bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
1 |
/* -*- coding: utf-8 -*- */
|
2 |
/*
|
|
|
261
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header. |
3 |
* Askpass-FIFO - Read a password from a FIFO and output it
|
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
4 |
*
|
|
979
by Teddy Hogeborn
Update copyright year to 2019 |
5 |
* Copyright © 2008-2019 Teddy Hogeborn
|
6 |
* Copyright © 2008-2019 Björn Påhlsson
|
|
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
7 |
*
|
|
907
by Teddy Hogeborn
Alter copyright notices slightly. Actual license is unchanged! |
8 |
* This file is part of Mandos.
|
9 |
*
|
|
10 |
* Mandos is free software: you can redistribute it and/or modify it
|
|
11 |
* under the terms of the GNU General Public License as published by
|
|
12 |
* the Free Software Foundation, either version 3 of the License, or
|
|
13 |
* (at your option) any later version.
|
|
14 |
*
|
|
15 |
* Mandos is distributed in the hope that it will be useful, but
|
|
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
16 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
17 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
18 |
* General Public License for more details.
|
|
19 |
*
|
|
20 |
* You should have received a copy of the GNU General Public License
|
|
|
907
by Teddy Hogeborn
Alter copyright notices slightly. Actual license is unchanged! |
21 |
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
|
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
22 |
*
|
|
505.1.2
by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout. |
23 |
* Contact the authors at <mandos@recompile.se>.
|
|
237.1.2
by Teddy Hogeborn
Further steps towards a D-Bus server interface, plus minor syntax |
24 |
*/
|
25 |
||
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
26 |
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */ |
|
731
by Teddy Hogeborn
askpass-fifo: Lower privileges after opening FIFO. |
27 |
#include <sys/types.h> /* uid_t, gid_t, ssize_t */ |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
28 |
#include <sys/stat.h> /* mkfifo(), S_IRUSR, S_IWUSR */ |
29 |
#include <iso646.h> /* and */ |
|
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
30 |
#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP, |
31 |
ENAMETOOLONG, ENOSPC, EROFS, |
|
32 |
ENOENT, EEXIST, EFAULT, EMFILE, |
|
33 |
ENFILE, ENOMEM, EBADF, EINVAL, EIO, |
|
34 |
EISDIR, EFBIG */ |
|
|
24.1.155
by Björn Påhlsson
mandos server: Added debuglevel that adjust at what level information |
35 |
#include <error.h> /* error() */ |
|
485
by Teddy Hogeborn
Merge from Björn. |
36 |
#include <stdio.h> /* fprintf(), vfprintf(), |
37 |
vasprintf() */ |
|
|
355
by Teddy Hogeborn
* mandos: White-space fixes only. |
38 |
#include <stdlib.h> /* EXIT_FAILURE, NULL, size_t, free(), |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
39 |
realloc(), EXIT_SUCCESS */ |
40 |
#include <fcntl.h> /* open(), O_RDONLY */ |
|
41 |
#include <unistd.h> /* read(), close(), write(), |
|
42 |
STDOUT_FILENO */ |
|
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
43 |
#include <sysexits.h> /* EX_OSERR, EX_OSFILE, |
44 |
EX_UNAVAILABLE, EX_IOERR */ |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
45 |
#include <string.h> /* strerror() */ |
46 |
#include <stdarg.h> /* va_list, va_start(), ... */ |
|
47 |
||
|
731
by Teddy Hogeborn
askpass-fifo: Lower privileges after opening FIFO. |
48 |
uid_t uid = 65534; |
49 |
gid_t gid = 65534; |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
50 |
|
51 |
/* Function to use when printing errors */
|
|
|
533
by teddy at bsnet
* plugins.d/splashy.c (error_plus): Check format string. |
52 |
__attribute__((format (gnu_printf, 3, 4))) |
|
485
by Teddy Hogeborn
Merge from Björn. |
53 |
void error_plus(int status, int errnum, const char *formatstring, |
54 |
...){ |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
55 |
