/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/passprompt.c

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/passprompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _GNU_SOURCE /* getline(), asprintf() */

#define _GNU_SOURCE /* getline() */

#define _FORTIFY_SOURCE 2

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

tcgetattr(), ECHO */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t,

ssize_t, open() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

SIGQUIT, SIGHUP, SIGTERM */

#include <stddef.h> /* NULL, size_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc()

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

stdin, feof(), perror(), fputc(),

stdout */

#include <errno.h> /* errno, EINVAL */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp */

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

/* Needed for conflic resolution */

const char plymouthd_name[] = "plymouthd";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

}

bool conflict_detection(void){

/* plymouth conflicts with password-prompt since both want to read

from the terminal. Password-prompt will exit if it detects

plymouth since plymouth performs the same functionality.

int is_plymouth(const struct dirent *proc_entry){

int ret;

int cl_fd;

{

uintmax_t maxvalue;

char *tmp;

errno = 0;

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

if(errno != 0 or *tmp != '\0'

or maxvalue != (uintmax_t)((pid_t)maxvalue)){

return 0;

100

}

101

}

102

103

char *cmdline_filename;

104

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline", proc_entry->d_name);

105

if(ret == -1){

106

error(0, errno, "asprintf");

107

return 0;

108

}

109

110

/* Open /proc/<pid>/cmdline */

111

cl_fd = open(cmdline_filename, O_RDONLY);

112

free(cmdline_filename);

113

if(cl_fd == -1){

114

error(0, errno, "open");

115

return 0;

116

}

117

118

char *cmdline = NULL;

119

{

120

size_t cmdline_len = 0;

121

size_t cmdline_allocated = 0;

122

char *tmp;

123

const size_t blocksize = 1024;

124

ssize_t sret;

125

do {

126

/* Allocate more space? */

127

if(cmdline_len + blocksize + 1 > cmdline_allocated){

128

tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);

129

if(tmp == NULL){

130

error(0, errno, "realloc");

131

free(cmdline);

132

close(cl_fd);

133

return 0;

134

}

135

cmdline = tmp;

136

cmdline_allocated += blocksize;

137

}

138

139

/* Read data */

140

sret = read(cl_fd, cmdline + cmdline_len,

141

cmdline_allocated - cmdline_len);

142

if(sret == -1){

143

error(0, errno, "read");

144

free(cmdline);

145

close(cl_fd);

146

return 0;

147

}

148

cmdline_len += (size_t)sret;

149

} while(sret != 0);

150

ret = close(cl_fd);

151

if(ret == -1){

152

error(0, errno, "close");

153

free(cmdline);

154

return 0;

155

}

156

cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */

157

}

158

/* we now have cmdline */

159

160

/* get basename */

161

char *cmdline_base = strrchr(cmdline, '/');

162

if(cmdline_base != NULL){

163

cmdline_base += 1; /* skip the slash */

164

} else {

165

cmdline_base = cmdline;

166

}

167

168

if(strcmp(cmdline_base, plymouthd_name) != 0){

169

free(cmdline);

170

return 0;

171

}

172

free(cmdline);

173

return 1;

174

}

175

176

struct dirent **direntries;

177

int ret;

178

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

179

if (ret == -1){

180

error(1, errno, "scandir");

181

}

182

return ret > 0;

183

}

184

volatile bool quit_now = false;

void termination_handler(int signum){

quit_now = true;

}

185

186

int main(int argc, char **argv){

187

ssize_t sret;

188

int ret;

ssize_t ret = -1;

189

size_t n;

190

struct termios t_new, t_old;

191

char *buffer = NULL;

192

char *prefix = NULL;

193

int status = EXIT_SUCCESS;

194

struct sigaction old_action,

195

new_action = { .sa_handler = termination_handler,

196

.sa_flags = 0 };

197

{

198

struct argp_option options[] = {

199

{ .name = "prefix", .key = 'p',

200

.arg = "PREFIX", .flags = 0,

201

.doc = "Prefix shown before the prompt", .group = 2 },

202

{ .name = "debug", .key = 128,

203

.doc = "Debug mode", .group = 3 },

204

205

* These reproduce what we would get without ARGP_NO_HELP

206

207

{ .name = "help", .key = '?',

208

.doc = "Give this help list", .group = -1 },

209

{ .name = "usage", .key = -3,

210

.doc = "Give a short usage message", .group = -1 },

211

{ .name = "version", .key = 'V',

212

.doc = "Print program version", .group = -1 },

213

{ .name = NULL }

214

};

215

216

error_t parse_opt (int key, char *arg, struct argp_state *state){

217

errno = 0;

218

switch (key){

219

case 'p':

220

prefix = arg;

221

break;

222

case 128:

223

debug = true;

224

break;

