1
1
/* -*- coding: utf-8 -*- */
3
* Passprompt - Read a password from usplash and output it
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
13
* This program is distributed in the hope that it will be useful, but
3
* Usplash - Read a password from usplash and output it
5
* Copyright © 2008-2018, 2021-2022 Teddy Hogeborn
6
* Copyright © 2008-2018, 2021-2022 Björn Påhlsson
8
* This file is part of Mandos.
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
15
* Mandos is distributed in the hope that it will be useful, but
14
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
18
* General Public License for more details.
18
20
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
22
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
23
* <https://www.fukt.bsnet.se/~teddy/>.
23
* Contact the authors at <mandos@recompile.se>.
26
#define _GNU_SOURCE /* asprintf() */
27
#include <signal.h> /* sig_atomic_t, struct sigaction,
28
sigemptyset(), sigaddset(), SIGINT,
29
SIGHUP, SIGTERM, sigaction(),
30
SIG_IGN, kill(), SIGKILL */
26
#define _GNU_SOURCE /* vasprintf(),
27
program_invocation_short_name,
28
asprintf(), TEMP_FAILURE_RETRY() */
29
#include <sys/types.h> /* sig_atomic_t, pid_t, setuid(),
30
geteuid(), setsid() */
31
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
32
#include <stdio.h> /* vasprintf(), fprintf(), stderr,
33
vfprintf(), asprintf() */
34
#include <errno.h> /* program_invocation_short_name,
35
errno, ENOENT, EINTR */
36
#include <string.h> /* strerror(), strlen(), memcmp() */
37
#include <error.h> /* error() */
38
#include <stdlib.h> /* free(), getenv(), realloc(),
39
EXIT_FAILURE, EXIT_SUCCESS,
31
41
#include <stdbool.h> /* bool, false, true */
32
42
#include <fcntl.h> /* open(), O_WRONLY, O_RDONLY */
33
#include <iso646.h> /* and, or, not*/
34
#include <errno.h> /* errno, EINTR */
35
#include <sys/types.h> /* size_t, ssize_t, pid_t, DIR, struct
37
#include <stddef.h> /* NULL */
38
#include <string.h> /* strlen(), memcmp() */
39
#include <stdio.h> /* asprintf(), perror() */
40
#include <unistd.h> /* close(), write(), readlink(),
41
read(), STDOUT_FILENO, sleep(),
42
fork(), setuid(), geteuid(),
43
setsid(), chdir(), dup2(),
44
STDERR_FILENO, execv() */
45
#include <stdlib.h> /* free(), EXIT_FAILURE, strtoul(),
46
realloc(), EXIT_SUCCESS, malloc(),
48
#include <stdlib.h> /* getenv() */
49
#include <dirent.h> /* opendir(), readdir(), closedir() */
50
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */
43
#include <stddef.h> /* size_t, NULL */
44
#include <unistd.h> /* close(), ssize_t, write(),
45
readlink(), read(), STDOUT_FILENO,
46
sleep(), fork(), setuid(),
47
geteuid(), setsid(), chdir(),
48
_exit(), dup2(), STDERR_FILENO,
49
execv(), TEMP_FAILURE_RETRY(),
51
#include <dirent.h> /* DIR, opendir(), struct dirent,
52
readdir(), closedir() */
53
#include <inttypes.h> /* intmax_t, strtoimax() */
54
#include <iso646.h> /* or, not, and */
55
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK() */
56
#include <sysexits.h> /* EX_OSERR, EX_UNAVAILABLE */
57
#include <signal.h> /* struct sigaction, sigemptyset(),
58
sigaddset(), SIGINT, SIGHUP,
59
SIGTERM, SIG_IGN, kill(), SIGKILL,
61
#include <argz.h> /* argz_count(), argz_extract() */
52
63
sig_atomic_t interrupted_by_signal = 0;
54
static void termination_handler(__attribute__((unused))int signum){
65
const char usplash_name[] = "/sbin/usplash";
