/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/passprompt.c

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/passprompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _GNU_SOURCE /* getline() */

#define _FORTIFY_SOURCE 2

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

SIGQUIT, SIGHUP, SIGTERM */

#include <stddef.h> /* NULL, size_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getopt_long, getenv() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), perror(), fputc(),

getopt_long */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

stdout */

#include <errno.h> /* errno, EINVAL */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

volatile bool quit_now = false;

void termination_handler(int signum){

quit_now = true;

}

int main(int argc, char **argv){

ssize_t ret;

ssize_t ret = -1;

size_t n;

struct termios t_new, t_old;

char *buffer = NULL;

char *prefix = NULL;

int status = EXIT_SUCCESS;

struct sigaction old_action,

new_action = { .sa_handler = termination_handler,

.sa_flags = 0 };

{

struct argp_option options[] = {

{ .name = "prefix", .key = 'p',

.arg = "PREFIX", .flags = 0,

.doc = "Prefix shown before the prompt", .group = 2 },

{ .name = "debug", .key = 128,

.doc = "Debug mode", .group = 3 },

{ .name = NULL }

};

error_t parse_opt (int key, char *arg, struct argp_state *state){

switch (key){

case 'p':

prefix = arg;

break;

case 128:

debug = true;

break;

100

case ARGP_KEY_ARG:

101

argp_usage(state);

102

break;

103

case ARGP_KEY_END:

104

break;

105

default:

106

return ARGP_ERR_UNKNOWN;

107

}

108

return 0;

109

}

110

111

struct argp argp = { .options = options, .parser = parse_opt,

112

.args_doc = "",

113

.doc = "Mandos password-prompt -- Read and"

114

" output a password" };

115

ret = argp_parse(&argp, argc, argv, 0, 0, NULL);

116

if(ret == ARGP_ERR_UNKNOWN){

117

fprintf(stderr, "Unknown error while parsing arguments\n");

118

return EX_SOFTWARE;

119

}

120

}

121

122

if(debug){

123

fprintf(stderr, "Starting %s\n", argv[0]);

124

}

125

if(debug){

126

fprintf(stderr, "Storing current terminal attributes\n");

127

}

128

129

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

130

int e = errno;

131

perror("tcgetattr");

132

switch(e){

133

case EBADF:

134

case ENOTTY:

135

return EX_UNAVAILABLE;

136

default:

137

return EX_OSERR;

138

}

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

return EXIT_FAILURE;

139

}

140

141

sigemptyset(&new_action.sa_mask);

142

ret = sigaddset(&new_action.sa_mask, SIGINT);

143

if(ret == -1){

144

perror("sigaddset");

145

return EX_OSERR;

146

}

147

ret = sigaddset(&new_action.sa_mask, SIGHUP);

148

if(ret == -1){

149

perror("sigaddset");

150

return EX_OSERR;

151

}

152

ret = sigaddset(&new_action.sa_mask, SIGTERM);

153

if(ret == -1){

154

perror("sigaddset");

155

return EX_OSERR;

156

}

157

/* Need to check if the handler is SIG_IGN before handling:

158

| [[info:libc:Initial Signal Actions]] |

159

| [[info:libc:Basic Signal Handling]] |

160

161

ret = sigaction(SIGINT, NULL, &old_action);

162

if(ret == -1){

163

perror("sigaction");

164

return EX_OSERR;

165

}

166

if(old_action.sa_handler != SIG_IGN){

167

ret = sigaction(SIGINT, &new_action, NULL);

168

if(ret == -1){

169

perror("sigaction");

170

return EX_OSERR;

171

}

172

}

173

ret = sigaction(SIGHUP, NULL, &old_action);

174

if(ret == -1){

175

perror("sigaction");

176

return EX_OSERR;

177

}

178

if(old_action.sa_handler != SIG_IGN){

179

ret = sigaction(SIGHUP, &new_action, NULL);

180

if(ret == -1){

181

perror("sigaction");

182

return EX_OSERR;

183

}

184

}

185

ret = sigaction(SIGTERM, NULL, &old_action);

186

if(ret == -1){

187

perror("sigaction");

188

return EX_OSERR;

189

}

190

if(old_action.sa_handler != SIG_IGN){

191

ret = sigaction(SIGTERM, &new_action, NULL);

192

if(ret == -1){

193

perror("sigaction");

194

return EX_OSERR;

195

}

196

}

197

198

199

if(debug){

200

fprintf(stderr, "Removing echo flag from terminal attributes\n");

201

}

sigaddset(&new_action.sa_mask, SIGINT);

sigaddset(&new_action.sa_mask, SIGQUIT);

sigaddset(&new_action.sa_mask, SIGHUP);

sigaddset(&new_action.sa_mask, SIGTERM);

sigaction(SIGINT, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGINT, &new_action, NULL);

sigaction(SIGQUIT, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGQUIT, &new_action, NULL);

sigaction(SIGHUP, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGHUP, &new_action, NULL);

sigaction(SIGTERM, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGTERM, &new_action, NULL);

