/mandos/release : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.lsm

overview.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

/* -*- coding: utf-8 -*- */

* Password-prompt - Read a password from the terminal and print it

* Passprompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* getline(), asprintf() */

#define _GNU_SOURCE /* getline() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

tcgetattr(), ECHO */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

SIGQUIT, SIGHUP, SIGTERM */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

getopt_long */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc()

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

stdin, feof(), perror(), fputc(),

stdout, getopt_long */

#include <errno.h> /* errno, EINVAL */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat() */

#include <string.h> /* strlen, rindex, memcmp */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

volatile bool quit_now = false;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_version = "password-prompt 1.0";

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

/* Needed for conflic resolution */

const char plymouthd_path[] = "/sbin/plymouth";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

}

bool conflict_detection(void){

/* plymouth conflicts with password-promt since both want to control the

associated terminal. Password-prompt exit since plymouth perferms the same

functionallity.

int is_plymouth(const struct dirent *proc_entry){

int ret;

{

uintmax_t maxvalue;

char *tmp;

errno = 0;

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

if(errno != 0 or *tmp != '\0'

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

return 0;

}

char exe_target[sizeof(plymouthd_path)];

100

char *exe_link;

101

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

102

if(ret == -1){

103

error(0, errno, "asprintf");

104

return 0;

105

}

106

107

struct stat exe_stat;

108

ret = lstat(exe_link, &exe_stat);

109

if(ret == -1){

110

free(exe_link);

111

if(errno != ENOENT){

112

error(0, errno, "lstat");

113

}

114

return 0;

115

}

116

117

if(not S_ISLNK(exe_stat.st_mode)

118

or exe_stat.st_uid != 0

119

or exe_stat.st_gid != 0){

120

free(exe_link);

121

return 0;

122

}

123

124

ssize_t sret = readlink(exe_link, exe_target, sizeof(exe_target));

125

free(exe_link);

126

if((sret != (ssize_t)sizeof(plymouthd_path)-1) or

127

(memcmp(plymouthd_path, exe_target,

128

sizeof(plymouthd_path)-1) != 0)){

129

return 0;

130

}

131

return 1;

132

}

133

134

struct dirent **direntries;

135

int ret;

136

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

137

if (ret == -1){

138

error(1, errno, "scandir");

139

}

140

if (ret < 0){

141

return 1;

142

} else {

143

return 0;

144

}

145

}

146

static void termination_handler(__attribute__((unused))int signum){

quit_now = true;

}

147

148

int main(int argc, char **argv){

149

ssize_t sret;

150

int ret;

ssize_t ret;

151

size_t n;

152

struct termios t_new, t_old;

153

char *buffer = NULL;

160

struct argp_option options[] = {

161

{ .name = "prefix", .key = 'p',

162

.arg = "PREFIX", .flags = 0,

163

.doc = "Prefix shown before the prompt", .group = 2 },

.doc = "Prefix used before the passprompt", .group = 2 },

164

{ .name = "debug", .key = 128,

165

.doc = "Debug mode", .group = 3 },

166

167

* These reproduce what we would get without ARGP_NO_HELP

168

169

{ .name = "help", .key = '?',

170

.doc = "Give this help list", .group = -1 },

171

{ .name = "usage", .key = -3,

172

.doc = "Give a short usage message", .group = -1 },

173

{ .name = "version", .key = 'V',

174

.doc = "Print program version", .group = -1 },

175

{ .name = NULL }

176

};

177

178

error_t parse_opt (int key, char *arg, struct argp_state *state){

179

errno = 0;

180

switch (key){

error_t parse_opt (int key, char *arg, struct argp_state *state) {

/* Get the INPUT argument from `argp_parse', which we know is a

pointer to our plugin list pointer. */

switch (key) {

181

case 'p':

182

prefix = arg;

183

break;

184

case 128:

185

debug = true;

186

break;

187

188

* These reproduce what we would get without ARGP_NO_HELP

189

190

case '?': /* --help */

191

argp_state_help(state, state->out_stream,

192

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

193

& ~(unsigned int)ARGP_HELP_EXIT_OK);

194

case -3: /* --usage */

195

argp_state_help(state, state->out_stream,

196

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

197

case 'V': /* --version */

198

fprintf(state->out_stream, "%s\n", argp_program_version);

199

exit(argp_err_exit_status);

case ARGP_KEY_ARG:

argp_usage (state);

break;

case ARGP_KEY_END:

200

break;

201

default:

202

return ARGP_ERR_UNKNOWN;

203

}

204

return errno;

100

return 0;

205

101

}

206

102

207

103

struct argp argp = { .options = options, .parser = parse_opt,

208

104

.args_doc = "",

209

.doc = "Mandos password-prompt -- Read and"

210

" output a password" };

211

ret = argp_parse(&argp, argc, argv,

212

ARGP_IN_ORDER | ARGP_NO_HELP, NULL, NULL);

