/mandos/release : revision 237.7.780

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

Committer: Teddy Hogeborn
Date: 2021-02-01 19:30:45 UTC
mto: This revision was merged to the branch mainline in revision 404.
Revision ID: teddy@recompile.se-20210201193045-lpg6aprpc4srem6k

Fix issue with french translation

Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.

* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".

Show diffs side-by-side

added added

removed removed

dracut-module/password-agent.c

* Mandos password agent - Simple password agent to run Mandos client

* This file is part of Mandos.

868

}

869

close(pipefds[1]);

870

871

if(pid == -1){

872

error(0, errno, "Failed to fork()");

873

close(pipefds[0]);

874

return false;

875

}

876

871

877

if(not add_to_queue(queue, (task_context){

872

878

.func=wait_for_mandos_client_exit,

873

879

.pid=pid,

1187

1193

bool *const password_is_read = task.password_is_read;

1188

1194

1189

1195

/* We use the GLib "Key-value file parser" functions to parse the

1190

question file. See <https://www.freedesktop.org/wiki/Software

1191

/systemd/PasswordAgents/> for specification of contents */

1196

question file. See <https://systemd.io/PASSWORD_AGENTS/> for

1197

specification of contents */

1192

1198

__attribute__((nonnull))

1193

1199

void cleanup_g_key_file(GKeyFile **key_file){

1194

1200

if(*key_file != NULL){

1484

1490

not. You may but don't have to include a final NUL byte in

1485

1491

your message.

1486

1492

1487

— <https://www.freedesktop.org/wiki/Software/systemd/

1488

PasswordAgents/> (Wed 08 Oct 2014 02:14:28 AM UTC)

1493

— <https://systemd.io/PASSWORD_AGENTS/> (Tue, 15 Sep 2020

1494

14:24:20 GMT)

1489

1495

1490

1496

send_buffer[0] = '+'; /* Prefix with "+" */

1491

1497

/* Always add an extra NUL */

1496

1502

errno = 0;

1497

1503

ssize_t ssret = send(fd, send_buffer, send_buffer_length,

1498

1504

MSG_NOSIGNAL);

1499

const error_t saved_errno = errno;

1505

const error_t saved_errno = (ssret < 0) ? errno : 0;

1500

1506

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 25)

1501

1507

explicit_bzero(send_buffer, send_buffer_length);

1502

1508

#else

1520

1526

/* Retry, below */

1521

1527

break;

1522

1528

case EMSGSIZE:

1523

error(0, 0, "Password of size %" PRIuMAX " is too big",

1524

(uintmax_t)password->length);

1529

error(0, saved_errno, "Password of size %" PRIuMAX

1530

" is too big", (uintmax_t)password->length);

1525

1531

#if __GNUC__ < 7

1526

1532

/* FALLTHROUGH */

1527

1533

#else

1529

1535

#endif

1530

1536

case 0:

1531

1537

if(ssret >= 0 and ssret < (ssize_t)send_buffer_length){

1532

error(0, 0, "Password only partially sent to socket");

1538

error(0, 0, "Password only partially sent to socket %s: %"

1539

PRIuMAX " out of %" PRIuMAX " bytes sent", filename,

1540

(uintmax_t)ssret, (uintmax_t)send_buffer_length);

1533

1541

}

1534

1542

#if __GNUC__ < 7

1535

1543

/* FALLTHROUGH */

2190

2198

}

2191

2199

exit(EXIT_SUCCESS);

2192

2200

}

2201

if(pid == -1){

2202

error(EXIT_FAILURE, errno, "Failed to fork()");

2203

}

2204

2193

2205

int status;

2194

2206

waitpid(pid, &status, 0);

2195

2207

if(WIFEXITED(status) and (WEXITSTATUS(status) == EXIT_SUCCESS)){

5797

5809

char write_data[PIPE_BUF];

