/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* getline(), asprintf() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

#define _GNU_SOURCE /* vasprintf(),

program_invocation_short_name,

asprintf(), getline() */

#include <sys/types.h> /* sig_atomic_t, pid_t */

#include <stdbool.h> /* bool, false, true */

#include <argp.h> /* argp_program_version,

argp_program_bug_address,

struct argp_option,

struct argp_state, argp_state_help,

ARGP_HELP_STD_HELP,

ARGP_HELP_EXIT_ERR,

ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,

argp_err_exit_status,

ARGP_ERR_UNKNOWN, argp_parse(),

ARGP_IN_ORDER, ARGP_NO_HELP */

#include <stdarg.h> /* va_list, va_start(), vfprintf() */

#include <stdio.h> /* vasprintf(), fprintf(), stderr,

vfprintf(), asprintf(), getline(),

stdin, feof(), clearerr(),

fputc() */

#include <errno.h> /* program_invocation_short_name,

errno, ENOENT, error_t, ENOMEM,

EINVAL, EBADF, ENOTTY, EFAULT,

EFBIG, EIO, ENOSPC, EINTR */

#include <string.h> /* strerror(), strrchr(), strcmp() */

#include <error.h> /* error() */

#include <stdlib.h> /* free(), realloc(), EXIT_SUCCESS,

EXIT_FAILURE, getenv() */

#include <unistd.h> /* access(), R_OK, ssize_t, close(),

read(), STDIN_FILENO, write(),

STDOUT_FILENO */

#include <dirent.h> /* struct dirent, scandir(),

alphasort() */

#include <inttypes.h> /* uintmax_t, strtoumax() */

#include <iso646.h> /* or, and, not */

#include <fcntl.h> /* open(), O_RDONLY */

#include <stddef.h> /* NULL, size_t */

#include <termios.h> /* struct termios, tcgetattr(),

tcflag_t, ECHO, tcsetattr(),

TCSAFLUSH */

#include <signal.h> /* struct sigaction, sigemptyset(),

sigaddset(), SIGINT, SIGHUP,

SIGTERM, SIG_IGN, SIG_DFL,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t,

ssize_t, open() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc()

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,

EX_IOERR, EX_OSFILE, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Needed for conflict resolution */

const char plymouth_name[] = "plymouthd";

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": %s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

100

fprintf(stderr, "Mandos plugin ");

101

error(status, errnum, "%s", text);

102

free(text);

103

}

104

105

static void termination_handler(int signum){

106

if(quit_now){

107

return;

116

from the terminal. Password-prompt will exit if it detects

117

plymouth since plymouth performs the same functionality.

118

119

if(access("/run/plymouth/pid", R_OK) == 0){

120

return true;

121

}

122

123

__attribute__((nonnull))

124

int is_plymouth(const struct dirent *proc_entry){

125

int ret;

126

int cl_fd;

127

{

uintmax_t maxvalue;

128

uintmax_t proc_id;

129

char *tmp;

130

errno = 0;

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

131

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

132

133

if(errno != 0 or *tmp != '\0'

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

134

or proc_id != (uintmax_t)((pid_t)proc_id)){

135

return 0;

136

}

100

137

}

103

140

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

104

141

proc_entry->d_name);

105

142

if(ret == -1){

106

error(0, errno, "asprintf");

143

error_plus(0, errno, "asprintf");

107

144

return 0;

108

145

}

109

146

112

149

free(cmdline_filename);

113

150

if(cl_fd == -1){

114

151

if(errno != ENOENT){

115

error(0, errno, "open");

152

error_plus(0, errno, "open");

116

153

}

117

154

return 0;

118

155

}

129

166

if(cmdline_len + blocksize + 1 > cmdline_allocated){

130

167

tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);

131

168

if(tmp == NULL){

132

error(0, errno, "realloc");

169

error_plus(0, errno, "realloc");

133

170

free(cmdline);

134

171

close(cl_fd);

135

172

return 0;

142

179

sret = read(cl_fd, cmdline + cmdline_len,

143

180

cmdline_allocated - cmdline_len);

144

181

if(sret == -1){

145

error(0, errno, "read");

182

error_plus(0, errno, "read");

146

183

free(cmdline);

147

184

close(cl_fd);

148

185

return 0;

151

188

} while(sret != 0);