67
/* Function to use when printing errors */
68
__attribute__((format (gnu_printf, 3, 4)))
69
void error_plus(int status, int errnum, const char *formatstring,
75
va_start(ap, formatstring);
76
ret = vasprintf(&text, formatstring, ap);
78
fprintf(stderr, "Mandos plugin %s: ",
79
program_invocation_short_name);
80
vfprintf(stderr, formatstring, ap);
81
fprintf(stderr, ": ");
82
fprintf(stderr, "%s\n", strerror(errnum));
83
error(status, errno, "vasprintf while printing error");
86
fprintf(stderr, "Mandos plugin ");
87
error(status, errnum, "%s", text);
91
static void termination_handler(int signum){
92
if(interrupted_by_signal){
55
95
interrupted_by_signal = 1;
96
signal_received = signum;
58
static bool usplash_write(const char *cmd, const char *arg){
99
static bool usplash_write(int *fifo_fd_r,
100
const char *cmd, const char *arg){
60
* usplash_write("TIMEOUT", "15") will write "TIMEOUT 15\0"
61
* usplash_write("PULSATE", NULL) will write "PULSATE\0"
102
* usplash_write(&fd, "TIMEOUT", "15") will write "TIMEOUT 15\0"
103
* usplash_write(&fd, "PULSATE", NULL) will write "PULSATE\0"
63
105
* usplash_write(8)
68
fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);
69
if(fifo_fd == -1 and (errno != EINTR or interrupted_by_signal)){
108
if(*fifo_fd_r == -1){
109
ret = open("/dev/.initramfs/usplash_fifo", O_WRONLY);
72
}while(fifo_fd == -1);
74
116
const char *cmd_line;
75
117
size_t cmd_line_len;
76
118
char *cmd_line_alloc = NULL;
79
cmd_line_len = strlen(cmd);
121
cmd_line_len = strlen(cmd) + 1;
82
124
ret = asprintf(&cmd_line_alloc, "%s %s", cmd, arg);
83
if(ret == -1 and (errno != EINTR or interrupted_by_signal)){
90
132
cmd_line = cmd_line_alloc;
91
133
cmd_line_len = (size_t)ret + 1;
94
136
size_t written = 0;
95
while(not interrupted_by_signal and written < cmd_line_len){
96
ret = write(fifo_fd, cmd_line + written,
97
cmd_line_len - written);
99
if(errno != EINTR or interrupted_by_signal){
102
free(cmd_line_alloc);
138
while(written < cmd_line_len){
139
sret = write(*fifo_fd_r, cmd_line + written,
140
cmd_line_len - written);
144
free(cmd_line_alloc);
109
written += (size_t)ret;
148
written += (size_t)sret;
111
150
free(cmd_line_alloc);
113
ret = close(fifo_fd);
114
if(ret == -1 and (errno != EINTR or interrupted_by_signal)){
118
if(interrupted_by_signal){
155
/* Create prompt string */
156
char *makeprompt(void){
159
const char *const cryptsource = getenv("cryptsource");
160
const char *const crypttarget = getenv("crypttarget");
161
const char prompt_start[] = "Enter passphrase to unlock the disk";
163
if(cryptsource == NULL){
164
if(crypttarget == NULL){
165
ret = asprintf(&prompt, "%s: ", prompt_start);
167
ret = asprintf(&prompt, "%s (%s): ", prompt_start,
171
if(crypttarget == NULL){
172
ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);
174
ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,
175
cryptsource, crypttarget);
184
pid_t find_usplash(char **cmdline_r, size_t *cmdline_len_r){
187
char *cmdline = NULL;
188
size_t cmdline_len = 0;
189
DIR *proc_dir = opendir("/proc");
190
if(proc_dir == NULL){
191
error_plus(0, errno, "opendir");
195
for(struct dirent *proc_ent = readdir(proc_dir);
197
proc_ent = readdir(proc_dir)){
202
tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);
203
if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'
204
or tmpmax != (pid_t)tmpmax){