5798

5810

{

5799

5811

/* Construct test password buffer */

5800

/* Start with + since that is what the real procotol uses */

5812

/* Start with + since that is what the real protocol uses */

5801

5813

write_data[0] = '+';

5802

5814

/* Set a special character at string end just to mark the end */

5803

5815

write_data[sizeof(write_data)-2] = 'y';

5955

5967

char *const filename = strdup("/nonexistent/socket");

5956

5968

__attribute__((cleanup(string_set_clear)))

5957

5969

string_set cancelled_filenames = {};

5958

const size_t oversized = 1024*1024; /* Limit seems to be 212960 */

5959

__attribute__((cleanup(cleanup_buffer)))

5960

buffer password = {

5961

.data=malloc(oversized),

5962

.length=oversized,

5963

.allocated=oversized,

5970

int socketfds[2];

5971

5972

/* Find a message size which triggers EMSGSIZE */

5973

__attribute__((cleanup(cleanup_string)))

5974

char *message_buffer = NULL;

5975

size_t message_size = PIPE_BUF + 1;

5976

for(ssize_t ssret = 0; ssret >= 0; message_size += 1024){

5977

if(message_size >= 1024*1024*1024){ /* 1 GiB */

5978

g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB");

5979

return;

5980

}

5981

message_buffer = realloc(message_buffer, message_size);

5982

if(message_buffer == NULL){

5983

g_test_skip("Skipping EMSGSIZE test");

5984

g_test_message("Failed to malloc() %" PRIuMAX " bytes",

5985

(uintmax_t)message_size);

5986

return;

5987

}

5988

/* Fill buffer with 'x' */

5989

memset(message_buffer, 'x', message_size);

5990

/* Create a new socketpair for each message size to avoid having

5991

to empty the pipe by reading the message to a separate buffer

5992

5993

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5994

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5995

socketfds), ==, 0);

5996

ssret = send(socketfds[1], message_buffer, message_size,

5997

MSG_NOSIGNAL);

5998

error_t saved_errno = errno;

5999

g_assert_cmpint(close(socketfds[0]), ==, 0);

6000

g_assert_cmpint(close(socketfds[1]), ==, 0);

6001

6002

if(ssret < 0){

6003

if(saved_errno != EMSGSIZE) {

6004

g_test_skip("Skipping EMSGSIZE test");

6005

g_test_message("Error on send(): %s", strerror(saved_errno));

6006

return;

6007

}

6008

break;

6009

} else if(ssret != (ssize_t)message_size){

6010

g_test_skip("Skipping EMSGSIZE test");

6011

g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX

6012

" bytes", (uintmax_t)ssret,

6013

(intmax_t)message_size);

6014

return;

6015

}

6016

}

6017

g_test_message("EMSGSIZE triggered by %" PRIdMAX " bytes",

6018

(intmax_t)message_size);

6019

6020

buffer password = {

6021

.data=message_buffer,

6022

.length=message_size - 2, /* Compensate for added '+' and NUL */

6023

.allocated=message_size,

5964

6024

};

5965

g_assert_nonnull(password.data);

5966

6025

if(mlock(password.data, password.allocated) != 0){

5967

6026

g_assert_true(errno == EPERM or errno == ENOMEM);

5968

6027

}

5969

/* Construct test password buffer */

5970

/* Start with + since that is what the real procotol uses */

5971

password.data[0] = '+';

5972

/* Set a special character at string end just to mark the end */

5973

password.data[oversized-3] = 'y';

5974

/* Set NUL at buffer end, as suggested by the protocol */

5975

password.data[oversized-2] = '\0';

5976

/* Fill rest of password with 'x' */

5977

memset(password.data+1, 'x', oversized-3);

5978

6028

5979

6029

__attribute__((cleanup(cleanup_queue)))

5980

6030

task_queue *queue = create_queue();

5981

6031

g_assert_nonnull(queue);

5982

int socketfds[2];

5983

6032

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5984

6033

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5985

6034

socketfds), ==, 0);

Older »