152

189

ret = close(cl_fd);

153

190

if(ret == -1){

154

error(0, errno, "close");

191

error_plus(0, errno, "close");

155

192

free(cmdline);

156

193

return 0;

157

194

}

183

220

return 1;

184

221

}

185

222

186

struct dirent **direntries;

223

struct dirent **direntries = NULL;

187

224

int ret;

188

225

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

189

if (ret == -1){

190

error(1, errno, "scandir");

191

}

226

if(ret == -1){

227

error_plus(1, errno, "scandir");

228

}

229

{

230

int i = ret;

231

while(i--){

232

free(direntries[i]);

233

}

234

}

235

free(direntries);

192

236

return ret > 0;

193

237

}

194

238

200

244

struct termios t_new, t_old;

201

245

char *buffer = NULL;

202

246

char *prefix = NULL;

247

char *prompt = NULL;

203

248

int status = EXIT_SUCCESS;

204

249

struct sigaction old_action,

205

250

new_action = { .sa_handler = termination_handler,

209

254

{ .name = "prefix", .key = 'p',

210

255

.arg = "PREFIX", .flags = 0,

211

256

.doc = "Prefix shown before the prompt", .group = 2 },

257

{ .name = "prompt", .key = 129,

258

.arg = "PROMPT", .flags = 0,

259

.doc = "The prompt to show", .group = 2 },

212

260

{ .name = "debug", .key = 128,

213

261

.doc = "Debug mode", .group = 3 },

214

262

223

271

{ .name = NULL }

224

272

};

225

273

274

__attribute__((nonnull(3)))

226

275

error_t parse_opt (int key, char *arg, struct argp_state *state){

227

276

errno = 0;

228

277

switch (key){

229

case 'p':

278

case 'p': /* --prefix */

230

279

prefix = arg;

231

280

break;

232

case 128:

281

case 128: /* --debug */

233

282

debug = true;

234

283

break;

284

case 129: /* --prompt */

285

prompt = arg;

286

break;

235

287

236

288

* These reproduce what we would get without ARGP_NO_HELP

237

289

239

291

argp_state_help(state, state->out_stream,

240

292

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

241

293

& ~(unsigned int)ARGP_HELP_EXIT_OK);

294

__builtin_unreachable();

242

295

case -3: /* --usage */

243

296

argp_state_help(state, state->out_stream,

244

297

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

298

__builtin_unreachable();

245

299

case 'V': /* --version */

246

300

fprintf(state->out_stream, "%s\n", argp_program_version);

247

301

exit(argp_err_exit_status);

264

318

case ENOMEM:

265

319

default:

266

320

errno = ret;

267

error(0, errno, "argp_parse");

321

error_plus(0, errno, "argp_parse");

268

322

return EX_OSERR;

269

323

case EINVAL:

270

324

return EX_USAGE;

275

329

fprintf(stderr, "Starting %s\n", argv[0]);

276

330

}

277

331

278

if (conflict_detection()){

332

if(conflict_detection()){

279

333

if(debug){

280

334

fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);

281

335

}

288

342

289

343

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

290

344

int e = errno;

291

error(0, errno, "tcgetattr");

345

error_plus(0, errno, "tcgetattr");

292

346

switch(e){

293

347

case EBADF:

294

348

case ENOTTY:

301

355

sigemptyset(&new_action.sa_mask);

302

356

ret = sigaddset(&new_action.sa_mask, SIGINT);

303

357

if(ret == -1){

304

error(0, errno, "sigaddset");

358

error_plus(0, errno, "sigaddset");

305

359

return EX_OSERR;

306

360

}

307

361

ret = sigaddset(&new_action.sa_mask, SIGHUP);

308

362

if(ret == -1){

309

error(0, errno, "sigaddset");

363

error_plus(0, errno, "sigaddset");

310

364

return EX_OSERR;

311

365

}

312

366

ret = sigaddset(&new_action.sa_mask, SIGTERM);

313

367

if(ret == -1){

314

error(0, errno, "sigaddset");

368

error_plus(0, errno, "sigaddset");

315

369

return EX_OSERR;

316

370

}

317

371

/* Need to check if the handler is SIG_IGN before handling:

320

374

321

375

ret = sigaction(SIGINT, NULL, &old_action);

322

376

if(ret == -1){

323

error(0, errno, "sigaction");

