/mandos/trunk : revision 1218

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

Committer: teddy at recompile
Date: 2020-07-04 11:58:52 UTC
Revision ID: teddy@recompile.se-20200704115852-oquhnmng3zom4ldl

Update copyright year

* DBUS-API: Update copyright year to 2020
* debian/copyright: - '' -
* dracut-module/ask-password-mandos.service: - '' -
* dracut-module/password-agent.c: - '' -
* mandos: - '' -
* mandos-ctl: - '' -
* plugin-runner.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/plymouth.c: - '' -
* mandos-to-cryptroot-unlock: Update copyright year to 2019.

Show diffs side-by-side

added added

removed removed

dracut-module/password-agent.c

* Mandos password agent - Simple password agent to run Mandos client

* This file is part of Mandos.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* pipe2(), O_CLOEXEC, setresgid(),

setresuid(), asprintf(), getline(),

basename() */

#include <inttypes.h> /* uintmax_t, strtoumax(), PRIuMAX,

PRIdMAX, intmax_t, uint32_t,

SCNx32, SCNuMAX, SCNxMAX */

#include <stddef.h> /* size_t, NULL */

#define _GNU_SOURCE

#include <inttypes.h> /* uintmax_t, PRIuMAX, PRIdMAX,

intmax_t, uint32_t, SCNx32,

SCNuMAX, SCNxMAX */

#include <stddef.h> /* size_t */

#include <sys/types.h> /* pid_t, uid_t, gid_t, getuid(),

getpid() */

#include <stdbool.h> /* bool, true, false */

NSIG, sigismember(), SA_ONSTACK,

SIG_DFL, SIG_IGN, SIGINT, SIGQUIT,

SIGHUP, SIGSTOP, SIG_UNBLOCK */

#include <unistd.h> /* uid_t, gid_t, close(), pipe2(),

fork(), _exit(), dup2(),

STDOUT_FILENO, setresgid(),

setresuid(), execv(), ssize_t,

read(), dup3(), getuid(), dup(),

STDERR_FILENO, pause(), write(),

rmdir(), unlink(), getpid() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

malloc(), free(), realloc(),

setenv(), calloc(), mkdtemp(),

mkostemp() */

malloc(), free(), strtoumax(),

realloc(), setenv(), calloc(),

mkdtemp(), mkostemp() */

#include <iso646.h> /* not, or, and, xor */

#include <error.h> /* error() */

#include <sysexits.h> /* EX_USAGE, EX_OSERR, EX_OSFILE */

#include <string.h> /* strdup(), memcpy(),

explicit_bzero(), memset(),

strcmp(), strlen(), strncpy(),

memcmp(), basename(), strerror() */

memcmp(), basename() */

#include <argz.h> /* argz_create(), argz_count(),

argz_extract(), argz_next(),

argz_add() */

ARGP_ERR_UNKNOWN, ARGP_KEY_ARGS,

struct argp, argp_parse(),

ARGP_NO_EXIT */

#include <stdint.h> /* SIZE_MAX, uint32_t */

#include <stdint.h> /* SIZE_MAX */

#include <unistd.h> /* uid_t, gid_t, close(), pipe2(),

fork(), _exit(), dup2(),

STDOUT_FILENO, setresgid(),

setresuid(), execv(), ssize_t,

read(), dup3(), getuid(), dup(),

STDERR_FILENO, pause(), write(),

rmdir(), unlink(), getpid() */

#include <sys/mman.h> /* munlock(), mlock() */

#include <fcntl.h> /* O_CLOEXEC, O_NONBLOCK, fcntl(),

F_GETFD, F_GETFL, FD_CLOEXEC,

112

110

g_assert_null(), g_assert_false(),

113

111

g_assert_cmpint(), g_assert_cmpuint(),

114

112

g_test_skip(), g_assert_cmpstr(),

115

g_test_message(), g_test_init(), g_test_add(),

116

g_test_run(), GOptionContext,

117

g_option_context_new(),

113

g_test_init(), g_test_add(), g_test_run(),

114

GOptionContext, g_option_context_new(),

118

115

g_option_context_set_help_enabled(), FALSE,

119

116

g_option_context_set_ignore_unknown_options(),

120

117

gboolean, GOptionEntry, G_OPTION_ARG_NONE,

1196

1193

bool *const password_is_read = task.password_is_read;