225

226

* These reproduce what we would get without ARGP_NO_HELP

227

228

case '?': /* --help */

229

argp_state_help(state, state->out_stream,

230

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

231

& ~(unsigned int)ARGP_HELP_EXIT_OK);

232

case -3: /* --usage */

233

argp_state_help(state, state->out_stream,

234

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

235

case 'V': /* --version */

236

fprintf(state->out_stream, "%s\n", argp_program_version);

237

exit(argp_err_exit_status);

238

break;

239

default:

240

return ARGP_ERR_UNKNOWN;

241

}

242

return errno;

243

}

244

245

struct argp argp = { .options = options, .parser = parse_opt,

246

.args_doc = "",

247

.doc = "Mandos password-prompt -- Read and"

248

" output a password" };

249

ret = argp_parse(&argp, argc, argv,

250

ARGP_IN_ORDER | ARGP_NO_HELP, NULL, NULL);

251

switch(ret){

252

case 0:

253

break;

254

case ENOMEM:

255

default:

256

errno = ret;

257

error(0, errno, "argp_parse");

258

return EX_OSERR;

259

case EINVAL:

260

return EX_USAGE;

261

}

262

}

263

264

if(debug){

265

fprintf(stderr, "Starting %s\n", argv[0]);

266

}

267

268

if (conflict_detection()){

269

if(debug){

270

fprintf(stderr, "Stopping %s because of conflict", argv[0]);

271

}

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

272

return EXIT_FAILURE;

273

}

274

275

if(debug){

276

fprintf(stderr, "Storing current terminal attributes\n");

277

}

278

279

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

280

int e = errno;

281

error(0, errno, "tcgetattr");

282

switch(e){

283

case EBADF:

284

case ENOTTY:

285

return EX_UNAVAILABLE;

286

default:

287

return EX_OSERR;

288

}

289

}

290

291

sigemptyset(&new_action.sa_mask);

292

ret = sigaddset(&new_action.sa_mask, SIGINT);

293

if(ret == -1){

294

error(0, errno, "sigaddset");

295

return EX_OSERR;

296

}

297

ret = sigaddset(&new_action.sa_mask, SIGHUP);

298

if(ret == -1){

299

error(0, errno, "sigaddset");

300

return EX_OSERR;

301

}

302

ret = sigaddset(&new_action.sa_mask, SIGTERM);

303

if(ret == -1){

304

error(0, errno, "sigaddset");

305

return EX_OSERR;

306

}

307

/* Need to check if the handler is SIG_IGN before handling:

308

| [[info:libc:Initial Signal Actions]] |

309

| [[info:libc:Basic Signal Handling]] |

310

311

ret = sigaction(SIGINT, NULL, &old_action);

312

if(ret == -1){

313

error(0, errno, "sigaction");

314

return EX_OSERR;

315

}

316

if(old_action.sa_handler != SIG_IGN){

317

ret = sigaction(SIGINT, &new_action, NULL);

318

if(ret == -1){

319

error(0, errno, "sigaction");

320

return EX_OSERR;

321

}

322

}

323

ret = sigaction(SIGHUP, NULL, &old_action);

324

if(ret == -1){

325

error(0, errno, "sigaction");

326

return EX_OSERR;

327

}

328

if(old_action.sa_handler != SIG_IGN){

329

ret = sigaction(SIGHUP, &new_action, NULL);

330

if(ret == -1){

331

error(0, errno, "sigaction");

332

return EX_OSERR;

333

}

334

}

335

ret = sigaction(SIGTERM, NULL, &old_action);

336

if(ret == -1){

337

error(0, errno, "sigaction");

338

return EX_OSERR;

339

}

340

if(old_action.sa_handler != SIG_IGN){

341

ret = sigaction(SIGTERM, &new_action, NULL);

342

if(ret == -1){

343

error(0, errno, "sigaction");

344

return EX_OSERR;

345

}

346

}

347

348

349

if(debug){

350

fprintf(stderr, "Removing echo flag from terminal attributes\n");

351

}

sigaddset(&new_action.sa_mask, SIGINT);

sigaddset(&new_action.sa_mask, SIGQUIT);

sigaddset(&new_action.sa_mask, SIGHUP);

sigaddset(&new_action.sa_mask, SIGTERM);

sigaction(SIGINT, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGINT, &new_action, NULL);

sigaction(SIGQUIT, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGQUIT, &new_action, NULL);

sigaction(SIGHUP, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGHUP, &new_action, NULL);

sigaction(SIGTERM, NULL, &old_action);

if (old_action.sa_handler != SIG_IGN)

sigaction(SIGTERM, &new_action, NULL);

352

353

t_new = t_old;

354

t_new.c_lflag &= ~(tcflag_t)ECHO;

355

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

356

int e = errno;

357

error(0, errno, "tcsetattr-echo");