va_list ap; |
56 |
char *text; |
|
57 |
int ret; |
|
58 |
|
|
59 |
va_start(ap, formatstring); |
|
60 |
ret = vasprintf(&text, formatstring, ap); |
|
|
670
by Teddy Hogeborn
White space fix: change "if (" to "if(" in C code. |
61 |
if(ret == -1){ |
|
485
by Teddy Hogeborn
Merge from Björn. |
62 |
fprintf(stderr, "Mandos plugin %s: ", |
63 |
program_invocation_short_name); |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
64 |
vfprintf(stderr, formatstring, ap); |
65 |
fprintf(stderr, ": "); |
|
66 |
fprintf(stderr, "%s\n", strerror(errnum)); |
|
67 |
error(status, errno, "vasprintf while printing error"); |
|
|
975
by Teddy Hogeborn
Fix warnings from -Wimplicit-fallthrough |
68 |
if(status){ |
69 |
__builtin_unreachable(); |
|
70 |
} |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
71 |
return; |
72 |
} |
|
73 |
fprintf(stderr, "Mandos plugin "); |
|
74 |
error(status, errnum, "%s", text); |
|
|
975
by Teddy Hogeborn
Fix warnings from -Wimplicit-fallthrough |
75 |
if(status){ |
76 |
__builtin_unreachable(); |
|
77 |
} |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
78 |
free(text); |
79 |
}
|
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
80 |
|
81 |
int main(__attribute__((unused))int argc, |
|
82 |
__attribute__((unused))char **argv){ |
|
83 |
int ret = 0; |
|
84 |
ssize_t sret; |
|
85 |
|
|
|
731
by Teddy Hogeborn
askpass-fifo: Lower privileges after opening FIFO. |
86 |
uid = getuid(); |
87 |
gid = getgid(); |
|
88 |
|
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
89 |
/* Create FIFO */ |
90 |
const char passfifo[] = "/lib/cryptsetup/passfifo"; |
|
|
369
by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added |
91 |
ret = mkfifo(passfifo, S_IRUSR | S_IWUSR); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
92 |
if(ret == -1){ |
93 |
int e = errno; |
|
94 |
switch(e){ |
|
95 |
case EACCES: |
|
96 |
case ENOTDIR: |
|
97 |
case ELOOP: |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
98 |
error_plus(EX_OSFILE, errno, "mkfifo"); |
|
975
by Teddy Hogeborn
Fix warnings from -Wimplicit-fallthrough |
99 |
__builtin_unreachable(); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
100 |
case ENAMETOOLONG: |
101 |
case ENOSPC: |
|
102 |
case EROFS: |
|
103 |
default: |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
104 |
error_plus(EX_OSERR, errno, "mkfifo"); |
|
975
by Teddy Hogeborn
Fix warnings from -Wimplicit-fallthrough |
105 |
__builtin_unreachable(); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
106 |
case ENOENT: |
|
479
by Teddy Hogeborn
* plugins.d/askpass-fifo.c (main): Don't print message if FIFO exists. |
107 |
/* no "/lib/cryptsetup"? */ |
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
108 |
error_plus(EX_UNAVAILABLE, errno, "mkfifo"); |
|
975
by Teddy Hogeborn
Fix warnings from -Wimplicit-fallthrough |
109 |
__builtin_unreachable(); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
110 |
case EEXIST: |
111 |
break; /* not an error */ |
|
112 |
} |
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
113 |
} |
114 |
|
|
115 |
/* Open FIFO */ |
|
|
369
by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added |
116 |
int fifo_fd = open(passfifo, O_RDONLY); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
117 |
if(fifo_fd == -1){ |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
118 |
int e = errno; |
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
119 |
error_plus(0, errno, "open"); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
120 |
switch(e){ |
121 |
case EACCES: |
|
122 |
case ENOENT: |
|
123 |
case EFAULT: |
|
124 |
return EX_UNAVAILABLE; |
|
125 |
case ENAMETOOLONG: |
|
126 |
case EMFILE: |
|
127 |
case ENFILE: |
|
128 |
case ENOMEM: |
|
129 |
default: |
|
130 |
return EX_OSERR; |
|
131 |
case ENOTDIR: |
|
132 |
case ELOOP: |
|
133 |
return EX_OSFILE; |
|
134 |
} |
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
135 |
} |
136 |
|
|
|
