/mandos/trunk : revision 12

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2008-07-19 18:43:24 UTC
Revision ID: teddy@fukt.bsnet.se-20080719184324-iwhoa5in75xa0u2u

* mandos-clients.conf ([foo]/dn, [foo]/password, [braxen_client]/dn,
                       [braxen_client]/password): Removed.
  ([foo]/fingerprint, [braxen_client]/fingerprint): New.
  ([foo]/checker): New.
  ([foo]/secfile): New.
  ([braxen_client]/secret): New.

* server.py: New "--debug" option to set debug flag.  Removed "cert",
             "key", "ca", "crl", and "cred" variables.  Added default
             value for "checker" config file setting.  Do not pass
             credentials to IPv6_TCPServer constructor.
  (debug): New global debug flag.  Used by most debugging output code.
  (Client.__init__): Keyword argument "dn" replaced by "fingerprint",
                     "password" renamed to "secret", and "passfile"
                     renamed to "secfile".  New keyword argument
                     "checker". All callers changed.
  (Client.dn): Removed.
  (Client.fingerprint): New.
  (Client.password): Renamed to "secret"; all users changed.
  (Client.passfile): Renamed to "secfile"; all users changed.
  (Client.timeout, Client.interval): Changed to be properties; now
                                     automatically updates the
                                     "_timeout_milliseconds" and
                                     "_interval_milliseconds" values.
  (Client.timeout_milliseconds): Renamed to "_timeout_milliseconds".
  (Client.interval_milliseconds): Renamed to "_interval_milliseconds".
  (Client.check_command): New.
  (Client.start_checker): Use the new "check_command" attribute.
  (peer_certificate, fingerprint): New functions.

  (tcp_handler.handle): Use ClientSession with empty credentials
                        object instead of ServerSession.  Set gnutls
                        priority string.  Do not verify peer.  Use
                        fingerprint instead of DN when searching for
                        clients.  Bug fix: Loop sending data so even large
                        secret data strings are sent.
  (IPv6_TCPServer.credentials): Removed.
  (if_nametoindex): Do not import ctypes since that is now imported
                    globally.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

crl.pem

key.pem

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _GNU_SOURCE /* getline() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getopt_long, getenv() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), perror(), fputc(),

getopt_long */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

}

int main(int argc, char **argv){

ssize_t ret;

size_t n;

struct termios t_new, t_old;

char *buffer = NULL;

char *prefix = NULL;

int status = EXIT_SUCCESS;

struct sigaction old_action,

new_action = { .sa_handler = termination_handler,

.sa_flags = 0 };

{

struct argp_option options[] = {

{ .name = "prefix", .key = 'p',

.arg = "PREFIX", .flags = 0,

.doc = "Prefix shown before the prompt", .group = 2 },

{ .name = "debug", .key = 128,

.doc = "Debug mode", .group = 3 },

{ .name = NULL }

};

error_t parse_opt (int key, char *arg, struct argp_state *state){

switch (key){

case 'p':

prefix = arg;

break;

case 128:

debug = true;

break;

100

case ARGP_KEY_ARG:

101

argp_usage(state);

102

break;

103

case ARGP_KEY_END:

104

break;

105

default:

106

return ARGP_ERR_UNKNOWN;

107

}

108

return 0;

109

}

110

111

struct argp argp = { .options = options, .parser = parse_opt,

112

.args_doc = "",

113

.doc = "Mandos password-prompt -- Read and"

114

" output a password" };

115

ret = argp_parse(&argp, argc, argv, 0, 0, NULL);

116

if(ret == ARGP_ERR_UNKNOWN){

117

fprintf(stderr, "Unknown error while parsing arguments\n");

118

return EX_SOFTWARE;

119

}

120

}

121

122

if(debug){

123

fprintf(stderr, "Starting %s\n", argv[0]);

124

}

125

if(debug){

126

fprintf(stderr, "Storing current terminal attributes\n");

127

}

128

129

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

130

int e = errno;

131

perror("tcgetattr");

132

switch(e){

133

case EBADF:

134

case ENOTTY:

135

return EX_UNAVAILABLE;

136

default:

137

return EX_OSERR;

138

}

139

}

140

141

sigemptyset(&new_action.sa_mask);

142

ret = sigaddset(&new_action.sa_mask, SIGINT);

143

if(ret == -1){

144

perror("sigaddset");

145

return EX_OSERR;

146

}

147

ret = sigaddset(&new_action.sa_mask, SIGHUP);

148

if(ret == -1){

149

perror("sigaddset");

150

return EX_OSERR;

151

}

152

ret = sigaddset(&new_action.sa_mask, SIGTERM);

153

if(ret == -1){

154

perror("sigaddset");

155

return EX_OSERR;

156

}

157

/* Need to check if the handler is SIG_IGN before handling:

158

| [[info:libc:Initial Signal Actions]] |

159

| [[info:libc:Basic Signal Handling]] |

160

161

ret = sigaction(SIGINT, NULL, &old_action);

162

if(ret == -1){

163

perror("sigaction");

164

return EX_OSERR;

165

}

166

if(old_action.sa_handler != SIG_IGN){

167

ret = sigaction(SIGINT, &new_action, NULL);