213

switch(ret){

214

case 0:

215

break;

216

case ENOMEM:

217

default:

218

errno = ret;

219

error(0, errno, "argp_parse");

220

return EX_OSERR;

221

case EINVAL:

222

return EX_USAGE;

105

.doc = "Mandos Passprompt -- Provides a passprompt" };

106

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

107

if (ret == ARGP_ERR_UNKNOWN){

108

fprintf(stderr, "Unknown error while parsing arguments\n");

109

return EXIT_FAILURE;

223

110

}

224

111

}

225

226

if(debug){

112

113

if (debug){

227

114

fprintf(stderr, "Starting %s\n", argv[0]);

228

115

}

229

230

if (conflict_detection()){

231

if(debug){

232

fprintf(stderr, "Stopping %s because of conflict", argv[0]);

233

}

234

return EXIT_FAILURE;

235

}

236

237

if(debug){

116

if (debug){

238

117

fprintf(stderr, "Storing current terminal attributes\n");

239

118

}

240

119

241

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

242

int e = errno;

243

error(0, errno, "tcgetattr");

244

switch(e){

245

case EBADF:

246

case ENOTTY:

247

return EX_UNAVAILABLE;

248

default:

249

return EX_OSERR;

250

}

120

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

121

return EXIT_FAILURE;

251

122

}

252

123

253

124

sigemptyset(&new_action.sa_mask);

254

ret = sigaddset(&new_action.sa_mask, SIGINT);

255

if(ret == -1){

256

error(0, errno, "sigaddset");

257

return EX_OSERR;

258

}

259

ret = sigaddset(&new_action.sa_mask, SIGHUP);

260

if(ret == -1){

261

error(0, errno, "sigaddset");

262

return EX_OSERR;

263

}

264

ret = sigaddset(&new_action.sa_mask, SIGTERM);

265

if(ret == -1){

266

error(0, errno, "sigaddset");

267

return EX_OSERR;

268

}

269

/* Need to check if the handler is SIG_IGN before handling:

270

| [[info:libc:Initial Signal Actions]] |

271

| [[info:libc:Basic Signal Handling]] |

272

125

sigaddset(&new_action.sa_mask, SIGINT);

126

sigaddset(&new_action.sa_mask, SIGHUP);

127

sigaddset(&new_action.sa_mask, SIGTERM);

273

128

ret = sigaction(SIGINT, NULL, &old_action);

274

129

if(ret == -1){

275

error(0, errno, "sigaction");

276

return EX_OSERR;

130

perror("sigaction");

131

return EXIT_FAILURE;

277

132

}

278

if(old_action.sa_handler != SIG_IGN){

133

if (old_action.sa_handler != SIG_IGN){

279

134

ret = sigaction(SIGINT, &new_action, NULL);

280

135

if(ret == -1){

281

error(0, errno, "sigaction");

282

return EX_OSERR;

136

perror("sigaction");

137

return EXIT_FAILURE;

283

138

}

284

139

}

285

140

ret = sigaction(SIGHUP, NULL, &old_action);

286

141

if(ret == -1){

287

error(0, errno, "sigaction");

288

return EX_OSERR;

142

perror("sigaction");

143

return EXIT_FAILURE;

289

144

}

290

if(old_action.sa_handler != SIG_IGN){

145

if (old_action.sa_handler != SIG_IGN){

291

146

ret = sigaction(SIGHUP, &new_action, NULL);

292

147

if(ret == -1){

293

error(0, errno, "sigaction");

294

return EX_OSERR;

148

perror("sigaction");

149

return EXIT_FAILURE;

295

150

}

296

151

}

297

152

ret = sigaction(SIGTERM, NULL, &old_action);

298

153

if(ret == -1){

299

error(0, errno, "sigaction");

300

return EX_OSERR;

154

perror("sigaction");

155

return EXIT_FAILURE;

301

156

}

302

if(old_action.sa_handler != SIG_IGN){

157

if (old_action.sa_handler != SIG_IGN){

303

158

ret = sigaction(SIGTERM, &new_action, NULL);

304

159

if(ret == -1){

305

error(0, errno, "sigaction");

306

return EX_OSERR;

160

perror("sigaction");

161

return EXIT_FAILURE;

307

162

}

308

163

}

309

164

310

165

311

if(debug){

166

if (debug){

312

167

fprintf(stderr, "Removing echo flag from terminal attributes\n");

313

168

}

314

169

315

170

t_new = t_old;

316

t_new.c_lflag &= ~(tcflag_t)ECHO;

317

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

318

int e = errno;

319

error(0, errno, "tcsetattr-echo");

320

switch(e){

321

case EBADF:

322

case ENOTTY:

323

return EX_UNAVAILABLE;

324

case EINVAL:

325

default:

326

return EX_OSERR;

327

}

171

t_new.c_lflag &= ~ECHO;

172

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

173

perror("tcsetattr-echo");

