/mandos/trunk : revision 1239

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

Committer: Teddy Hogeborn
Date: 2021-02-04 17:59:45 UTC
Revision ID: teddy@recompile.se-20210204175945-8druo6d88ipc1z58

Fix issue with french translation

Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw key id, and therefore did not need
translation, so this was never a user-visible issue.

* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " ${key_id}".

Show diffs side-by-side

added added

removed removed

dracut-module/password-agent.c

* Mandos password agent - Simple password agent to run Mandos client

* This file is part of Mandos.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE

#include <inttypes.h> /* uintmax_t, PRIuMAX, PRIdMAX,

intmax_t, uint32_t, SCNx32,

SCNuMAX, SCNxMAX */

#include <stddef.h> /* size_t */

#define _GNU_SOURCE /* pipe2(), O_CLOEXEC, setresgid(),

setresuid(), asprintf(), getline(),

basename() */

#include <inttypes.h> /* uintmax_t, strtoumax(), PRIuMAX,

PRIdMAX, intmax_t, uint32_t,

SCNx32, SCNuMAX, SCNxMAX */

#include <stddef.h> /* size_t, NULL */

#include <sys/types.h> /* pid_t, uid_t, gid_t, getuid(),

getpid() */

#include <stdbool.h> /* bool, true, false */

NSIG, sigismember(), SA_ONSTACK,

SIG_DFL, SIG_IGN, SIGINT, SIGQUIT,

SIGHUP, SIGSTOP, SIG_UNBLOCK */

#include <unistd.h> /* uid_t, gid_t, close(), pipe2(),

fork(), _exit(), dup2(),

STDOUT_FILENO, setresgid(),

setresuid(), execv(), ssize_t,

read(), dup3(), getuid(), dup(),

STDERR_FILENO, pause(), write(),

rmdir(), unlink(), getpid() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

malloc(), free(), strtoumax(),

realloc(), setenv(), calloc(),

mkdtemp(), mkostemp() */

malloc(), free(), realloc(),

setenv(), calloc(), mkdtemp(),

mkostemp() */

#include <iso646.h> /* not, or, and, xor */

#include <error.h> /* error() */

#include <sysexits.h> /* EX_USAGE, EX_OSERR, EX_OSFILE */

#include <string.h> /* strdup(), memcpy(),

explicit_bzero(), memset(),

strcmp(), strlen(), strncpy(),

memcmp(), basename() */

memcmp(), basename(), strerror() */

#include <argz.h> /* argz_create(), argz_count(),

argz_extract(), argz_next(),

argz_add() */

ARGP_ERR_UNKNOWN, ARGP_KEY_ARGS,

struct argp, argp_parse(),

ARGP_NO_EXIT */

#include <stdint.h> /* SIZE_MAX */

#include <unistd.h> /* uid_t, gid_t, close(), pipe2(),

fork(), _exit(), dup2(),

STDOUT_FILENO, setresgid(),

setresuid(), execv(), ssize_t,

read(), dup3(), getuid(), dup(),

STDERR_FILENO, pause(), write(),

rmdir(), unlink(), getpid() */

#include <stdint.h> /* SIZE_MAX, uint32_t */

#include <sys/mman.h> /* munlock(), mlock() */

#include <fcntl.h> /* O_CLOEXEC, O_NONBLOCK, fcntl(),

F_GETFD, F_GETFL, FD_CLOEXEC,

110

112

g_assert_null(), g_assert_false(),

111

113

g_assert_cmpint(), g_assert_cmpuint(),

112

114

g_test_skip(), g_assert_cmpstr(),

113

g_test_init(), g_test_add(), g_test_run(),

114

GOptionContext, g_option_context_new(),

115

g_test_message(), g_test_init(), g_test_add(),

116

g_test_run(), GOptionContext,

117

g_option_context_new(),

115

118

g_option_context_set_help_enabled(), FALSE,

116

119

g_option_context_set_ignore_unknown_options(),

117

120

gboolean, GOptionEntry, G_OPTION_ARG_NONE,

868

871

}

869

872

close(pipefds[1]);

870

873

874

if(pid == -1){

875

error(0, errno, "Failed to fork()");

876

close(pipefds[0]);

877

return false;

878

}

879

871

880

if(not add_to_queue(queue, (task_context){

872

881

.func=wait_for_mandos_client_exit,

873

882

.pid=pid,

1187

1196

bool *const password_is_read = task.password_is_read;

1188

1197

1189

1198

/* We use the GLib "Key-value file parser" functions to parse the

1190

question file. See <https://www.freedesktop.org/wiki/Software

1191

/systemd/PasswordAgents/> for specification of contents */

1199

question file. See <https://systemd.io/PASSWORD_AGENTS/> for

1200

specification of contents */

1192

1201

__attribute__((nonnull))

1193

1202

void cleanup_g_key_file(GKeyFile **key_file){

1194

1203

if(*key_file != NULL){

1484

1493

not. You may but don't have to include a final NUL byte in

1485

1494

your message.

