&COMMANDNAME;

=== modified file 'TODO' --- TODO 2008-08-16 16:58:31 +0000 +++ TODO 2008-08-16 20:31:21 +0000 @@ -3,13 +3,9 @@ * [#A] README file * Plugin-runner -** [#A] Free plugin name and args - [[file:plugin-runner.c::free%20plugin_list][file:plugin-runner.c::free plugin_list]] (both places) -** [#A] Change syntax for arguments ** [#B] Add more comments to code ** [#B] Add more if(debug) calls ** [#B] Seperate more code to function for more readability -** [#B] Make free_plugin_list() function ** [#A] Man page: man8/plugin-runner.8mandos *** DESCRIPTION Describe the plus sign syntax for passing options from crypttab @@ -68,9 +64,6 @@ * Password-prompt ** [#A] Man page: man8/password-prompt.8mandos -** Show getenv("cryptsource") and getenv("crypttarget") if set - cryptsource will be the device, like "/dev/sda3", and crypttarget - will be the device mapper name, like "sda3_crypt". *** DESCRIPTION Move options to new OPTIONS section. *** EXIT STATUS @@ -95,7 +88,6 @@ does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and [[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also [[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]] -** Replace completely with "/lib/cryptsetup/askpass"? * Mandos (server) ** [#A] Command man page: man8/mandos.8 === added file 'mandos-keygen.xml' --- mandos-keygen.xml 1970-01-01 00:00:00 +0000 +++ mandos-keygen.xml 2008-08-16 20:32:58 +0000 @@ -0,0 +1,307 @@ + + + + +]> + + + + &COMMANDNAME; + + &COMMANDNAME; + &VERSION; + + + Björn + Påhlsson +

