/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

/* -*- coding: utf-8 -*- */

* Password-prompt - Read a password from the terminal and print it

* Passprompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* getline(), asprintf() */

#define _GNU_SOURCE /* getline() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

tcgetattr(), ECHO */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

SIGQUIT, SIGHUP, SIGTERM */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

getopt_long, getenv() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc()

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

stdin, feof(), perror(), fputc(),

stdout, getopt_long */

#include <errno.h> /* errno, EINVAL */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat() */

#include <string.h> /* strlen, rindex, memcmp */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

volatile bool quit_now = false;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_version = "password-prompt 1.0";

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

/* Needed for conflic resolution */

const char plymouthd_path[] = "/sbin/plymouth";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

}

bool conflict_detection(void){

/* plymouth conflicts with password-promt since both want to control the

associated terminal. Password-prompt exit since plymouth perferms the same

functionallity.

int is_plymouth(const struct dirent *proc_entry){

int ret;

{

uintmax_t maxvalue;

char *tmp;

errno = 0;

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

if(errno != 0 or *tmp != '\0'

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

return 0;

}

char exe_target[sizeof(plymouthd_path)];

100

char *exe_link;

101

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

102

if(ret == -1){

103

error(0, errno, "asprintf");

104

return 0;

105

}

106

107

struct stat exe_stat;

108

ret = lstat(exe_link, &exe_stat);

109

if(ret == -1){

110

free(exe_link);

111

if(errno != ENOENT){

112

error(0, errno, "lstat");

113

}

114

return 0;

115

}

116

117

if(not S_ISLNK(exe_stat.st_mode)

118

or exe_stat.st_uid != 0

119

or exe_stat.st_gid != 0){

120

free(exe_link);

121

return 0;

122

}

123

124

ssize_t sret = readlink(exe_link, exe_target, sizeof(exe_target));

125

free(exe_link);

126

if((sret != (ssize_t)sizeof(plymouthd_path)-1) or

127

(memcmp(plymouthd_path, exe_target,

128

sizeof(plymouthd_path)-1) != 0)){

129

return 0;

130

}

131

return 1;

132

}

133

134

struct dirent **direntries;

135

int ret;

136

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

137

if (ret == -1){

138

error(1, errno, "scandir");

139

}

140

if (ret < 0){

141

return 1;

142

} else {

143

return 0;

144

}

145

}

146

static void termination_handler(__attribute__((unused))int signum){

quit_now = true;

}

147

148

int main(int argc, char **argv){

149

ssize_t sret;

150

int ret;

ssize_t ret;

151

size_t n;

152

struct termios t_new, t_old;

153

char *buffer = NULL;

163

.doc = "Prefix shown before the prompt", .group = 2 },

164

{ .name = "debug", .key = 128,

165

.doc = "Debug mode", .group = 3 },

166

167

* These reproduce what we would get without ARGP_NO_HELP

168

169

{ .name = "help", .key = '?',

170

.doc = "Give this help list", .group = -1 },

171

{ .name = "usage", .key = -3,

172

.doc = "Give a short usage message", .group = -1 },

173

{ .name = "version", .key = 'V',

174

.doc = "Print program version", .group = -1 },

175

{ .name = NULL }

176

};

177

178

error_t parse_opt (int key, char *arg, struct argp_state *state){

179

errno = 0;

180

switch (key){

error_t parse_opt (int key, char *arg, struct argp_state *state) {

/* Get the INPUT argument from `argp_parse', which we know is a

pointer to our plugin list pointer. */

switch (key) {

181

case 'p':

182

prefix = arg;

183

break;

184

case 128:

185

debug = true;

186

break;

187

188

* These reproduce what we would get without ARGP_NO_HELP

189

190

case '?': /* --help */

191

argp_state_help(state, state->out_stream,

192

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

193

& ~(unsigned int)ARGP_HELP_EXIT_OK);

194

case -3: /* --usage */

195

argp_state_help(state, state->out_stream,

196

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

197

case 'V': /* --version */

198

fprintf(state->out_stream, "%s\n", argp_program_version);

199

exit(argp_err_exit_status);

case ARGP_KEY_ARG:

argp_usage (state);

break;

case ARGP_KEY_END:

200

break;

201

default:

202

return ARGP_ERR_UNKNOWN;

203

}

204

return errno;

100

return 0;

205

101

}

206

102

207

103

struct argp argp = { .options = options, .parser = parse_opt,

208

104

.args_doc = "",

209

105

.doc = "Mandos password-prompt -- Read and"

210

106

" output a password" };

211

ret = argp_parse(&argp, argc, argv,

212

ARGP_IN_ORDER | ARGP_NO_HELP, NULL, NULL);

213

switch(ret){

214

case 0:

215

break;

216

case ENOMEM:

217

default:

218

errno = ret;

219

error(0, errno, "argp_parse");

220

return EX_OSERR;

221

case EINVAL:

222

return EX_USAGE;