1486

1495

1487

— <https://www.freedesktop.org/wiki/Software/systemd/

1488

PasswordAgents/> (Wed 08 Oct 2014 02:14:28 AM UTC)

1496

— <https://systemd.io/PASSWORD_AGENTS/> (Tue, 15 Sep 2020

1497

14:24:20 GMT)

1489

1498

1490

1499

send_buffer[0] = '+'; /* Prefix with "+" */

1491

1500

/* Always add an extra NUL */

1496

1505

errno = 0;

1497

1506

ssize_t ssret = send(fd, send_buffer, send_buffer_length,

1498

1507

MSG_NOSIGNAL);

1499

const error_t saved_errno = errno;

1508

const error_t saved_errno = (ssret < 0) ? errno : 0;

1500

1509

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 25)

1501

1510

explicit_bzero(send_buffer, send_buffer_length);

1502

1511

#else

1520

1529

/* Retry, below */

1521

1530

break;

1522

1531

case EMSGSIZE:

1523

error(0, 0, "Password of size %" PRIuMAX " is too big",

1524

(uintmax_t)password->length);

1532

error(0, saved_errno, "Password of size %" PRIuMAX

1533

" is too big", (uintmax_t)password->length);

1525

1534

#if __GNUC__ < 7

1526

1535

/* FALLTHROUGH */

1527

1536

#else

1529

1538

#endif

1530

1539

case 0:

1531

1540

if(ssret >= 0 and ssret < (ssize_t)send_buffer_length){

1532

error(0, 0, "Password only partially sent to socket");

1541

error(0, 0, "Password only partially sent to socket %s: %"

1542

PRIuMAX " out of %" PRIuMAX " bytes sent", filename,

1543

(uintmax_t)ssret, (uintmax_t)send_buffer_length);

1533

1544

}

1534

1545

#if __GNUC__ < 7

1535

1546

/* FALLTHROUGH */

2190

2201

}

2191

2202

exit(EXIT_SUCCESS);

2192

2203

}

2204

if(pid == -1){

2205

error(EXIT_FAILURE, errno, "Failed to fork()");

2206

}

2207

2193

2208

int status;

2194

2209

waitpid(pid, &status, 0);

2195

2210

if(WIFEXITED(status) and (WEXITSTATUS(status) == EXIT_SUCCESS)){

5797

5812

char write_data[PIPE_BUF];

5798

5813

{

5799

5814

/* Construct test password buffer */

5800

/* Start with + since that is what the real procotol uses */

5815

/* Start with + since that is what the real protocol uses */

5801

5816

write_data[0] = '+';

5802

5817

/* Set a special character at string end just to mark the end */

5803

5818

write_data[sizeof(write_data)-2] = 'y';

5955

5970

char *const filename = strdup("/nonexistent/socket");

5956

5971

__attribute__((cleanup(string_set_clear)))

5957

5972

string_set cancelled_filenames = {};

5958

const size_t oversized = 1024*1024; /* Limit seems to be 212960 */

5959

__attribute__((cleanup(cleanup_buffer)))

5960

buffer password = {

5961

.data=malloc(oversized),

5962

.length=oversized,

5963

.allocated=oversized,

5973

int socketfds[2];

5974

5975

/* Find a message size which triggers EMSGSIZE */

5976

__attribute__((cleanup(cleanup_string)))

5977

char *message_buffer = NULL;

5978

size_t message_size = PIPE_BUF + 1;

5979

for(ssize_t ssret = 0; ssret >= 0; message_size += 1024){

5980

if(message_size >= 1024*1024*1024){ /* 1 GiB */

5981

g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB");

5982

return;

5983

}

5984

message_buffer = realloc(message_buffer, message_size);

5985

if(message_buffer == NULL){

5986

g_test_skip("Skipping EMSGSIZE test");

5987

g_test_message("Failed to malloc() %" PRIuMAX " bytes",

5988

(uintmax_t)message_size);

5989

return;

5990

}

5991

/* Fill buffer with 'x' */

5992

memset(message_buffer, 'x', message_size);

5993

/* Create a new socketpair for each message size to avoid having

5994

to empty the pipe by reading the message to a separate buffer

5995

5996

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5997

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5998

socketfds), ==, 0);

5999

ssret = send(socketfds[1], message_buffer, message_size,

6000

MSG_NOSIGNAL);

6001

error_t saved_errno = errno;

6002

g_assert_cmpint(close(socketfds[0]), ==, 0);

6003

g_assert_cmpint(close(socketfds[1]), ==, 0);

6004

6005

if(ssret < 0){

6006

if(saved_errno != EMSGSIZE) {

6007

g_test_skip("Skipping EMSGSIZE test");

6008

g_test_message("Error on send(%" PRIuMAX " bytes): %s",

6009

(uintmax_t)message_size,

6010

strerror(saved_errno));

6011

return;

6012

}

6013

break;

6014

} else if(ssret != (ssize_t)message_size){

6015

g_test_skip("Skipping EMSGSIZE test");

6016

g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX

6017

" bytes", (uintmax_t)ssret,

6018

(intmax_t)message_size);

6019

return;

6020

}

6021

}

6022

g_test_message("EMSGSIZE triggered by %" PRIdMAX " bytes",

6023

(intmax_t)message_size);

6024

6025

buffer password = {

6026

.data=message_buffer,

6027

.length=message_size - 2, /* Compensate for added '+' and NUL */

6028

.allocated=message_size,

5964

6029

};

5965

g_assert_nonnull(password.data);

5966

6030

if(mlock(password.data, password.allocated) != 0){

5967

6031

g_assert_true(errno == EPERM or errno == ENOMEM);

5968

6032

}

5969

/* Construct test password buffer */

5970

/* Start with + since that is what the real procotol uses */

5971

password.data[0] = '+';

5972

/* Set a special character at string end just to mark the end */

5973

password.data[oversized-3] = 'y';

5974

/* Set NUL at buffer end, as suggested by the protocol */

5975

password.data[oversized-2] = '\0';

5976

/* Fill rest of password with 'x' */

5977

memset(password.data+1, 'x', oversized-3);

5978

6033

5979

6034

__attribute__((cleanup(cleanup_queue)))

5980

6035

task_queue *queue = create_queue();

5981

6036

g_assert_nonnull(queue);

5982

int socketfds[2];

5983

6037

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5984

6038

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5985

6039

socketfds), ==, 0);

Older »