+ belorn@fukt.bsnet.se +

+ + + Teddy + Hogeborn +

+ teddy@fukt.bsnet.se +

+ + + + 2008 + Teddy Hogeborn & Björn Påhlsson + + + + This manual page is free software: you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, + either version 3 of the License, or (at your option) any + later version. + + + + This manual page is distributed in the hope that it will + be useful, but WITHOUT ANY WARRANTY; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + + + You should have received a copy of the GNU General Public + License along with this program; If not, see + . + + + + + + &COMMANDNAME; + 8 + + + + &COMMANDNAME; + + Generate keys for password-request + 8mandos + + + + + + &COMMANDNAME; + + + directory + + + + type + + + + bits + + + + NAME + + + + EMAIL + + + + COMMENT + + + + TIME + + + + + + + &COMMANDNAME; + + + directory + + + + type + + + + bits + + + + NAME + + + + EMAIL + + + + COMMENT + + + + TIME + + + + + + + &COMMANDNAME; + + + + + + + &COMMANDNAME; + + + + + + + + + DESCRIPTION + + &COMMANDNAME; is a program to generate the + OpenPGP keys used by + password-request + 8mandos. The keys are + normally written to /etc/mandos for later installation into the + initrd image, but this, like most things, can be changed with + command line options. + + + + + OPTIONS + + + + -h, --help + + + Show a help message and exit + + + + + + -d, --dir + directory + + + Target directory for key files. + + + + + + -t, --type + type + + + Key type. Default is DSA. + + + + + + -l, --length + bits + + + Key length in bits. Default is 1024. + + + + + + -e, --email + address + + + Email address of key. Default is empty. + + + + + + -c, --comment + comment + + + Comment field for key. The default value is + "Mandos client key". + + + + + + -x, --expire + time + + + Key expire time. Default is no expiration. See + gpg + 1 for syntax. + + + + + + -f, --force + + + Force overwriting old keys. + + + + + + + + EXIT STATUS + + + + + + FILES + + + + + + NOTES + + + + + + BUGS + + + + + + EXAMPLES + + + + + + SECURITY + + + + + + SEE ALSO + + password-request + 8mandos, + mandos + 8, and + gpg + 1 + + + + === modified file 'mandos.xml' --- mandos.xml 2008-08-10 00:18:25 +0000 +++ mandos.xml 2008-08-16 20:31:21 +0000 @@ -104,6 +104,10 @@ clients. Any authenticated client is then given its encrypted password. + + + + OPTIONS @@ -203,7 +207,55 @@ - + + + EXIT STATUS + + + + + + FILES + + + + + + NOTES + + + + + + BUGS + + + + + + EXAMPLES + + + + + + SECURITY + + + + + + SEE ALSO + + plugin-runner + 8mandos, + password-request + 8mandos and + password-prompt + 8mandos + + + === modified file 'plugin-runner.c' --- plugin-runner.c 2008-08-16 03:29:08 +0000 +++ plugin-runner.c 2008-08-16 18:15:07 +0000 @@ -105,7 +105,12 @@ if (new_plugin == NULL){ return NULL; } - *new_plugin = (plugin) { .name = name, + char *copy_name = strdup(name); + if(copy_name == NULL){ + return NULL; + } + + *new_plugin = (plugin) { .name = copy_name, .argc = 1, .envc = 0, .disabled = false, @@ -116,7 +121,7 @@ free(new_plugin); return NULL; } - new_plugin->argv[0] = name; + new_plugin->argv[0] = copy_name; new_plugin->argv[1] = NULL; new_plugin->environ = malloc(sizeof(char *)); @@ -246,6 +251,22 @@ return argv; } +static void free_plugin_list(plugin *plugin_list){ + for(plugin *next = plugin_list; plugin_list != NULL; plugin_list = next){ + next = plugin_list->next; + free(plugin_list->name); + for(char **arg = plugin_list->argv; *arg != NULL; arg++){ + free(*arg); + } + free(plugin_list->argv); + for(char **env = plugin_list->environ; *env != NULL; env++){ + free(*env); + } + free(plugin_list->environ); + free(plugin_list); + } +} + int main(int argc, char *argv[]){ const char *plugindir = "/lib/mandos/plugins.d"; const char *argfile = ARGFILE; @@ -269,14 +290,16 @@ /* Establish a signal handler */ sigemptyset(&sigchld_action.sa_mask); ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD); - if(ret < 0){ + if(ret == -1){ perror("sigaddset"); - exit(EXIT_FAILURE); + exitstatus = EXIT_FAILURE; + goto fallback; } ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action); - if(ret < 0){ + if(ret == -1){ perror("sigaction"); - exit(EXIT_FAILURE); + exitstatus = EXIT_FAILURE; + goto fallback; } /* The options we understand. */ @@ -428,15 +451,15 @@ if (ret == ARGP_ERR_UNKNOWN){ fprintf(stderr, "Unknown error while parsing arguments\n"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } conffp = fopen(argfile, "r"); if(conffp != NULL){ char *org_line = NULL; + char *p, *arg, *new_arg, *line; size_t size = 0; ssize_t sret; - char *p, *arg, *new_arg, *line; const char whitespace_delims[] = " \r\t\f\v\n"; const char comment_delim[] = "#"; @@ -457,7 +480,7 @@ if (custom_argv == NULL){ perror("add_to_argv"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } } } @@ -468,7 +491,7 @@ if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){ perror("fopen"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } } @@ -478,7 +501,7 @@ if (ret == ARGP_ERR_UNKNOWN){ fprintf(stderr, "Unknown error while parsing arguments\n"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } } @@ -510,7 +533,7 @@ if(dir == NULL){ perror("Could not open plugin dir"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } /* Set the FD_CLOEXEC flag on the directory, if possible */ @@ -521,7 +544,7 @@ if(ret < 0){ perror("set_cloexec_flag"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } } } @@ -536,7 +559,7 @@ if (errno == EBADF){ perror("readdir"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } break; } @@ -662,33 +685,33 @@ if (ret == -1){ perror("pipe"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } ret = set_cloexec_flag(pipefd[0]); if(ret < 0){ perror("set_cloexec_flag"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } ret = set_cloexec_flag(pipefd[1]); if(ret < 0){ perror("set_cloexec_flag"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } /* Block SIGCHLD until process is safely in process list */ ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL); if(ret < 0){ perror("sigprocmask"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } // Starting a new process to be watched pid_t pid = fork(); if(pid == -1){ perror("fork"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } if(pid == 0){ /* this is the child process */ @@ -738,7 +761,7 @@ perror("sigprocmask"); } exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } *new_process = (struct process){ .pid = pid, @@ -752,7 +775,7 @@ if(ret < 0){ perror("sigprocmask"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } FD_SET(new_process->fd, &rfds_all); @@ -763,17 +786,7 @@ } - /* Free the plugin list */ - for(plugin *next; plugin_list != NULL; plugin_list = next){ - next = plugin_list->next; - free(plugin_list->argv); - if(plugin_list->environ[0] != NULL){ - for(char **e = plugin_list->environ; *e != NULL; e++){ - free(*e); - } - } - free(plugin_list); - } + free_plugin_list(plugin_list); closedir(dir); dir = NULL; @@ -789,7 +802,7 @@ if (select_ret == -1){ perror("select"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } /* OK, now either a process completed, or something can be read from one of them */ @@ -821,7 +834,7 @@ if(ret < 0){ perror("sigprocmask"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } /* Delete this process entry from the list */ if(process_list == proc){ @@ -856,7 +869,7 @@ perror("print_out_password"); exitstatus = EXIT_FAILURE; } - goto end; + goto fallback; } /* This process has not completed. Does it have any output? */ if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ @@ -870,7 +883,7 @@ if (proc->buffer == NULL){ perror("malloc"); exitstatus = EXIT_FAILURE; - goto end; + goto fallback; } proc->buffer_size += BUFFER_SIZE; } @@ -891,7 +904,7 @@ } - end: + fallback: if(process_list == NULL or exitstatus != EXIT_SUCCESS){ /* Fallback if all plugins failed, none are found or an error occured */ @@ -902,27 +915,23 @@ if(not bret){ perror("print_out_password"); exitstatus = EXIT_FAILURE; - goto end; } } /* Restore old signal handler */ - sigaction(SIGCHLD, &old_sigchld_action, NULL); - - free(custom_argv); - - /* Free the plugin list */ - for(plugin *next; plugin_list != NULL; plugin_list = next){ - next = plugin_list->next; - free(plugin_list->argv); - if(plugin_list->environ[0] != NULL){ - for(char **e = plugin_list->environ; *e != NULL; e++){ - free(*e); - } + ret = sigaction(SIGCHLD, &old_sigchld_action, NULL); + if(ret == -1){ + perror("sigaction"); + exitstatus = EXIT_FAILURE; + } + + if(custom_argv != NULL){ + for(char **arg = custom_argv; *arg != NULL; arg++){ + free(*arg); } - free(plugin_list->environ); - free(plugin_list); + free(custom_argv); } + free_plugin_list(plugin_list); if(dir != NULL){ closedir(dir); === modified file 'plugin-runner.xml' --- plugin-runner.xml 2008-08-14 02:24:59 +0000 +++ plugin-runner.xml 2008-08-16 20:31:21 +0000 @@ -230,31 +230,31 @@ FILES - + NOTES - + BUGS - + EXAMPLES - + SECURITY - + @@ -263,9 +263,11 @@ mandos 8, password-request - 8mandos and + 8mandos, password-prompt - 8mandos + 8mandos, and + cryptsetup + 8 === modified file 'plugins.d/password-prompt.xml' --- plugins.d/password-prompt.xml 2008-08-10 00:07:24 +0000 +++ plugins.d/password-prompt.xml 2008-08-16 20:31:21 +0000 @@ -101,6 +101,14 @@ when a password is given it then gets forwarded to LUKS. + + + + OPTIONS + + Commonly not invoked as command lines but from configuration + file of plugin runner. + @@ -150,4 +158,47 @@ + + + EXIT STATUS + + + + + + NOTES + + + + + + BUGS + + + + + + EXAMPLES + + + + + + SECURITY + + + + + + SEE ALSO + + mandos + 8, + plugin-runner + 8mandos and + password-request + 8mandos + + + === modified file 'plugins.d/password-request.xml' --- plugins.d/password-request.xml 2008-08-10 00:07:24 +0000 +++ plugins.d/password-request.xml 2008-08-16 20:31:21 +0000 @@ -105,6 +105,14 @@ passwords given is automaticly decrypted and passed to cryptsetup. + + + + OPTIONS + + Commonly not invoked as command lines but from configuration + file of plugin runner. + @@ -214,4 +222,52 @@ + + + EXIT STATUS + + + + + + FILES + + + + + + NOTES + + + + + + BUGS + + + + + + EXAMPLES + + + + + + SECURITY + + + + + + SEE ALSO + + mandos + 8, + plugin-runner + 8mandos and + password-prompt + 8mandos + +