731
by Teddy Hogeborn
askpass-fifo: Lower privileges after opening FIFO. |
137 |
/* Lower group privileges */ |
138 |
if(setgid(gid) == -1){ |
|
139 |
error_plus(0, errno, "setgid"); |
|
140 |
} |
|
141 |
|
|
142 |
/* Lower user privileges */ |
|
143 |
if(setuid(uid) == -1){ |
|
144 |
error_plus(0, errno, "setuid"); |
|
145 |
} |
|
146 |
|
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
147 |
/* Read from FIFO */ |
148 |
char *buf = NULL; |
|
149 |
size_t buf_len = 0; |
|
150 |
{ |
|
151 |
size_t buf_allocated = 0; |
|
152 |
const size_t blocksize = 1024; |
|
|
363
by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes. |
153 |
do { |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
154 |
if(buf_len + blocksize > buf_allocated){ |
155 |
char *tmp = realloc(buf, buf_allocated + blocksize); |
|
156 |
if(tmp == NULL){ |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
157 |
error_plus(0, errno, "realloc"); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
158 |
free(buf); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
159 |
return EX_OSERR; |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
160 |
} |
161 |
buf = tmp; |
|
162 |
buf_allocated += blocksize; |
|
163 |
} |
|
|
369
by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added |
164 |
sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
165 |
if(sret == -1){ |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
166 |
int e = errno; |
167 |
free(buf); |
|
168 |
errno = e; |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
169 |
error_plus(0, errno, "read"); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
170 |
switch(e){ |
171 |
case EBADF: |
|
172 |
case EFAULT: |
|
173 |
case EINVAL: |
|
174 |
default: |
|
175 |
return EX_OSERR; |
|
176 |
case EIO: |
|
177 |
return EX_IOERR; |
|
178 |
case EISDIR: |
|
179 |
return EX_UNAVAILABLE; |
|
180 |
} |
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
181 |
} |
182 |
buf_len += (size_t)sret; |
|
|
363
by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes. |
183 |
} while(sret != 0); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
184 |
} |
185 |
|
|
186 |
/* Close FIFO */ |
|
|
369
by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added |
187 |
close(fifo_fd); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
188 |
|
189 |
/* Print password to stdout */ |
|
190 |
size_t written = 0; |
|
191 |
while(written < buf_len){ |
|
|
369
by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added |
192 |
sret = write(STDOUT_FILENO, buf + written, buf_len - written); |
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
193 |
if(sret == -1){ |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
194 |
int e = errno; |
195 |
free(buf); |
|
196 |
errno = e; |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
197 |
error_plus(0, errno, "write"); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
198 |
switch(e){ |
199 |
case EBADF: |
|
200 |
case EFAULT: |
|
201 |
case EINVAL: |
|
202 |
return EX_OSFILE; |
|
203 |
case EFBIG: |
|
204 |
case EIO: |
|
205 |
case ENOSPC: |
|
206 |
default: |
|
207 |
return EX_IOERR; |
|
208 |
} |
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
209 |
} |
210 |
written += (size_t)sret; |
|
211 |
} |
|
212 |
free(buf); |
|
213 |
|
|
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
214 |
ret = close(STDOUT_FILENO); |
215 |
if(ret == -1){ |
|
216 |
int e = errno; |
|
|
24.1.174
by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library. |
217 |
error_plus(0, errno, "close"); |
|
390
by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Do close(STDOUT_FILENO) before exiting to |
218 |
switch(e){ |
219 |
case EBADF: |
|
220 |
return EX_OSFILE; |
|
221 |
case EIO: |
|
222 |
default: |
|
223 |
return EX_IOERR; |
|
224 |
} |
|
225 |
} |
|
|
214
by Teddy Hogeborn
* Makefile (PLUGINS): Added "plugins.d/askpass-fifo". |
226 |
return EXIT_SUCCESS; |
227 |
}
|