174

return EXIT_FAILURE;

328

175

}

329

330

if(debug){

176

177

if (debug){

331

178

fprintf(stderr, "Waiting for input from stdin \n");

332

179

}

333

180

while(true){

334

if(quit_now){

335

if(debug){

336

fprintf(stderr, "Interrupted by signal, exiting.\n");

337

}

181

if (quit_now){

338

182

status = EXIT_FAILURE;

339

183

break;

340

184

}

341

185

342

186

if(prefix){

343

fprintf(stderr, "%s ", prefix);

344

}

345

{

346

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

347

const char *crypttarget = getenv("CRYPTTAB_NAME");

348

/* Before cryptsetup 1.1.0~rc2 */

349

if(cryptsource == NULL){

350

cryptsource = getenv("cryptsource");

351

}

352

if(crypttarget == NULL){

353

crypttarget = getenv("crypttarget");

354

}

355

const char *const prompt1 = "Unlocking the disk";

356

const char *const prompt2 = "Enter passphrase";

357

if(cryptsource == NULL){

358

if(crypttarget == NULL){

359

fprintf(stderr, "%s to unlock the disk: ", prompt2);

360

} else {

361

fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,

362

prompt2);

363

}

364

} else {

365

if(crypttarget == NULL){

366

fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,

367

prompt2);

368

} else {

369

fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,

370

crypttarget, prompt2);

371

}

372

}

373

}

374

sret = getline(&buffer, &n, stdin);

375

if(sret > 0){

187

fprintf(stderr, "%s Password: ", prefix);

188

} else {

189

fprintf(stderr, "Password: ");

190

}

191

ret = getline(&buffer, &n, stdin);

192

if (ret > 0){

193

fprintf(stdout, "%s", buffer);

376

194

status = EXIT_SUCCESS;

377

/* Make n = data size instead of allocated buffer size */

378

n = (size_t)sret;

379

/* Strip final newline */

380

if(n > 0 and buffer[n-1] == '\n'){

381

buffer[n-1] = '\0'; /* not strictly necessary */

382

n--;

383

}

384

size_t written = 0;

385

while(written < n){

386

sret = write(STDOUT_FILENO, buffer + written, n - written);

387

if(sret < 0){

388

int e = errno;

389

error(0, errno, "write");

390

switch(e){

391

case EBADF:

392

case EFAULT:

393

case EINVAL:

394

case EFBIG:

395

case EIO:

396

case ENOSPC:

397

default:

398

status = EX_IOERR;

399

break;

400

case EINTR:

401

status = EXIT_FAILURE;

402

break;

403

}

404

break;

405

}

406

written += (size_t)sret;

407

}

408

sret = close(STDOUT_FILENO);

409

if(sret == -1){

410

int e = errno;

411

error(0, errno, "close");

412

switch(e){

413

case EBADF:

414

status = EX_OSFILE;

415

break;

416

case EIO:

417

default:

418

status = EX_IOERR;

419

break;

420

}

421

}

422

195

break;

423

196

}

424

if(sret < 0){

425

int e = errno;

426

if(errno != EINTR and not feof(stdin)){

427

error(0, errno, "getline");

428

switch(e){

429

case EBADF:

430

status = EX_UNAVAILABLE;

431

case EIO:

432

case EINVAL:

433

default:

434

status = EX_IOERR;

435

break;

436

}

197

if (ret < 0){

198

if (errno != EINTR and not feof(stdin)){

199

perror("getline");

200

status = EXIT_FAILURE;

437

201

break;

438

202

}

439

203

}

440

/* if(sret == 0), then the only sensible thing to do is to retry to

204

/* if(ret == 0), then the only sensible thing to do is to retry to

441

205

read from stdin */

442

206

fputc('\n', stderr);

443

if(debug and not quit_now){

444

/* If quit_now is nonzero, we were interrupted by a signal, and

445

will print that later, so no need to show this too. */

446

fprintf(stderr, "getline() returned 0, retrying.\n");

447

}

448

207

}

449

208

450

free(buffer);

451

452

if(debug){

209

if (debug){

453

210

fprintf(stderr, "Restoring terminal attributes\n");

454

211

}

455

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

456

error(0, errno, "tcsetattr+echo");

457

}

458

459

if(quit_now){

460

sigemptyset(&old_action.sa_mask);

461

old_action.sa_handler = SIG_DFL;

462

ret = sigaction(signal_received, &old_action, NULL);

463

if(ret == -1){

464

error(0, errno, "sigaction");

465

}

466

raise(signal_received);

467

}

468

469

if(debug){

470

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

471

status);

472

}

473

if(status == EXIT_SUCCESS or status == EX_OK){

474

fputc('\n', stderr);

212

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

213

perror("tcsetattr+echo");

214

}

215

216

if (debug){

217

fprintf(stderr, "%s is exiting\n", argv[0]);

475

218

}

476

219

477

220

return status;

Older »