1
#define _GNU_SOURCE /* asprintf() */
2
#include <signal.h> /* sig_atomic_t, struct sigaction,
3
sigemptyset(), sigaddset(),
4
sigaction, SIGINT, SIG_IGN, SIGHUP,
5
SIGTERM, kill(), SIGKILL */
6
#include <stddef.h> /* NULL */
7
#include <stdlib.h> /* getenv() */
8
#include <stdio.h> /* asprintf(), perror() */
9
#include <stdlib.h> /* EXIT_FAILURE, EXIT_SUCCESS,
11
#include <sys/types.h> /* pid_t, DIR, struct dirent,
13
#include <dirent.h> /* opendir(), readdir(), closedir() */
14
#include <unistd.h> /* readlink(), fork(), execl(),
16
#include <string.h> /* memcmp() */
17
#include <iso646.h> /* and */
1
/* -*- coding: utf-8 -*- */
3
* Usplash - Read a password from usplash and output it
5
* Copyright © 2008-2018, 2021-2022 Teddy Hogeborn
6
* Copyright © 2008-2018, 2021-2022 Björn Påhlsson
8
* This file is part of Mandos.
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
15
* Mandos is distributed in the hope that it will be useful, but
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
* General Public License for more details.
20
* You should have received a copy of the GNU General Public License
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
23
* Contact the authors at <mandos@recompile.se>.
26
#define _GNU_SOURCE /* vasprintf(),
27
program_invocation_short_name,
28
asprintf(), TEMP_FAILURE_RETRY() */
29
#include <sys/types.h> /* sig_atomic_t, pid_t, setuid(),
30
geteuid(), setsid() */
31
#include <stdarg.h> /* va_list, va_start(), vfprintf() */
32
#include <stdio.h> /* vasprintf(), fprintf(), stderr,
33
vfprintf(), asprintf() */
34
#include <errno.h> /* program_invocation_short_name,
35
errno, ENOENT, EINTR */
36
#include <string.h> /* strerror(), strlen(), memcmp() */
37
#include <error.h> /* error() */
38
#include <stdlib.h> /* free(), getenv(), realloc(),
39
EXIT_FAILURE, EXIT_SUCCESS,
18
41
#include <stdbool.h> /* bool, false, true */
19
#include <errno.h> /* errno */
20
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
22
#include <fcntl.h> /* open(), O_RDONLY */
42
#include <fcntl.h> /* open(), O_WRONLY, O_RDONLY */
43
#include <stddef.h> /* size_t, NULL */
44
#include <unistd.h> /* close(), ssize_t, write(),
45
readlink(), read(), STDOUT_FILENO,
46
sleep(), fork(), setuid(),
47
geteuid(), setsid(), chdir(),
48
_exit(), dup2(), STDERR_FILENO,
49
execv(), TEMP_FAILURE_RETRY(),
51
#include <dirent.h> /* DIR, opendir(), struct dirent,
52
readdir(), closedir() */
53
#include <inttypes.h> /* intmax_t, strtoimax() */
54
#include <iso646.h> /* or, not, and */
55
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK() */
56
#include <sysexits.h> /* EX_OSERR, EX_UNAVAILABLE */
57
#include <signal.h> /* struct sigaction, sigemptyset(),
58
sigaddset(), SIGINT, SIGHUP,
59
SIGTERM, SIG_IGN, kill(), SIGKILL,
61
#include <argz.h> /* argz_count(), argz_extract() */
24
63
sig_atomic_t interrupted_by_signal = 0;
26
static void termination_handler(__attribute__((unused))int signum){
65
const char usplash_name[] = "/sbin/usplash";
67
/* Function to use when printing errors */
68
__attribute__((format (gnu_printf, 3, 4)))
69
void error_plus(int status, int errnum, const char *formatstring,
75
va_start(ap, formatstring);
76
ret = vasprintf(&text, formatstring, ap);
78
fprintf(stderr, "Mandos plugin %s: ",
79
program_invocation_short_name);
80
vfprintf(stderr, formatstring, ap);
81
fprintf(stderr, ": ");
82
fprintf(stderr, "%s\n", strerror(errnum));
83
error(status, errno, "vasprintf while printing error");
86
fprintf(stderr, "Mandos plugin ");
87
error(status, errnum, "%s", text);
91
static void termination_handler(int signum){
92
if(interrupted_by_signal){
27
95