107

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

108

if (ret == ARGP_ERR_UNKNOWN){

109

fprintf(stderr, "Unknown error while parsing arguments\n");

110

return EXIT_FAILURE;

223

111

}

224

112

}

225

226

if(debug){

113

114

if (debug){

227

115

fprintf(stderr, "Starting %s\n", argv[0]);

228

116

}

229

230

if (conflict_detection()){

231

if(debug){

232

fprintf(stderr, "Stopping %s because of conflict", argv[0]);

233

}

234

return EXIT_FAILURE;

235

}

236

237

if(debug){

117

if (debug){

238

118

fprintf(stderr, "Storing current terminal attributes\n");

239

119

}

240

120

241

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

242

int e = errno;

243

error(0, errno, "tcgetattr");

244

switch(e){

245

case EBADF:

246

case ENOTTY:

247

return EX_UNAVAILABLE;

248

default:

249

return EX_OSERR;

250

}

121

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

122

perror("tcgetattr");

123

return EXIT_FAILURE;

251

124

}

252

125

253

126

sigemptyset(&new_action.sa_mask);

254

ret = sigaddset(&new_action.sa_mask, SIGINT);

255

if(ret == -1){

256

error(0, errno, "sigaddset");

257

return EX_OSERR;

258

}

259

ret = sigaddset(&new_action.sa_mask, SIGHUP);

260

if(ret == -1){

261

error(0, errno, "sigaddset");

262

return EX_OSERR;

263

}

264

ret = sigaddset(&new_action.sa_mask, SIGTERM);

265

if(ret == -1){

266

error(0, errno, "sigaddset");

267

return EX_OSERR;

268

}

269

/* Need to check if the handler is SIG_IGN before handling:

270

| [[info:libc:Initial Signal Actions]] |

271

| [[info:libc:Basic Signal Handling]] |

272

127

sigaddset(&new_action.sa_mask, SIGINT);

128

sigaddset(&new_action.sa_mask, SIGHUP);

129

sigaddset(&new_action.sa_mask, SIGTERM);

273

130

ret = sigaction(SIGINT, NULL, &old_action);

274

131

if(ret == -1){

275

error(0, errno, "sigaction");

276

return EX_OSERR;

132

perror("sigaction");

133

return EXIT_FAILURE;

277

134

}

278

if(old_action.sa_handler != SIG_IGN){

135

if (old_action.sa_handler != SIG_IGN){

279

136

ret = sigaction(SIGINT, &new_action, NULL);

280

137

if(ret == -1){

281

error(0, errno, "sigaction");

282

return EX_OSERR;

138

perror("sigaction");

139

return EXIT_FAILURE;

283

140

}

284

141

}

285

142

ret = sigaction(SIGHUP, NULL, &old_action);

286

143

if(ret == -1){

287

error(0, errno, "sigaction");

288

return EX_OSERR;

144

perror("sigaction");

145

return EXIT_FAILURE;

289

146

}

290

if(old_action.sa_handler != SIG_IGN){

147

if (old_action.sa_handler != SIG_IGN){

291

148

ret = sigaction(SIGHUP, &new_action, NULL);

292

149

if(ret == -1){

293

error(0, errno, "sigaction");

294

return EX_OSERR;

150

perror("sigaction");

151

return EXIT_FAILURE;

295

152

}

296

153

}

297

154

ret = sigaction(SIGTERM, NULL, &old_action);

298

155

if(ret == -1){

299

error(0, errno, "sigaction");

300

return EX_OSERR;

156

perror("sigaction");

157

return EXIT_FAILURE;

301

158

}

302

if(old_action.sa_handler != SIG_IGN){

159

if (old_action.sa_handler != SIG_IGN){

303

160

ret = sigaction(SIGTERM, &new_action, NULL);

304

161

if(ret == -1){

305

error(0, errno, "sigaction");

306

return EX_OSERR;

162

perror("sigaction");

163

return EXIT_FAILURE;

307

164

}

308

165

}

309

166

310

167

311

if(debug){

168

if (debug){

312

169

fprintf(stderr, "Removing echo flag from terminal attributes\n");

313

170

}

314

171

315

172

t_new = t_old;

316

t_new.c_lflag &= ~(tcflag_t)ECHO;

317

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

318

int e = errno;

319

error(0, errno, "tcsetattr-echo");

320

switch(e){

321

case EBADF:

322

case ENOTTY:

323

return EX_UNAVAILABLE;

324

case EINVAL:

325

default:

326

return EX_OSERR;

327

}

173

t_new.c_lflag &= ~ECHO;

174

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

175

perror("tcsetattr-echo");

176

return EXIT_FAILURE;

328

177

}

329

330

if(debug){

178

179

if (debug){

331

180

fprintf(stderr, "Waiting for input from stdin \n");

332

181

}

333

182

while(true){

334

if(quit_now){

183

if (quit_now){

335

184

if(debug){

336

185

fprintf(stderr, "Interrupted by signal, exiting.\n");

337

186

}

343

192

fprintf(stderr, "%s ", prefix);

