
3460
                                              gconstpointer
 
3461
                                              user_data){
 
3462
  __attribute__((cleanup(cleanup_close)))
 
3463
    const int epoll_fd = epoll_create1(EPOLL_CLOEXEC);
 
3464
  g_assert_cmpint(epoll_fd, >=, 0);
 
3465
  __attribute__((cleanup(cleanup_queue)))
 
3466
    task_queue *queue = create_queue();
 
3467
  g_assert_nonnull(queue);
 
3468
  __attribute__((cleanup(string_set_clear)))
 
3469
    string_set cancelled_filenames = {};
 
3470
  const mono_microsecs current_time = 0;
 
3471
 
 
3472
  bool quit_now = false;
 
3473
  buffer password = {};
 
3474
  bool mandos_client_exited = false;
 
3475
  bool password_is_read = false;
 
3476
 
 
3477
  const char not_a_directory[] = "/dev/tty";
 
3478
 
 
3479
  FILE *real_stderr = stderr;
 
3480
  FILE *devnull = fopen("/dev/null", "we");
 
3481
  g_assert_nonnull(devnull);
 
3482
  stderr = devnull;
 
3483
  g_assert_false(add_inotify_dir_watch(queue, epoll_fd, &quit_now,
 
3484
                                       &password, not_a_directory,
 
3485
                                       &cancelled_filenames,
 
3486
                                       &current_time,
 
3487
                                       &mandos_client_exited,
 
3488
                                       &password_is_read));
 
3489
  stderr = real_stderr;
 
3490
  g_assert_cmpint(fclose(devnull), ==, 0);
 
3491
 
 
3492
  g_assert_cmpuint((unsigned int)queue->length, ==, 0);
 
3493
}
 
3494
 
3455
3495
static void test_add_inotify_dir_watch_EAGAIN(__attribute__((unused))
3456
3496
                                              test_fixture *fixture,
3457
3497
                                              __attribute__((unused))
7905
7945
              test_add_inotify_dir_watch);
7906
7946
  test_add_st("/task-creators/add_inotify_dir_watch/fail",
7907
7947
              test_add_inotify_dir_watch_fail);
 
7948
  test_add_st("/task-creators/add_inotify_dir_watch/not-a-directory",
 
7949
              test_add_inotify_dir_watch_nondir);
7908
7950
  test_add_st("/task-creators/add_inotify_dir_watch/EAGAIN",
7909
7951
              test_add_inotify_dir_watch_EAGAIN);
7910
7952
  test_add_st("/task-creators/add_inotify_dir_watch/IN_CLOSE_WRITE",