To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to dracut-module/password-agent.c
- browse files at revision 1232
- compare with another revision
- download diff
- download tarball
- view history from revision 1232
- Committer: Teddy Hogeborn
- Date: 2021-02-01 19:30:45 UTC
- Revision ID: teddy@recompile.se-20210201193045-lpg6aprpc4srem6k
Fix issue with french translation
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
- files modified:
- DBUS-API
added
removed
dracut-module/password-agent.c
2
2
/*
3
3
* Mandos password agent - Simple password agent to run Mandos client
4
4
*
5
* Copyright © 2019 Teddy Hogeborn
6
* Copyright © 2019 Björn Påhlsson
5
* Copyright © 2019-2020 Teddy Hogeborn
6
* Copyright © 2019-2020 Björn Påhlsson
7
7
*
8
8
* This file is part of Mandos.
9
9
*
1193
1193
bool *const password_is_read = task.password_is_read;
1194
1194
1195
1195
/* We use the GLib "Key-value file parser" functions to parse the
1196
question file. See <https://www.freedesktop.org/wiki/Software
1197
/systemd/PasswordAgents/> for specification of contents */
1196
question file. See <https://systemd.io/PASSWORD_AGENTS/> for
1197
specification of contents */
1198
1198
__attribute__((nonnull))
1199
1199
void cleanup_g_key_file(GKeyFile **key_file){
1200
1200
if(*key_file != NULL){
1490
1490
not. You may but don't have to include a final NUL byte in
1491
1491
your message.
1492
1492
1493
— <https://www.freedesktop.org/wiki/Software/systemd/
1494
PasswordAgents/> (Wed 08 Oct 2014 02:14:28 AM UTC)
1493
— <https://systemd.io/PASSWORD_AGENTS/> (Tue, 15 Sep 2020
1494
14:24:20 GMT)
1495
1495
*/
1496
1496
send_buffer[0] = '+'; /* Prefix with "+" */
1497
1497
/* Always add an extra NUL */
1502
1502
errno = 0;
1503
1503
ssize_t ssret = send(fd, send_buffer, send_buffer_length,
1504
1504
MSG_NOSIGNAL);
1505
const error_t saved_errno = errno;
1505
const error_t saved_errno = (ssret < 0) ? errno : 0;
1506
1506
#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 25)
1507
1507
explicit_bzero(send_buffer, send_buffer_length);
1508
1508
#else
1526
1526
/* Retry, below */
1527
1527
break;
1528
1528
case EMSGSIZE:
1529
error(0, 0, "Password of size %" PRIuMAX " is too big",
1530
(uintmax_t)password->length);
1529
error(0, saved_errno, "Password of size %" PRIuMAX
1530
" is too big", (uintmax_t)password->length);
1531
1531
#if __GNUC__ < 7
1532
1532
/* FALLTHROUGH */
1533
1533
#else
1535
1535
#endif
1536
1536
case 0:
1537
1537
if(ssret >= 0 and ssret < (ssize_t)send_buffer_length){
1538
error(0, 0, "Password only partially sent to socket");
1538
error(0, 0, "Password only partially sent to socket %s: %"
1539
PRIuMAX " out of %" PRIuMAX " bytes sent", filename,
1540
(uintmax_t)ssret, (uintmax_t)send_buffer_length);
1539
1541
}
1540
1542
#if __GNUC__ < 7
1541
1543
/* FALLTHROUGH */
5807
5809
char write_data[PIPE_BUF];
5808
5810
{
5809
5811
/* Construct test password buffer */
5810
/* Start with + since that is what the real procotol uses */
5812
/* Start with + since that is what the real protocol uses */
5811
5813
write_data[0] = '+';
5812
5814
/* Set a special character at string end just to mark the end */
5813
5815
write_data[sizeof(write_data)-2] = 'y';
5958
5960
test_fixture *fixture,
5959
5961
__attribute__((unused))
5960
5962
gconstpointer user_data){
5961
#ifndef __amd64__
5962
g_test_skip("Skipping EMSGSIZE test on non-AMD64 platform");
5963
#else
5964
5963
__attribute__((cleanup(cleanup_close)))
5965
5964
const int epoll_fd = epoll_create1(EPOLL_CLOEXEC);
5966
5965
g_assert_cmpint(epoll_fd, >=, 0);
5968
5967