1197

1194

1198

1195

/* We use the GLib "Key-value file parser" functions to parse the

1199

question file. See <https://systemd.io/PASSWORD_AGENTS/> for

1200

specification of contents */

1196

question file. See <https://www.freedesktop.org/wiki/Software

1197

/systemd/PasswordAgents/> for specification of contents */

1201

1198

__attribute__((nonnull))

1202

1199

void cleanup_g_key_file(GKeyFile **key_file){

1203

1200

if(*key_file != NULL){

1493

1490

not. You may but don't have to include a final NUL byte in

1494

1491

your message.

1495

1492

1496

— <https://systemd.io/PASSWORD_AGENTS/> (Tue, 15 Sep 2020

1497

14:24:20 GMT)

1493

— <https://www.freedesktop.org/wiki/Software/systemd/

1494

PasswordAgents/> (Wed 08 Oct 2014 02:14:28 AM UTC)

1498

1495

1499

1496

send_buffer[0] = '+'; /* Prefix with "+" */

1500

1497

/* Always add an extra NUL */

1505

1502

errno = 0;

1506

1503

ssize_t ssret = send(fd, send_buffer, send_buffer_length,

1507

1504

MSG_NOSIGNAL);

1508

const error_t saved_errno = (ssret < 0) ? errno : 0;

1505

const error_t saved_errno = errno;

1509

1506

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 25)

1510

1507

explicit_bzero(send_buffer, send_buffer_length);

1511

1508

#else

1529

1526

/* Retry, below */

1530

1527

break;

1531

1528

case EMSGSIZE:

1532

error(0, saved_errno, "Password of size %" PRIuMAX

1533

" is too big", (uintmax_t)password->length);

1529

error(0, 0, "Password of size %" PRIuMAX " is too big",

1530

(uintmax_t)password->length);

1534

1531

#if __GNUC__ < 7

1535

1532

/* FALLTHROUGH */

1536

1533

#else

1538

1535

#endif

1539

1536

case 0:

1540

1537

if(ssret >= 0 and ssret < (ssize_t)send_buffer_length){

1541

error(0, 0, "Password only partially sent to socket %s: %"

1542

PRIuMAX " out of %" PRIuMAX " bytes sent", filename,

1543

(uintmax_t)ssret, (uintmax_t)send_buffer_length);

1538

error(0, 0, "Password only partially sent to socket");

1544

1539

}

1545

1540

#if __GNUC__ < 7

1546

1541

/* FALLTHROUGH */

5812

5807

char write_data[PIPE_BUF];

5813

5808

{

5814

5809

/* Construct test password buffer */

5815

/* Start with + since that is what the real protocol uses */

5810

/* Start with + since that is what the real procotol uses */

5816

5811

write_data[0] = '+';

5817

5812

/* Set a special character at string end just to mark the end */

5818

5813

write_data[sizeof(write_data)-2] = 'y';

5963

5958

test_fixture *fixture,

5964

5959

__attribute__((unused))

5965

5960

gconstpointer user_data){

5961

#ifndef __amd64__

5962

g_test_skip("Skipping EMSGSIZE test on non-AMD64 platform");

5963

#else

5966

5964

__attribute__((cleanup(cleanup_close)))

5967

5965

const int epoll_fd = epoll_create1(EPOLL_CLOEXEC);

5968

5966

g_assert_cmpint(epoll_fd, >=, 0);

5970

5968

char *const filename = strdup("/nonexistent/socket");

5971

5969

__attribute__((cleanup(string_set_clear)))

5972

5970

string_set cancelled_filenames = {};