377

error_plus(0, errno, "sigaction");

324

378

return EX_OSERR;

325

379

}

326

380

if(old_action.sa_handler != SIG_IGN){

327

381

ret = sigaction(SIGINT, &new_action, NULL);

328

382

if(ret == -1){

329

error(0, errno, "sigaction");

383

error_plus(0, errno, "sigaction");

330

384

return EX_OSERR;

331

385

}

332

386

}

333

387

ret = sigaction(SIGHUP, NULL, &old_action);

334

388

if(ret == -1){

335

error(0, errno, "sigaction");

389

error_plus(0, errno, "sigaction");

336

390

return EX_OSERR;

337

391

}

338

392

if(old_action.sa_handler != SIG_IGN){

339

393

ret = sigaction(SIGHUP, &new_action, NULL);

340

394

if(ret == -1){

341

error(0, errno, "sigaction");

395

error_plus(0, errno, "sigaction");

342

396

return EX_OSERR;

343

397

}

344

398

}

345

399

ret = sigaction(SIGTERM, NULL, &old_action);

346

400

if(ret == -1){

347

error(0, errno, "sigaction");

401

error_plus(0, errno, "sigaction");

348

402

return EX_OSERR;

349

403

}

350

404

if(old_action.sa_handler != SIG_IGN){

351

405

ret = sigaction(SIGTERM, &new_action, NULL);

352

406

if(ret == -1){

353

error(0, errno, "sigaction");

407

error_plus(0, errno, "sigaction");

354

408

return EX_OSERR;

355

409

}

356

410

}

364

418

t_new.c_lflag &= ~(tcflag_t)ECHO;

365

419

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

366

420

int e = errno;

367

error(0, errno, "tcsetattr-echo");

421

error_plus(0, errno, "tcsetattr-echo");

368

422

switch(e){

369

423

case EBADF:

370

424

case ENOTTY:

390

444

if(prefix){

391

445

fprintf(stderr, "%s ", prefix);

392

446

}

393

{

447

if(prompt != NULL){

448

fprintf(stderr, "%s: ", prompt);

449

} else {

394

450

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

395

451

const char *crypttarget = getenv("CRYPTTAB_NAME");

396

452

/* Before cryptsetup 1.1.0~rc2 */

434

490

sret = write(STDOUT_FILENO, buffer + written, n - written);

435

491

if(sret < 0){

436

492

int e = errno;

437

error(0, errno, "write");

493

error_plus(0, errno, "write");

438

494

switch(e){

439

495

case EBADF:

440

496

case EFAULT:

456

512

sret = close(STDOUT_FILENO);

457

513

if(sret == -1){

458

514

int e = errno;

459

error(0, errno, "close");

515

error_plus(0, errno, "close");

460

516

switch(e){

461

517

case EBADF:

462

518

status = EX_OSFILE;

471

527

}

472

528

if(sret < 0){

473

529

int e = errno;

474

if(errno != EINTR and not feof(stdin)){

475

error(0, errno, "getline");

476

switch(e){

477

case EBADF:

478

status = EX_UNAVAILABLE;

479

case EIO:

480

case EINVAL:

481

default:

482

status = EX_IOERR;

530

if(errno != EINTR){

531

if(not feof(stdin)){

532

error_plus(0, errno, "getline");

533

switch(e){

534

case EBADF:

535

status = EX_UNAVAILABLE;

536

break;

537

case EIO:

538

case EINVAL:

539

default:

540

status = EX_IOERR;

541

break;

542

}

483

543

break;

544

} else {

545

clearerr(stdin);

484

546

}

485

break;

486

547

}

487

548

}

488

549

/* if(sret == 0), then the only sensible thing to do is to retry

501

562

fprintf(stderr, "Restoring terminal attributes\n");

502

563

}

503

564

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

504

error(0, errno, "tcsetattr+echo");

565

error_plus(0, errno, "tcsetattr+echo");

505

566

}

506

567

507

568

if(quit_now){

509

570

old_action.sa_handler = SIG_DFL;

510

571

ret = sigaction(signal_received, &old_action, NULL);

511

572

if(ret == -1){

512

error(0, errno, "sigaction");

573

error_plus(0, errno, "sigaction");

513

574

}

514

575

raise(signal_received);

515

576

}

Older »