358

switch(e){

359

case EBADF:

360

case ENOTTY:

361

return EX_UNAVAILABLE;

362

case EINVAL:

363

default:

364

return EX_OSERR;

365

}

t_new.c_lflag &= ~ECHO;

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

perror("tcsetattr-echo");

return EXIT_FAILURE;

366

}

367

368

if(debug){

369

fprintf(stderr, "Waiting for input from stdin \n");

370

}

371

while(true){

372

if(quit_now){

373

if(debug){

374

fprintf(stderr, "Interrupted by signal, exiting.\n");

375

}

if (quit_now){

376

status = EXIT_FAILURE;

377

break;

378

}

379

380

if(prefix){

381

fprintf(stderr, "%s ", prefix);

382

}

383

{

384

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

385

const char *crypttarget = getenv("CRYPTTAB_NAME");

386

/* Before cryptsetup 1.1.0~rc2 */

387

if(cryptsource == NULL){

388

cryptsource = getenv("cryptsource");

389

}

390

if(crypttarget == NULL){

391

crypttarget = getenv("crypttarget");

392

}

393

const char *const prompt1 = "Unlocking the disk";

394

const char *const prompt2 = "Enter passphrase";

395

if(cryptsource == NULL){

396

if(crypttarget == NULL){

397

fprintf(stderr, "%s to unlock the disk: ", prompt2);

398

} else {

399

fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,

400

prompt2);

401

}

402

} else {

403

if(crypttarget == NULL){

404

fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,

405

prompt2);

406

} else {

407

fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,

408

crypttarget, prompt2);

409

}

410

}

411

}

412

sret = getline(&buffer, &n, stdin);

413

if(sret > 0){

fprintf(stderr, "Password: ");

ret = getline(&buffer, &n, stdin);

if (ret > 0){

fprintf(stdout, "%s", buffer);

414

status = EXIT_SUCCESS;

415

/* Make n = data size instead of allocated buffer size */

416

n = (size_t)sret;

417

/* Strip final newline */

418

if(n > 0 and buffer[n-1] == '\n'){

419

buffer[n-1] = '\0'; /* not strictly necessary */

420

n--;

421

}

422

size_t written = 0;

423

while(written < n){

424

sret = write(STDOUT_FILENO, buffer + written, n - written);

425

if(sret < 0){

426

int e = errno;

427

error(0, errno, "write");

428

switch(e){

429

case EBADF:

430

case EFAULT:

431

case EINVAL:

432

case EFBIG:

433

case EIO:

434

case ENOSPC:

435

default:

436

status = EX_IOERR;

437

break;

438

case EINTR:

439

status = EXIT_FAILURE;

440

break;

441

}

442

break;

443

}

444

written += (size_t)sret;

445

}

446

sret = close(STDOUT_FILENO);

447

if(sret == -1){

448

int e = errno;

449

error(0, errno, "close");

450

switch(e){

451

case EBADF:

452

status = EX_OSFILE;

453

break;

454

case EIO:

455

default:

456

status = EX_IOERR;

457

break;

458

}

459

}

460

break;

461

}

462

if(sret < 0){

463

int e = errno;

464

if(errno != EINTR and not feof(stdin)){

465

error(0, errno, "getline");

466

switch(e){

467

case EBADF:

468

status = EX_UNAVAILABLE;

469

case EIO:

470

case EINVAL:

471

default:

472

status = EX_IOERR;

473

break;

474

}

// ret == 0 makes no other sence than to retry to read from stdin

if (ret < 0){

if (errno != EINTR and not feof(stdin)){

perror("getline");

status = EXIT_FAILURE;

475

break;

476

}

477

}

478

/* if(sret == 0), then the only sensible thing to do is to retry to

479

read from stdin */

480

fputc('\n', stderr);

481

if(debug and not quit_now){

482

/* If quit_now is nonzero, we were interrupted by a signal, and

483

will print that later, so no need to show this too. */

484

fprintf(stderr, "getline() returned 0, retrying.\n");

485

}

486

}

487

488

free(buffer);

489

490

if(debug){

491

fprintf(stderr, "Restoring terminal attributes\n");

492

}

493

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

494

error(0, errno, "tcsetattr+echo");

495

}

496

497

if(quit_now){

498

sigemptyset(&old_action.sa_mask);

499

old_action.sa_handler = SIG_DFL;

500

ret = sigaction(signal_received, &old_action, NULL);

501

if(ret == -1){

502

error(0, errno, "sigaction");

503

}

504

raise(signal_received);

505

}

506

507

if(debug){

508

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

509

status);

510

}

511

if(status == EXIT_SUCCESS or status == EX_OK){

512

fputc('\n', stderr);

}

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

perror("tcsetattr+echo");

513

}

514

515

return status;

Older »