168

if(ret == -1){

169

perror("sigaction");

170

return EX_OSERR;

171

}

172

}

173

ret = sigaction(SIGHUP, NULL, &old_action);

174

if(ret == -1){

175

perror("sigaction");

176

return EX_OSERR;

177

}

178

if(old_action.sa_handler != SIG_IGN){

179

ret = sigaction(SIGHUP, &new_action, NULL);

180

if(ret == -1){

181

perror("sigaction");

182

return EX_OSERR;

183

}

184

}

185

ret = sigaction(SIGTERM, NULL, &old_action);

186

if(ret == -1){

187

perror("sigaction");

188

return EX_OSERR;

189

}

190

if(old_action.sa_handler != SIG_IGN){

191

ret = sigaction(SIGTERM, &new_action, NULL);

192

if(ret == -1){

193

perror("sigaction");

194

return EX_OSERR;

195

}

196

}

197

198

199

if(debug){

200

fprintf(stderr, "Removing echo flag from terminal attributes\n");

201

}

202

203

t_new = t_old;

204

t_new.c_lflag &= ~(tcflag_t)ECHO;

205

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

206

int e = errno;

207

perror("tcsetattr-echo");

208

switch(e){

209

case EBADF:

210

case ENOTTY:

211

return EX_UNAVAILABLE;

212

case EINVAL:

213

default:

214

return EX_OSERR;

215

}

216

}

217

218

if(debug){

219

fprintf(stderr, "Waiting for input from stdin \n");

220

}

221

while(true){

222

if(quit_now){

223

if(debug){

224

fprintf(stderr, "Interrupted by signal, exiting.\n");

225

}

226

status = EXIT_FAILURE;

227

break;

228

}

229

230

if(prefix){

231

fprintf(stderr, "%s ", prefix);

232

}

233

{

234

const char *cryptsource = getenv("cryptsource");

235

const char *crypttarget = getenv("crypttarget");

236

const char *const prompt

237

= "Enter passphrase to unlock the disk";

238

if(cryptsource == NULL){

239

if(crypttarget == NULL){

240

fprintf(stderr, "%s: ", prompt);

241

} else {

242

fprintf(stderr, "%s (%s): ", prompt, crypttarget);

243

}

244

} else {

245

if(crypttarget == NULL){

246

fprintf(stderr, "%s %s: ", prompt, cryptsource);

247

} else {

248

fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,

249

crypttarget);

250

}

251

}

252

}

253

ret = getline(&buffer, &n, stdin);

254

if(ret > 0){

255

status = EXIT_SUCCESS;

256

/* Make n = data size instead of allocated buffer size */

257

n = (size_t)ret;

258

/* Strip final newline */

259

if(n > 0 and buffer[n-1] == '\n'){

260

buffer[n-1] = '\0'; /* not strictly necessary */

261

n--;

262

}

263

size_t written = 0;

264

while(written < n){

265

ret = write(STDOUT_FILENO, buffer + written, n - written);

266

if(ret < 0){

267

int e = errno;

268

perror("write");

269

switch(e){

270

case EBADF:

271

case EFAULT:

272

case EINVAL:

273

case EFBIG:

274

case EIO:

275

case ENOSPC:

276

default:

277

status = EX_IOERR;

278

break;

279

case EINTR:

280

status = EXIT_FAILURE;

281

break;

282

}

283

break;

284

}

285

written += (size_t)ret;

286

}

287

ret = close(STDOUT_FILENO);

288

if(ret == -1){

289

int e = errno;

290

perror("close");

291

switch(e){

292

case EBADF:

293

status = EX_OSFILE;

294

break;

295

case EIO:

296

default:

297

status = EX_IOERR;

298

break;

299

}

300

}

301

break;

302

}

303

if(ret < 0){

304

int e = errno;

305

if(errno != EINTR and not feof(stdin)){

306

perror("getline");

307

switch(e){

308

case EBADF:

309

status = EX_UNAVAILABLE;

310

case EIO:

311

case EINVAL:

312

default:

313

status = EX_IOERR;

314

break;

315

}

316

break;

317

}

318

}

319

/* if(ret == 0), then the only sensible thing to do is to retry to

320

read from stdin */

321

fputc('\n', stderr);

322

if(debug and not quit_now){

323

/* If quit_now is nonzero, we were interrupted by a signal, and

324

will print that later, so no need to show this too. */

325

fprintf(stderr, "getline() returned 0, retrying.\n");

326

}

327

}

328

329

free(buffer);

330

331

if(debug){

332

fprintf(stderr, "Restoring terminal attributes\n");

333

}

334

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

335

perror("tcsetattr+echo");

336

}

337

338

if(quit_now){

339

sigemptyset(&old_action.sa_mask);

340

old_action.sa_handler = SIG_DFL;

341

ret = sigaction(signal_received, &old_action, NULL);

342

if(ret == -1){

343

perror("sigaction");

344

}

345

raise(signal_received);

346

}

347

348

if(debug){

349

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

350

status);

351

}

352

if(status == EXIT_SUCCESS or status == EX_OK){

353

fputc('\n', stderr);

354

}

355

356

return status;

357

}

Older »