/mandos/trunk : revision 1152

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2019-08-05 21:14:05 UTC
Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9

Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

files added:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/en_US.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* getline(), asprintf() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

#include <unistd.h> /* access(), struct termios,

tcsetattr(), STDIN_FILENO,

TCSAFLUSH, tcgetattr(), ECHO,

readlink() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc()

stdin, feof(), fputc(), vfprintf(),

vasprintf() */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp */

#include <string.h> /* strlen, rindex, memcmp, strerror()

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

#include <stdarg.h> /* va_list, va_start(), ... */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Needed for conflict resolution */

const char plymouth_name[] = "plymouthd";

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": %s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

error(status, errnum, "%s", text);

free(text);

}

100

static void termination_handler(int signum){

101

if(quit_now){

102

return;

111

from the terminal. Password-prompt will exit if it detects

112

plymouth since plymouth performs the same functionality.

113

114

if(access("/run/plymouth/pid", R_OK) == 0){

115

return true;

116

}

117

118

__attribute__((nonnull))

119

int is_plymouth(const struct dirent *proc_entry){

120

int ret;

121

int cl_fd;

122

{

uintmax_t maxvalue;

123

uintmax_t proc_id;

124

char *tmp;

125

errno = 0;

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

126

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

127

128

if(errno != 0 or *tmp != '\0'

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

129

or proc_id != (uintmax_t)((pid_t)proc_id)){

130

return 0;

131

}

100

132

}

103

135

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

104

136

proc_entry->d_name);

105

137

if(ret == -1){

106

error(0, errno, "asprintf");

138

error_plus(0, errno, "asprintf");

107

139

return 0;

108

140

}

109

141

112

144

free(cmdline_filename);

113

145

if(cl_fd == -1){

114

146

if(errno != ENOENT){

115

error(0, errno, "open");

147

error_plus(0, errno, "open");

116

148

}

117

149

return 0;

118

150

}

129

161

if(cmdline_len + blocksize + 1 > cmdline_allocated){

130

162

tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);

131

163

if(tmp == NULL){

132

error(0, errno, "realloc");

164

error_plus(0, errno, "realloc");

133

165

free(cmdline);

134

166

close(cl_fd);

135

167

return 0;

142

174

sret = read(cl_fd, cmdline + cmdline_len,

143

175

cmdline_allocated - cmdline_len);

144

176

if(sret == -1){

145

error(0, errno, "read");

177

error_plus(0, errno, "read");

146

178

free(cmdline);

147

179

close(cl_fd);

148

180

return 0;

151

183

} while(sret != 0);

152

184

ret = close(cl_fd);

153

185

if(ret == -1){

154

error(0, errno, "close");

186

error_plus(0, errno, "close");

155

187

free(cmdline);

156

188

return 0;

157

189

}

183

215

return 1;

184

216

}

185

217

186

struct dirent **direntries;

218

struct dirent **direntries = NULL;

187

219

int ret;

188

220

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

189

if (ret == -1){

190

error(1, errno, "scandir");

191

}

221

if(ret == -1){

222

error_plus(1, errno, "scandir");

223

}

224

{

225

int i = ret;

226

while(i--){

227

free(direntries[i]);

228

}

229

}

230

free(direntries);

192

231

return ret > 0;

193

232

}

194

233

200

239

struct termios t_new, t_old;

201

240

char *buffer = NULL;

202

241

char *prefix = NULL;

242

char *prompt = NULL;

203

243

int status = EXIT_SUCCESS;

204

244

struct sigaction old_action,

205

245

new_action = { .sa_handler = termination_handler,

209

249

{ .name = "prefix", .key = 'p',

210

250

.arg = "PREFIX", .flags = 0,

211

251

.doc = "Prefix shown before the prompt", .group = 2 },

252

{ .name = "prompt", .key = 129,

253

.arg = "PROMPT", .flags = 0,

254

.doc = "The prompt to show", .group = 2 },

212

255

{ .name = "debug", .key = 128,

213

256

.doc = "Debug mode", .group = 3 },

214

257

223

266

{ .name = NULL }

224

267

};

225

268

269

__attribute__((nonnull(3)))

226

270

error_t parse_opt (int key, char *arg, struct argp_state *state){

227

271

errno = 0;

228

272

switch (key){

229

case 'p':

273

case 'p': /* --prefix */

230

274

prefix = arg;

231

275

break;

232

case 128:

276

case 128: /* --debug */

233

277

debug = true;

234

278

break;

279

case 129: /* --prompt */

280

prompt = arg;

281

break;

235

282

236

283

* These reproduce what we would get without ARGP_NO_HELP

237

284

239

286

argp_state_help(state, state->out_stream,

240

287

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

241

288

& ~(unsigned int)ARGP_HELP_EXIT_OK);

289

__builtin_unreachable();

242

290

case -3: /* --usage */

243

291

argp_state_help(state, state->out_stream,

244

292

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

293

__builtin_unreachable();

245

294

case 'V': /* --version */

246

295

fprintf(state->out_stream, "%s\n", argp_program_version);

247

296

exit(argp_err_exit_status);

264

313

case ENOMEM:

265

314

default:

266

315

errno = ret;

267

error(0, errno, "argp_parse");

316

error_plus(0, errno, "argp_parse");

268

317

return EX_OSERR;

269

318

case EINVAL:

270

319

return EX_USAGE;

275

324

fprintf(stderr, "Starting %s\n", argv[0]);

276

325

}

277

326

278

if (conflict_detection()){

327

if(conflict_detection()){

279

328

if(debug){

280

329

fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);

