/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

  • Committer: Teddy Hogeborn
  • Date: 2019-08-18 00:42:22 UTC
  • Revision ID: teddy@recompile.se-20190818004222-lfrgtnmqz766a08e
Client: Use the systemd sysusers.d mechanism, if present

* Makefile (install-client-nokey): Also install sysusers.d file, if
                                   $(SYSUSERS) exists.
* sysusers.d-mandos.conf: Adjust comment to match reality.

Show diffs side-by-side

added added

removed removed

Lines of Context:
48
48
#include <error.h>              /* error() */
49
49
#include <sysexits.h>           /* EX_USAGE, EX_OSERR, EX_OSFILE */
50
50
#include <errno.h>              /* errno, error_t, EACCES,
51
 
                                   ENAMETOOLONG, ENOENT, EEXIST,
52
 
                                   ECHILD, EPERM, ENOMEM, EAGAIN,
53
 
                                   EINTR, ENOBUFS, EADDRINUSE,
 
51
                                   ENAMETOOLONG, ENOENT, ENOTDIR,
 
52
                                   EEXIST, ECHILD, EPERM, ENOMEM,
 
53
                                   EAGAIN, EINTR, ENOBUFS, EADDRINUSE,
54
54
                                   ECONNREFUSED, ECONNRESET,
55
55
                                   ETOOMANYREFS, EMSGSIZE, EBADF,
56
56
                                   EINVAL */
83
83
#include <sys/mman.h>           /* munlock(), mlock() */
84
84
#include <fcntl.h>              /* O_CLOEXEC, O_NONBLOCK, fcntl(),
85
85
                                   F_GETFD, F_GETFL, FD_CLOEXEC,
86
 
                                   open(), O_WRONLY, O_RDONLY */
 
86
                                   open(), O_WRONLY, O_NOCTTY,
 
87
                                   O_RDONLY, O_NOFOLLOW */
87
88
#include <sys/wait.h>           /* waitpid(), WNOHANG, WIFEXITED(),
88
89
                                   WEXITSTATUS() */
89
90
#include <limits.h>             /* PIPE_BUF, NAME_MAX, INT_MAX */
90
91
#include <sys/inotify.h>        /* inotify_init1(), IN_NONBLOCK,
91
92
                                   IN_CLOEXEC, inotify_add_watch(),
92
93
                                   IN_CLOSE_WRITE, IN_MOVED_TO,
93
 
                                   IN_DELETE, struct inotify_event */
 
94
                                   IN_MOVED_FROM, IN_DELETE,
 
95
                                   IN_EXCL_UNLINK, IN_ONLYDIR,
 
96
                                   struct inotify_event */
94
97
#include <fnmatch.h>            /* fnmatch(), FNM_FILE_NAME */
95
98
#include <stdio.h>              /* asprintf(), FILE, fopen(),
96
99
                                   getline(), sscanf(), feof(),
2224
2227
 
2225
2228
  {
2226
2229
    __attribute__((cleanup(cleanup_close)))
2227
 
      const int devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
2230
      const int devnull_fd = open("/dev/null",
 
2231
                                  O_WRONLY | O_CLOEXEC | O_NOCTTY);
2228
2232
    g_assert_cmpint(devnull_fd, >=, 0);
2229
2233
    __attribute__((cleanup(cleanup_close)))
2230
2234
      const int real_stderr_fd = dup(STDERR_FILENO);
2254
2258
    {
2255
2259
      __attribute__((cleanup(cleanup_close)))
2256
2260
        const int devnull_fd = open("/dev/null",
2257
 
                                    O_WRONLY | O_CLOEXEC);
 
2261
                                    O_WRONLY | O_CLOEXEC | O_NOCTTY);
2258
2262
      g_assert_cmpint(devnull_fd, >=, 0);
2259
2263
      __attribute__((cleanup(cleanup_close)))
2260
2264
        const int real_stderr_fd = dup(STDERR_FILENO);
2905
2909
 
2906
2910
  __attribute__((cleanup(cleanup_close)))
2907
2911
    const int devnull_fd = open("/dev/null",
2908
 
                                O_WRONLY | O_CLOEXEC);
 
2912
                                O_WRONLY | O_CLOEXEC | O_NOCTTY);
2909
2913
  g_assert_cmpint(devnull_fd, >=, 0);
2910
2914
  __attribute__((cleanup(cleanup_close)))
2911
2915
    const int real_stderr_fd = dup(STDERR_FILENO);
2976
2980
 
2977
2981
  __attribute__((cleanup(cleanup_close)))
2978
2982
    const int devnull_fd = open("/dev/null",
2979
 
                                O_WRONLY | O_CLOEXEC);
 
2983
                                O_WRONLY | O_CLOEXEC, O_NOCTTY);
2980
2984
  g_assert_cmpint(devnull_fd, >=, 0);
2981
2985
  __attribute__((cleanup(cleanup_close)))
2982
2986
    const int real_stderr_fd = dup(STDERR_FILENO);
3020
3024
    buffer password = {};
3021
3025
 
3022
3026
  /* Reading /proc/self/mem from offset 0 will always give EIO */
3023
 
  const int fd = open("/proc/self/mem", O_RDONLY | O_CLOEXEC);
 
3027
  const int fd = open("/proc/self/mem",
 
3028
                      O_RDONLY | O_CLOEXEC | O_NOCTTY);
3024
3029
 
3025
3030
  bool password_is_read = false;
3026
3031
  bool quit_now = false;
3934
3939
  const mono_microsecs current_time = 0;
3935
3940
 
3936
3941
  /* Reading /proc/self/mem from offset 0 will always result in EIO */
3937
 
  const int fd = open("/proc/self/mem", O_RDONLY | O_CLOEXEC);
 
3942
  const int fd = open("/proc/self/mem",
 
3943
                      O_RDONLY | O_CLOEXEC | O_NOCTTY);
3938
3944
 
3939
3945
  bool quit_now = false;
3940
3946
  __attribute__((cleanup(cleanup_queue)))
5625
5631
                                            __attribute__((unused))
5626
5632
                                            gconstpointer user_data){
5627
5633
  __attribute__((cleanup(cleanup_close)))
5628
 
    const int epoll_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
5634
    const int epoll_fd = open("/dev/null",
 
5635
                              O_WRONLY | O_CLOEXEC | O_NOCTTY);
5629
5636
  __attribute__((cleanup(cleanup_string)))
5630
5637
    char *const question_filename = strdup("/nonexistent/question");
5631
5638
  g_assert_nonnull(question_filename);
6035
6042
                                            __attribute__((unused))
6036
6043
                                            gconstpointer user_data){
6037
6044
  __attribute__((cleanup(cleanup_close)))
6038
 
    const int epoll_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
6045
    const int epoll_fd = open("/dev/null",
 
6046
                              O_WRONLY | O_CLOEXEC | O_NOCTTY);
6039
6047
  __attribute__((cleanup(cleanup_string)))
6040
6048
    char *const question_filename = strdup("/nonexistent/question");
6041
6049
  g_assert_nonnull(question_filename);
6304
6312
                                              const char *const
6305
6313
                                              dirname){
6306
6314
  __attribute__((cleanup(cleanup_close)))
6307
 
    const int devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
6315
    const int devnull_fd = open("/dev/null",
 
6316
                                O_WRONLY | O_CLOEXEC | O_NOCTTY);
6308
6317
  g_assert_cmpint(devnull_fd, >=, 0);
6309
6318
  __attribute__((cleanup(cleanup_close)))
6310
6319
    const int real_stderr_fd = dup(STDERR_FILENO);