5973

int socketfds[2];

5974

5975

/* Find a message size which triggers EMSGSIZE */

5976

__attribute__((cleanup(cleanup_string)))

5977

char *message_buffer = NULL;

5978

size_t message_size = PIPE_BUF + 1;

5979

for(ssize_t ssret = 0; ssret >= 0; message_size += 1024){

5980

if(message_size >= 1024*1024*1024){ /* 1 GiB */

5981

g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB");

5982

return;

5983

}

5984

message_buffer = realloc(message_buffer, message_size);

5985

if(message_buffer == NULL){

5986

g_test_skip("Skipping EMSGSIZE test");

5987

g_test_message("Failed to malloc() %" PRIuMAX " bytes",

5988

(uintmax_t)message_size);

5989

return;

5990

}

5991

/* Fill buffer with 'x' */

5992

memset(message_buffer, 'x', message_size);

5993

/* Create a new socketpair for each message size to avoid having

5994

to empty the pipe by reading the message to a separate buffer

5995

5996

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5997

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5998

socketfds), ==, 0);

5999

ssret = send(socketfds[1], message_buffer, message_size,

6000

MSG_NOSIGNAL);

6001

error_t saved_errno = errno;

6002

g_assert_cmpint(close(socketfds[0]), ==, 0);

6003

g_assert_cmpint(close(socketfds[1]), ==, 0);

6004

6005

if(ssret < 0){

6006

if(saved_errno != EMSGSIZE) {

6007

g_test_skip("Skipping EMSGSIZE test");

6008

g_test_message("Error on send(%" PRIuMAX " bytes): %s",

6009

(uintmax_t)message_size,

6010

strerror(saved_errno));

6011

return;

6012

}

6013

break;

6014

} else if(ssret != (ssize_t)message_size){

6015

g_test_skip("Skipping EMSGSIZE test");

6016

g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX

6017

" bytes", (uintmax_t)ssret,

6018

(intmax_t)message_size);

6019

return;

6020

}

6021

}

6022

g_test_message("EMSGSIZE triggered by %" PRIdMAX " bytes",

6023

(intmax_t)message_size);

6024

6025

buffer password = {

6026

.data=message_buffer,

6027

.length=message_size - 2, /* Compensate for added '+' and NUL */

6028

.allocated=message_size,

5971

const size_t oversized = 1024*1024; /* Limit seems to be 212960 */

5972

__attribute__((cleanup(cleanup_buffer)))

5973

buffer password = {

5974

.data=malloc(oversized),

5975

.length=oversized,

5976

.allocated=oversized,

6029

5977

};

5978

g_assert_nonnull(password.data);

6030

5979

if(mlock(password.data, password.allocated) != 0){

6031

5980

g_assert_true(errno == EPERM or errno == ENOMEM);

6032

5981

}

5982

/* Construct test password buffer */

5983

/* Start with + since that is what the real procotol uses */

5984

password.data[0] = '+';

5985

/* Set a special character at string end just to mark the end */

5986

password.data[oversized-3] = 'y';

5987

/* Set NUL at buffer end, as suggested by the protocol */

5988

password.data[oversized-2] = '\0';

5989

/* Fill rest of password with 'x' */

5990

memset(password.data+1, 'x', oversized-3);

6033

5991

6034

5992

__attribute__((cleanup(cleanup_queue)))

6035

5993

task_queue *queue = create_queue();

6036

5994

g_assert_nonnull(queue);

5995

int socketfds[2];

6037

5996

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

6038

5997

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

6039

5998

socketfds), ==, 0);

6060

6019

g_assert_cmpuint((unsigned int)queue->length, ==, 0);

6061

6020

g_assert_true(string_set_contains(cancelled_filenames,

6062

6021

question_filename));

6022

#endif

6063

6023

}

6064

6024

6065

6025

static void test_send_password_to_socket_retry(__attribute__((unused))

Older »