281

330

}

288

337

289

338

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

290

339

int e = errno;

291

error(0, errno, "tcgetattr");

340

error_plus(0, errno, "tcgetattr");

292

341

switch(e){

293

342

case EBADF:

294

343

case ENOTTY:

301

350

sigemptyset(&new_action.sa_mask);

302

351

ret = sigaddset(&new_action.sa_mask, SIGINT);

303

352

if(ret == -1){

304

error(0, errno, "sigaddset");

353

error_plus(0, errno, "sigaddset");

305

354

return EX_OSERR;

306

355

}

307

356

ret = sigaddset(&new_action.sa_mask, SIGHUP);

308

357

if(ret == -1){

309

error(0, errno, "sigaddset");

358

error_plus(0, errno, "sigaddset");

310

359

return EX_OSERR;

311

360

}

312

361

ret = sigaddset(&new_action.sa_mask, SIGTERM);

313

362

if(ret == -1){

314

error(0, errno, "sigaddset");

363

error_plus(0, errno, "sigaddset");

315

364

return EX_OSERR;

316

365

}

317

366

/* Need to check if the handler is SIG_IGN before handling:

320

369

321

370

ret = sigaction(SIGINT, NULL, &old_action);

322

371

if(ret == -1){

323

error(0, errno, "sigaction");

372

error_plus(0, errno, "sigaction");

324

373

return EX_OSERR;

325

374

}

326

375

if(old_action.sa_handler != SIG_IGN){

327

376

ret = sigaction(SIGINT, &new_action, NULL);

328

377

if(ret == -1){

329

error(0, errno, "sigaction");

378

error_plus(0, errno, "sigaction");

330

379

return EX_OSERR;

331

380

}

332

381

}

333

382

ret = sigaction(SIGHUP, NULL, &old_action);

334

383

if(ret == -1){

335

error(0, errno, "sigaction");

384

error_plus(0, errno, "sigaction");

336

385

return EX_OSERR;

337

386

}

338

387

if(old_action.sa_handler != SIG_IGN){

339

388

ret = sigaction(SIGHUP, &new_action, NULL);

340

389

if(ret == -1){

341

error(0, errno, "sigaction");

390

error_plus(0, errno, "sigaction");

342

391

return EX_OSERR;

343

392

}

344

393

}

345

394

ret = sigaction(SIGTERM, NULL, &old_action);

346

395

if(ret == -1){

347

error(0, errno, "sigaction");

396

error_plus(0, errno, "sigaction");

348

397

return EX_OSERR;

349

398

}

350

399

if(old_action.sa_handler != SIG_IGN){

351

400

ret = sigaction(SIGTERM, &new_action, NULL);

352

401

if(ret == -1){

353

error(0, errno, "sigaction");

402

error_plus(0, errno, "sigaction");

354

403

return EX_OSERR;

355

404

}

356

405

}

364

413

t_new.c_lflag &= ~(tcflag_t)ECHO;

365

414

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

366

415

int e = errno;

367

error(0, errno, "tcsetattr-echo");

416

error_plus(0, errno, "tcsetattr-echo");

368

417

switch(e){

369

418

case EBADF:

370

419

case ENOTTY:

390

439

if(prefix){

391

440

fprintf(stderr, "%s ", prefix);

392

441

}

393

{

442

if(prompt != NULL){

443

fprintf(stderr, "%s: ", prompt);

444

} else {

394

445

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

395

446

const char *crypttarget = getenv("CRYPTTAB_NAME");

396

447

/* Before cryptsetup 1.1.0~rc2 */

434

485

sret = write(STDOUT_FILENO, buffer + written, n - written);

435

486

if(sret < 0){

436

487

int e = errno;

437

error(0, errno, "write");

488

error_plus(0, errno, "write");

438

489

switch(e){

439

490

case EBADF:

440

491

case EFAULT:

456

507

sret = close(STDOUT_FILENO);

457

508

if(sret == -1){

458

509

int e = errno;

459

error(0, errno, "close");

510

error_plus(0, errno, "close");

460

511

switch(e){

461

512

case EBADF:

462

513

status = EX_OSFILE;

471

522

}

472

523

if(sret < 0){

473

524

int e = errno;

474

if(errno != EINTR and not feof(stdin)){

475

error(0, errno, "getline");

476

switch(e){

477

case EBADF:

478

status = EX_UNAVAILABLE;

479

case EIO:

480

case EINVAL:

481

default:

482

status = EX_IOERR;

525

if(errno != EINTR){

526

if(not feof(stdin)){

527

error_plus(0, errno, "getline");

528

switch(e){

529

case EBADF:

530

status = EX_UNAVAILABLE;

531

break;

532

case EIO:

533

case EINVAL:

534

default:

535

status = EX_IOERR;

536

break;

537

}

483

538

break;

539

} else {

540

clearerr(stdin);

484

541

}

485

break;

486

542

}

487

543

}

488

544

/* if(sret == 0), then the only sensible thing to do is to retry

501

557

fprintf(stderr, "Restoring terminal attributes\n");

502

558

}

503

559

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

504

error(0, errno, "tcsetattr+echo");

560

error_plus(0, errno, "tcsetattr+echo");

505

561

}

506

562

507

563

if(quit_now){

509

565

old_action.sa_handler = SIG_DFL;

510

566

ret = sigaction(signal_received, &old_action, NULL);

511

567

if(ret == -1){

512

error(0, errno, "sigaction");

568

error_plus(0, errno, "sigaction");

513

569

}

514

570

raise(signal_received);

515

571

}

Older »