202

203

t_new = t_old;

204

t_new.c_lflag &= ~(tcflag_t)ECHO;

205

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

206

int e = errno;

t_new.c_lflag &= ~ECHO;

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

207

perror("tcsetattr-echo");

208

switch(e){

209

case EBADF:

210

case ENOTTY:

211

return EX_UNAVAILABLE;

212

case EINVAL:

213

default:

214

return EX_OSERR;

215

}

return EXIT_FAILURE;

216

}

217

218

if(debug){

219

fprintf(stderr, "Waiting for input from stdin \n");

220

}

221

while(true){

222

if(quit_now){

223

if(debug){

224

fprintf(stderr, "Interrupted by signal, exiting.\n");

225

}

if (quit_now){

226

status = EXIT_FAILURE;

227

break;

228

}

229

230

if(prefix){

231

fprintf(stderr, "%s ", prefix);

232

}

233

{

234

const char *cryptsource = getenv("cryptsource");

235

const char *crypttarget = getenv("crypttarget");

236

const char *const prompt

237

= "Enter passphrase to unlock the disk";

238

if(cryptsource == NULL){

239

if(crypttarget == NULL){

240

fprintf(stderr, "%s: ", prompt);

241

} else {

242

fprintf(stderr, "%s (%s): ", prompt, crypttarget);

243

}

244

} else {

245

if(crypttarget == NULL){

246

fprintf(stderr, "%s %s: ", prompt, cryptsource);

247

} else {

248

fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,

249

crypttarget);

250

}

251

}

252

}

fprintf(stderr, "Password: ");

253

ret = getline(&buffer, &n, stdin);

254

if(ret > 0){

if (ret > 0){

fprintf(stdout, "%s", buffer);

255

status = EXIT_SUCCESS;

256

/* Make n = data size instead of allocated buffer size */

257

n = (size_t)ret;

258

/* Strip final newline */

259

if(n > 0 and buffer[n-1] == '\n'){

260

buffer[n-1] = '\0'; /* not strictly necessary */

261

n--;

262

}

263

size_t written = 0;

264

while(written < n){

265

ret = write(STDOUT_FILENO, buffer + written, n - written);

266

if(ret < 0){

267

int e = errno;

268

perror("write");

269

switch(e){

270

case EBADF:

271

case EFAULT:

272

case EINVAL:

273

case EFBIG:

274

case EIO:

275

case ENOSPC:

276

default:

277

status = EX_IOERR;

278

break;

279

case EINTR:

280

status = EXIT_FAILURE;

281

break;

282

}

283

break;

284

}

285

written += (size_t)ret;

286

}

287

ret = close(STDOUT_FILENO);

288

if(ret == -1){

289

int e = errno;

290

perror("close");

291

switch(e){

292

case EBADF:

293

status = EX_OSFILE;

294

break;

295

case EIO:

296

default:

297

status = EX_IOERR;

298

break;

299

}

300

}

301

break;

302

}

303

if(ret < 0){

304

int e = errno;

305

if(errno != EINTR and not feof(stdin)){

// ret == 0 makes no other sence than to retry to read from stdin

if (ret < 0){

if (errno != EINTR and not feof(stdin)){

306

perror("getline");

307

switch(e){

308

case EBADF:

309

status = EX_UNAVAILABLE;

310

case EIO:

311

case EINVAL:

312

default:

313

status = EX_IOERR;

314

break;

315

}

status = EXIT_FAILURE;

316

break;

317

}

318

}

319

/* if(ret == 0), then the only sensible thing to do is to retry to

320

read from stdin */

321

fputc('\n', stderr);

322

if(debug and not quit_now){

323

/* If quit_now is nonzero, we were interrupted by a signal, and

324

will print that later, so no need to show this too. */

325

fprintf(stderr, "getline() returned 0, retrying.\n");

326

}

327

}

328

329

free(buffer);

330

331

if(debug){

332

fprintf(stderr, "Restoring terminal attributes\n");

333

}

334

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

}

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

335

perror("tcsetattr+echo");

336

}

337

338

if(quit_now){

339

sigemptyset(&old_action.sa_mask);

340

old_action.sa_handler = SIG_DFL;

341

ret = sigaction(signal_received, &old_action, NULL);

342

if(ret == -1){

343

perror("sigaction");

344

}

345

raise(signal_received);

346

}

347

348

if(debug){

349

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

350

status);

351

}

352

if(status == EXIT_SUCCESS or status == EX_OK){

353

fputc('\n', stderr);

354

}

355

356

return status;

357

}

Older »