211
/* Find the executable name by doing readlink() on the
212
/proc/<pid>/exe link */
213
char exe_target[sizeof(usplash_name)];
215
/* create file name string */
217
ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);
219
error_plus(0, errno, "asprintf");
220
goto fail_find_usplash;
223
/* Check that it refers to a symlink owned by root:root */
224
struct stat exe_stat;
225
ret = lstat(exe_link, &exe_stat);
231
error_plus(0, errno, "lstat");
233
goto fail_find_usplash;
235
if(not S_ISLNK(exe_stat.st_mode)
236
or exe_stat.st_uid != 0
237
or exe_stat.st_gid != 0){
242
sret = readlink(exe_link, exe_target, sizeof(exe_target));
245
/* Compare executable name */
246
if((sret != ((ssize_t)sizeof(exe_target)-1))
247
or (memcmp(usplash_name, exe_target,
248
sizeof(exe_target)-1) != 0)){
253
/* Read and save the command line of usplash in "cmdline" */
255
/* Open /proc/<pid>/cmdline */
258
char *cmdline_filename;
259
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
262
error_plus(0, errno, "asprintf");
263
goto fail_find_usplash;
265
cl_fd = open(cmdline_filename, O_RDONLY);
266
free(cmdline_filename);
268
error_plus(0, errno, "open");
269
goto fail_find_usplash;
272
size_t cmdline_allocated = 0;
274
const size_t blocksize = 1024;
276
/* Allocate more space? */
277
if(cmdline_len + blocksize > cmdline_allocated){
278
tmp = realloc(cmdline, cmdline_allocated + blocksize);
280
error_plus(0, errno, "realloc");
282
goto fail_find_usplash;
285
cmdline_allocated += blocksize;
288
sret = read(cl_fd, cmdline + cmdline_len,
289
cmdline_allocated - cmdline_len);
291
error_plus(0, errno, "read");
293
goto fail_find_usplash;
295
cmdline_len += (size_t)sret;
299
error_plus(0, errno, "close");
300
goto fail_find_usplash;
303
/* Close directory */
304
ret = closedir(proc_dir);
306
error_plus(0, errno, "closedir");
307
goto fail_find_usplash;
310
*cmdline_r = cmdline;
311
*cmdline_len_r = cmdline_len;
318
if(proc_dir != NULL){
124
326
int main(__attribute__((unused))int argc,
125
327
__attribute__((unused))char **argv){
128
bool an_error_occured = false;
334
pid_t usplash_pid = -1;
335
bool usplash_accessed = false;
336
int status = EXIT_FAILURE; /* Default failure exit status */
130
/* Create prompt string */
133
const char *const cryptsource = getenv("cryptsource");
134
const char *const crypttarget = getenv("crypttarget");
135
const char prompt_start[] = "Enter passphrase to unlock the disk";
137
if(cryptsource == NULL){
138
if(crypttarget == NULL){
139
ret = asprintf(&prompt, "%s: ", prompt_start);
141
ret = asprintf(&prompt, "%s (%s): ", prompt_start,
145
if(crypttarget == NULL){
146
ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);
148
ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,
149
cryptsource, crypttarget);
338
char *prompt = makeprompt();
157
344
/* Find usplash process */
158
pid_t usplash_pid = 0;
159
345
char *cmdline = NULL;
160
346
size_t cmdline_len = 0;
161
const char usplash_name[] = "/sbin/usplash";
163
DIR *proc_dir = opendir("/proc");
164
if(proc_dir == NULL){
169
for(struct dirent *proc_ent = readdir(proc_dir);
171
proc_ent = readdir(proc_dir)){
172
pid_t pid = (pid_t) strtoul(proc_ent->d_name, NULL, 10);
177
/* Find the executable name by doing readlink() on the
178
/proc/<pid>/exe link */
179
char exe_target[sizeof(usplash_name)];
181
/* create file name string */
183
ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);
191
/* Check that it refers to a symlink owned by root:root */
192
struct stat exe_stat;
193
ret = lstat(exe_link, &exe_stat);
201
if(not S_ISLNK(exe_stat.st_mode)
202
or exe_stat.st_uid != 0
203
or exe_stat.st_gid != 0){
208
sret = readlink(exe_link, exe_target, sizeof(exe_target));
214
if((sret == ((ssize_t)sizeof(exe_target)-1))
215
and (memcmp(usplash_name, exe_target,
216
sizeof(exe_target)-1) == 0)){
218
/* Read and save the command line of usplash in "cmdline" */
220
/* Open /proc/<pid>/cmdline */
223
char *cmdline_filename;
224
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
232
cl_fd = open(cmdline_filename, O_RDONLY);
235
free(cmdline_filename);
240
free(cmdline_filename);
242
size_t cmdline_allocated = 0;
244
const size_t blocksize = 1024;
246
if(cmdline_len + blocksize > cmdline_allocated){
247
tmp = realloc(cmdline, cmdline_allocated + blocksize);
256
cmdline_allocated += blocksize;
258
sret = read(cl_fd, cmdline + cmdline_len,
259
cmdline_allocated - cmdline_len);
267
cmdline_len += (size_t)sret;
347
usplash_pid = find_usplash(&cmdline, &cmdline_len);
276
348
if(usplash_pid == 0){
349
status = EX_UNAVAILABLE;
281
353
/* Set up the signal handler */
284
356
new_action = { .sa_handler = termination_handler,
286
358
sigemptyset(&new_action.sa_mask);
287
sigaddset(&new_action.sa_mask, SIGINT);
288
sigaddset(&new_action.sa_mask, SIGHUP);
289
sigaddset(&new_action.sa_mask, SIGTERM);
359
ret = sigaddset(&new_action.sa_mask, SIGINT);
361
error_plus(0, errno, "sigaddset");
365
ret = sigaddset(&new_action.sa_mask, SIGHUP);
367
error_plus(0, errno, "sigaddset");
371
ret = sigaddset(&new_action.sa_mask, SIGTERM);
373
error_plus(0, errno, "sigaddset");
290
377
ret = sigaction(SIGINT, NULL, &old_action);
380
error_plus(0, errno, "sigaction");
296
385
if(old_action.sa_handler != SIG_IGN){
297
386
ret = sigaction(SIGINT, &new_action, NULL);
389
error_plus(0, errno, "sigaction");
304
395
ret = sigaction(SIGHUP, NULL, &old_action);
398
error_plus(0, errno, "sigaction");
310
403
if(old_action.sa_handler != SIG_IGN){
311
404
ret = sigaction(SIGHUP, &new_action, NULL);
407
error_plus(0, errno, "sigaction");
318
413
ret = sigaction(SIGTERM, NULL, &old_action);
416
error_plus(0, errno, "sigaction");
324
421
if(old_action.sa_handler != SIG_IGN){
325
422
ret = sigaction(SIGTERM, &new_action, NULL);
425
error_plus(0, errno, "sigaction");
433
usplash_accessed = true;
334
434
/* Write command to FIFO */
335
if(not interrupted_by_signal){
336
if(not usplash_write("TIMEOUT", "0")
337
and (errno != EINTR)){
338
perror("usplash_write");
339
an_error_occured = true;
342
if(not interrupted_by_signal and not an_error_occured){
343
if(not usplash_write("INPUTQUIET", prompt)
344
and (errno != EINTR)){
345
perror("usplash_write");
346
an_error_occured = true;
435
if(not usplash_write(&fifo_fd, "TIMEOUT", "0")){
437
error_plus(0, errno, "usplash_write");
443
if(interrupted_by_signal){
447
if(not usplash_write(&fifo_fd, "INPUTQUIET", prompt)){
449
error_plus(0, errno, "usplash_write");
455
if(interrupted_by_signal){
351
/* This is not really a loop; while() is used to be able to "break"
352
out of it; those breaks are marked "Big" */
353
while(not interrupted_by_signal and not an_error_occured){
360
fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);
364
an_error_occured = true;
367
if(interrupted_by_signal){
