/mandos/release : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-keygen.xml

mandos-options.xml

mandos.lsm

overview.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8 -*- */

* Password-prompt - Read a password from the terminal and print it

* Passprompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getopt_long, getenv() */

getopt_long */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), perror(), fputc(),

stdout, getopt_long */

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

volatile sig_atomic_t quit_now = 0;

volatile bool quit_now = false;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_version = "password-prompt 1.0";

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

static void termination_handler(__attribute__((unused))int signum){

quit_now = 1;

quit_now = true;

}

int main(int argc, char **argv){

struct argp_option options[] = {

{ .name = "prefix", .key = 'p',

.arg = "PREFIX", .flags = 0,

.doc = "Prefix shown before the prompt", .group = 2 },

.doc = "Prefix used before the passprompt", .group = 2 },

{ .name = "debug", .key = 128,

.doc = "Debug mode", .group = 3 },

{ .name = NULL }

};

error_t parse_opt (int key, char *arg, struct argp_state *state){

switch (key){

error_t parse_opt (int key, char *arg, struct argp_state *state) {

/* Get the INPUT argument from `argp_parse', which we know is a

pointer to our plugin list pointer. */

switch (key) {

case 'p':

prefix = arg;

break;

debug = true;

break;

case ARGP_KEY_ARG:

argp_usage(state);

argp_usage (state);

break;

case ARGP_KEY_END:

break;

}

100

return 0;

100

101

}

101

102

103

struct argp argp = { .options = options, .parser = parse_opt,

103

104

.args_doc = "",

104

.doc = "Mandos password-prompt -- Read and"

105

" output a password" };

106

ret = argp_parse(&argp, argc, argv, 0, 0, NULL);

107

if(ret == ARGP_ERR_UNKNOWN){

105

.doc = "Mandos Passprompt -- Provides a passprompt" };

106

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

107

if (ret == ARGP_ERR_UNKNOWN){

108

fprintf(stderr, "Unknown error while parsing arguments\n");

109

return EXIT_FAILURE;

110

}

111

}

112

113

if(debug){

112

113

if (debug){

114

fprintf(stderr, "Starting %s\n", argv[0]);

115

}

116

if(debug){

116

if (debug){

117

fprintf(stderr, "Storing current terminal attributes\n");

118

}

119

120

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

121

perror("tcgetattr");

120

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

122

121

return EXIT_FAILURE;

123

122

}

124

123

131

130

perror("sigaction");

132

131

return EXIT_FAILURE;

133

132

}

134

if(old_action.sa_handler != SIG_IGN){

133

if (old_action.sa_handler != SIG_IGN){

135

134

ret = sigaction(SIGINT, &new_action, NULL);

136

135

if(ret == -1){

137

136

perror("sigaction");

143

142

perror("sigaction");

144

143

return EXIT_FAILURE;

145

144

}

146

if(old_action.sa_handler != SIG_IGN){

145

if (old_action.sa_handler != SIG_IGN){

147

146

ret = sigaction(SIGHUP, &new_action, NULL);

148

147

if(ret == -1){

149

148

perror("sigaction");

155

154

perror("sigaction");

156

155

return EXIT_FAILURE;

157

156

}

158

if(old_action.sa_handler != SIG_IGN){

157

if (old_action.sa_handler != SIG_IGN){

159

158

ret = sigaction(SIGTERM, &new_action, NULL);

160

159

if(ret == -1){

161

160

perror("sigaction");

164

163

}

165

164

166

165

167

if(debug){

166

if (debug){

168

167

fprintf(stderr, "Removing echo flag from terminal attributes\n");

169

168

}

170

169

171

170

t_new = t_old;

172

171

t_new.c_lflag &= ~ECHO;

173

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

172

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

174

173

perror("tcsetattr-echo");

175

174

return EXIT_FAILURE;

176

175

}

177

176

178

if(debug){

177

if (debug){

179

178

fprintf(stderr, "Waiting for input from stdin \n");

180

179

}

181

180

while(true){

182

if(quit_now){

183

if(debug){

184

fprintf(stderr, "Interrupted by signal, exiting.\n");

185

}

181

if (quit_now){

186

182

status = EXIT_FAILURE;

187

183

break;

188

184

}

189

185

190

186

if(prefix){

191

fprintf(stderr, "%s ", prefix);

192

}

193

{

194

const char *cryptsource = getenv("cryptsource");

195

const char *crypttarget = getenv("crypttarget");

196

const char *const prompt

197

= "Enter passphrase to unlock the disk";

198

if(cryptsource == NULL){

199

if(crypttarget == NULL){

200

fprintf(stderr, "%s: ", prompt);

201

} else {

202

fprintf(stderr, "%s (%s): ", prompt, crypttarget);

203

}

204

} else {

205

if(crypttarget == NULL){

206

fprintf(stderr, "%s %s: ", prompt, cryptsource);

207

} else {

208

fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,

209

crypttarget);

210

}

211

}

212

}

187

fprintf(stderr, "%s Password: ", prefix);

188

} else {

189

fprintf(stderr, "Password: ");

190

}

213

191

ret = getline(&buffer, &n, stdin);

214

if(ret > 0){

192

if (ret > 0){

193

fprintf(stdout, "%s", buffer);

215

194

status = EXIT_SUCCESS;

216

/* Make n = data size instead of allocated buffer size */

217

n = (size_t)ret;

218

/* Strip final newline */

219

if(n>0 and buffer[n-1] == '\n'){

220

buffer[n-1] = '\0'; /* not strictly necessary */

221

n--;

222

}

223

size_t written = 0;

224

while(written < n){

225

ret = write(STDOUT_FILENO, buffer + written, n - written);

226

if(ret < 0){

227

perror("write");

228

status = EXIT_FAILURE;

229

break;

230

}

231

written += (size_t)ret;

232

}

233

195

break;

234

196

}

235

if(ret < 0){

236

if(errno != EINTR and not feof(stdin)){

197

if (ret < 0){

198

if (errno != EINTR and not feof(stdin)){

237

199

perror("getline");

238

200

status = EXIT_FAILURE;

239

201

break;

242

204

/* if(ret == 0), then the only sensible thing to do is to retry to

243

205

read from stdin */

244

206

fputc('\n', stderr);

245

if(debug and quit_now == 0){

246

/* If quit_now is nonzero, we were interrupted by a signal, and

247

will print that later, so no need to show this too. */

248

fprintf(stderr, "getline() returned 0, retrying.\n");

249

}

250

207

}

251

208

252

free(buffer);

253

254

if(debug){

209

if (debug){

255

210

fprintf(stderr, "Restoring terminal attributes\n");

256

211

}

257

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

212

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

258

213

perror("tcsetattr+echo");

259

214

}

260

215

261

if(debug){

262

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

263

status);

264

}

265

if(status == EXIT_SUCCESS){

266

fputc('\n', stderr);

216

if (debug){

217

fprintf(stderr, "%s is exiting\n", argv[0]);

267

218

}

268

219

269

220

return status;

Older »