344

193

}

345

194

{

346

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

347

const char *crypttarget = getenv("CRYPTTAB_NAME");

348

/* Before cryptsetup 1.1.0~rc2 */

349

if(cryptsource == NULL){

350

cryptsource = getenv("cryptsource");

351

}

352

if(crypttarget == NULL){

353

crypttarget = getenv("crypttarget");

354

}

355

const char *const prompt1 = "Unlocking the disk";

356

const char *const prompt2 = "Enter passphrase";

195

const char *cryptsource = getenv("cryptsource");

196

const char *crypttarget = getenv("crypttarget");

197

const char *const prompt

198

= "Enter passphrase to unlock the disk";

357

199

if(cryptsource == NULL){

358

200

if(crypttarget == NULL){

359

fprintf(stderr, "%s to unlock the disk: ", prompt2);

201

fprintf(stderr, "%s: ", prompt);

360

202

} else {

361

fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,

362

prompt2);

203

fprintf(stderr, "%s (%s): ", prompt, crypttarget);

363

204

}

364

205

} else {

365

206

if(crypttarget == NULL){

366

fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,

367

prompt2);

207

fprintf(stderr, "%s %s: ", prompt, cryptsource);

368

208

} else {

369

fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,

370

crypttarget, prompt2);

209

fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,

210

crypttarget);

371

211

}

372

212

}

373

213

}

374

sret = getline(&buffer, &n, stdin);

375

if(sret > 0){

214

ret = getline(&buffer, &n, stdin);

215

if (ret > 0){

376

216

status = EXIT_SUCCESS;

377

217

/* Make n = data size instead of allocated buffer size */

378

n = (size_t)sret;

379

/* Strip final newline */

380

if(n > 0 and buffer[n-1] == '\n'){

381

buffer[n-1] = '\0'; /* not strictly necessary */

382

n--;

383

}

218

n = (size_t)ret;

384

219

size_t written = 0;

385

220

while(written < n){

386

sret = write(STDOUT_FILENO, buffer + written, n - written);

387

if(sret < 0){

388

int e = errno;

389

error(0, errno, "write");

390

switch(e){

391

case EBADF:

392

case EFAULT:

393

case EINVAL:

394

case EFBIG:

395

case EIO:

396

case ENOSPC:

397

default:

398

status = EX_IOERR;

399

break;

400

case EINTR:

401

status = EXIT_FAILURE;

402

break;

403

}

404

break;

405

}

406

written += (size_t)sret;

407

}

408

sret = close(STDOUT_FILENO);

409

if(sret == -1){

410

int e = errno;

411

error(0, errno, "close");

412

switch(e){

413

case EBADF:

414

status = EX_OSFILE;

415

break;

416

case EIO:

417

default:

418

status = EX_IOERR;

419

break;

420

}

221

ret = write(STDOUT_FILENO, buffer + written, n - written);

222

if(ret < 0){

223

perror("write");

224

status = EXIT_FAILURE;

225

break;

226

}

227

written += (size_t)ret;

421

228

}

422

229

break;

423

230

}

424

if(sret < 0){

425

int e = errno;

426

if(errno != EINTR and not feof(stdin)){

427

error(0, errno, "getline");

428

switch(e){

429

case EBADF:

430

status = EX_UNAVAILABLE;

431

case EIO:

432

case EINVAL:

433

default:

434

status = EX_IOERR;

435

break;

436

}

231

if (ret < 0){

232

if (errno != EINTR and not feof(stdin)){

233

perror("getline");

234

status = EXIT_FAILURE;

437

235

break;

438

236

}

439

237

}

440

/* if(sret == 0), then the only sensible thing to do is to retry to

238

/* if(ret == 0), then the only sensible thing to do is to retry to

441

239

read from stdin */

442

240

fputc('\n', stderr);

443

241

if(debug and not quit_now){

444

/* If quit_now is nonzero, we were interrupted by a signal, and

242

/* If quit_now is true, we were interrupted by a signal, and

445

243

will print that later, so no need to show this too. */

446

244

fprintf(stderr, "getline() returned 0, retrying.\n");

447

245

}

448

246

}

449

247

450

free(buffer);

451

452

if(debug){

248

if (debug){

453

249

fprintf(stderr, "Restoring terminal attributes\n");

454

250

}

455

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

456

error(0, errno, "tcsetattr+echo");

457

}

458

459

if(quit_now){

460

sigemptyset(&old_action.sa_mask);

461

old_action.sa_handler = SIG_DFL;

462

ret = sigaction(signal_received, &old_action, NULL);

463

if(ret == -1){

464

error(0, errno, "sigaction");

465

}

466

raise(signal_received);

467

}

468

469

if(debug){

251

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

252

perror("tcsetattr+echo");

253

}

254

255

if (debug){

470

256

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

471

257

status);

472

258

}

473

if(status == EXIT_SUCCESS or status == EX_OK){

474

fputc('\n', stderr);

475

}

476

259

477

260

return status;

478

261

}

Older »