371
}while(fifo_fd == -1);
372
if(interrupted_by_signal or an_error_occured){
377
size_t buf_allocated = 0;
378
const size_t blocksize = 1024;
380
if(buf_len + blocksize > buf_allocated){
381
char *tmp = realloc(buf, buf_allocated + blocksize);
384
an_error_occured = true;
388
buf_allocated += blocksize;
391
sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);
395
an_error_occured = true;
398
if(interrupted_by_signal){
403
if(interrupted_by_signal or an_error_occured){
407
buf_len += (size_t)sret;
410
if(interrupted_by_signal or an_error_occured){
414
if(not usplash_write("TIMEOUT", "15")
415
and (errno != EINTR)){
416
perror("usplash_write");
417
an_error_occured = true;
419
if(interrupted_by_signal or an_error_occured){
423
/* Print password to stdout */
425
while(written < buf_len){
427
sret = write(STDOUT_FILENO, buf + written, buf_len - written);
431
an_error_occured = true;
434
if(interrupted_by_signal){
439
if(interrupted_by_signal or an_error_occured){
442
written += (size_t)sret;
445
if(not interrupted_by_signal and not an_error_occured){
450
} /* end of non-loop while() */
452
/* If we got here, an error or interrupt must have happened */
454
/* Create argc and argv for new usplash*/
455
int cmdline_argc = 0;
456
char **cmdline_argv = malloc(sizeof(char *));
459
while(position < cmdline_len){
460
char **tmp = realloc(cmdline_argv,
462
* (size_t)(cmdline_argc + 2)));
462
/* Read reply from usplash */
464
outfifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);
465
if(outfifo_fd == -1){
467
error_plus(0, errno, "open");
473
if(interrupted_by_signal){
478
size_t buf_allocated = 0;
479
const size_t blocksize = 1024;
481
/* Allocate more space */
482
if(buf_len + blocksize > buf_allocated){
483
char *tmp = realloc(buf, buf_allocated + blocksize);
469
cmdline_argv[cmdline_argc] = cmdline + position;
471
position += strlen(cmdline + position) + 1;
473
cmdline_argv[cmdline_argc] = NULL;
486
error_plus(0, errno, "realloc");
492
buf_allocated += blocksize;
494
sret = read(outfifo_fd, buf + buf_len,
495
buf_allocated - buf_len);
498
error_plus(0, errno, "read");
504
if(interrupted_by_signal){
508
buf_len += (size_t)sret;
510
ret = close(outfifo_fd);
513
error_plus(0, errno, "close");
520
if(interrupted_by_signal){
524
if(not usplash_write(&fifo_fd, "TIMEOUT", "15")){
526
error_plus(0, errno, "usplash_write");
532
if(interrupted_by_signal){
536
ret = close(fifo_fd);
539
error_plus(0, errno, "close");
546
/* Print password to stdout */
548
while(written < buf_len){
550
sret = write(STDOUT_FILENO, buf + written, buf_len - written);
553
error_plus(0, errno, "write");
560
if(interrupted_by_signal){
563
written += (size_t)sret;
568
if(interrupted_by_signal){
581
/* If usplash was never accessed, we can stop now */
582
if(not usplash_accessed){
588
ret = close(fifo_fd);
589
if(ret == -1 and errno != EINTR){
590
error_plus(0, errno, "close");
595
/* Close output FIFO */
596
if(outfifo_fd != -1){
597
ret = close(outfifo_fd);
599
error_plus(0, errno, "close");
603
/* Create argv for new usplash*/
604
char **cmdline_argv = malloc((argz_count(cmdline, cmdline_len) + 1)
605
* sizeof(char *)); /* Count args */
606
if(cmdline_argv == NULL){
607
error_plus(0, errno, "malloc");
610
argz_extract(cmdline, cmdline_len, cmdline_argv); /* Create argv */
475
612
/* Kill old usplash */
476
613
kill(usplash_pid, SIGTERM);