char *const filename = strdup("/nonexistent/socket");
5969
5968
__attribute__((cleanup(string_set_clear)))
5970
5969
string_set cancelled_filenames = {};
5971
const size_t oversized = 1024*1024; /* Limit seems to be 212960 */
5972
__attribute__((cleanup(cleanup_buffer)))
5973
buffer password = {
5974
.data=malloc(oversized),
5975
.length=oversized,
5976
.allocated=oversized,
5970
int socketfds[2];
5971
5972
/* Find a message size which triggers EMSGSIZE */
5973
__attribute__((cleanup(cleanup_string)))
5974
char *message_buffer = NULL;
5975
size_t message_size = PIPE_BUF + 1;
5976
for(ssize_t ssret = 0; ssret >= 0; message_size += 1024){
5977
if(message_size >= 1024*1024*1024){ /* 1 GiB */
5978
g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB");
5979
return;
5980
}
5981
message_buffer = realloc(message_buffer, message_size);
5982
if(message_buffer == NULL){
5983
g_test_skip("Skipping EMSGSIZE test");
5984
g_test_message("Failed to malloc() %" PRIuMAX " bytes",
5985
(uintmax_t)message_size);
5986
return;
5987
}
5988
/* Fill buffer with 'x' */
5989
memset(message_buffer, 'x', message_size);
5990
/* Create a new socketpair for each message size to avoid having
5991
to empty the pipe by reading the message to a separate buffer
5992
*/
5993
g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM
5994
| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,
5995
socketfds), ==, 0);
5996
ssret = send(socketfds[1], message_buffer, message_size,
5997
MSG_NOSIGNAL);
5998
error_t saved_errno = errno;
5999
g_assert_cmpint(close(socketfds[0]), ==, 0);
6000
g_assert_cmpint(close(socketfds[1]), ==, 0);
6001
6002
if(ssret < 0){
6003
if(saved_errno != EMSGSIZE) {
6004
g_test_skip("Skipping EMSGSIZE test");
6005
g_test_message("Error on send(): %s", strerror(saved_errno));
6006
return;
6007
}
6008
break;
6009
} else if(ssret != (ssize_t)message_size){
6010
g_test_skip("Skipping EMSGSIZE test");
6011
g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX
6012
" bytes", (uintmax_t)ssret,
6013
(intmax_t)message_size);
6014
return;
6015
}
6016
}
6017
g_test_message("EMSGSIZE triggered by %" PRIdMAX " bytes",
6018
(intmax_t)message_size);
6019
6020
buffer password = {
6021
.data=message_buffer,
6022
.length=message_size - 2, /* Compensate for added '+' and NUL */
6023
.allocated=message_size,
5977
6024
};
5978
g_assert_nonnull(password.data);
5979
6025
if(mlock(password.data, password.allocated) != 0){
5980
6026
g_assert_true(errno == EPERM or errno == ENOMEM);
5981
6027
}
5982
/* Construct test password buffer */
5983
/* Start with + since that is what the real procotol uses */
5984
password.data[0] = '+';
5985
/* Set a special character at string end just to mark the end */
5986
password.data[oversized-3] = 'y';
5987
/* Set NUL at buffer end, as suggested by the protocol */
5988
password.data[oversized-2] = '\0';
5989
/* Fill rest of password with 'x' */
5990
memset(password.data+1, 'x', oversized-3);
5991
6028
5992
6029
__attribute__((cleanup(cleanup_queue)))
5993
6030
task_queue *queue = create_queue();
5994
6031
g_assert_nonnull(queue);
5995
int socketfds[2];
5996
6032
g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM
5997
6033
| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,
5998
6034
socketfds), ==, 0);
6019
6055
g_assert_cmpuint((unsigned int)queue->length, ==, 0);
6020
6056
g_assert_true(string_set_contains(cancelled_filenames,
6021
6057
question_filename));
6022
#endif
6023
6058
}
6024
6059
6025
6060
static void test_send_password_to_socket_retry(__attribute__((unused))
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0