interrupted_by_signal = 1;
96
signal_received = signum;
30
static bool usplash_write(const char *cmd, const char *arg){
99
static bool usplash_write(int *fifo_fd_r,
100
const char *cmd, const char *arg){
32
* usplash_write("TIMEOUT", "15"); -> "TIMEOUT 15\0"
33
* usplash_write("PULSATE", NULL); -> "PULSATE\0"
102
* usplash_write(&fd, "TIMEOUT", "15") will write "TIMEOUT 15\0"
103
* usplash_write(&fd, "PULSATE", NULL) will write "PULSATE\0"
35
105
* usplash_write(8)
40
fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);
41
if(fifo_fd == -1 and (errno != EINTR or interrupted_by_signal)){
108
if(*fifo_fd_r == -1){
109
ret = open("/dev/.initramfs/usplash_fifo", O_WRONLY);
44
}while(fifo_fd == -1);
46
116
const char *cmd_line;
47
118
char *cmd_line_alloc = NULL;
50
ret = (int)strlen(cmd);
121
cmd_line_len = strlen(cmd) + 1;
53
124
ret = asprintf(&cmd_line_alloc, "%s %s", cmd, arg);
54
if(ret == -1 and (errno != EINTR or interrupted_by_signal)){
61
132
cmd_line = cmd_line_alloc;
133
cmd_line_len = (size_t)ret + 1;
64
size_t cmd_line_len = (size_t)ret + 1;
65
136
size_t written = 0;
66
while(not interrupted_by_signal and written < cmd_line_len){
67
ret = write(fifo_fd, cmd_line + written,
68
cmd_line_len - written);
70
if(errno != EINTR or interrupted_by_signal){
138
while(written < cmd_line_len){
139
sret = write(*fifo_fd_r, cmd_line + written,
140
cmd_line_len - written);
144
free(cmd_line_alloc);
80
written += (size_t)ret;
148
written += (size_t)sret;
82
150
free(cmd_line_alloc);
85
if(ret == -1 and (errno != EINTR or interrupted_by_signal)){
89
if(interrupted_by_signal){
95
int main(__attribute__((unused))int argc,
96
__attribute__((unused))char **argv){
99
bool an_error_occured = false;
101
/* Create prompt string */
104
const char *const cryptsource = getenv("cryptsource");
105
const char *const crypttarget = getenv("crypttarget");
106
const char *const prompt_start = "Enter passphrase to unlock the disk";
108
if(cryptsource == NULL){
109
if(crypttarget == NULL){
110
ret = asprintf(&prompt, "%s: ", prompt_start);
112
ret = asprintf(&prompt, "%s (%s): ", prompt_start,
116
if(crypttarget == NULL){
117
ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);
119
ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,
120
cryptsource, crypttarget);
128
/* Find usplash process */
129
pid_t usplash_pid = 0;
155
/* Create prompt string */
156
char *makeprompt(void){
159
const char *const cryptsource = getenv("cryptsource");
160
const char *const crypttarget = getenv("crypttarget");
161
const char prompt_start[] = "Enter passphrase to unlock the disk";
163
if(cryptsource == NULL){
164
if(crypttarget == NULL){
165
ret = asprintf(&prompt, "%s: ", prompt_start);
167
ret = asprintf(&prompt, "%s (%s): ", prompt_start,
171
if(crypttarget == NULL){
172
ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);
174
ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,
175
cryptsource, crypttarget);
184
pid_t find_usplash(char **cmdline_r, size_t *cmdline_len_r){
130
187
char *cmdline = NULL;
131
188
size_t cmdline_len = 0;
132
const char usplash_name[] = "/sbin/usplash";
134
DIR *proc_dir = opendir("/proc");
135
if(proc_dir == NULL){
140
for(struct dirent *proc_ent = readdir(proc_dir);
142
proc_ent = readdir(proc_dir)){
143
pid_t pid = (pid_t) strtoul(proc_ent->d_name, NULL, 10);
189
DIR *proc_dir = opendir("/proc");
190
if(proc_dir == NULL){
191
error_plus(0, errno, "opendir");
195
for(struct dirent *proc_ent = readdir(proc_dir);
197
proc_ent = readdir(proc_dir)){
202
tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);
203
if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'
204
or tmpmax != (pid_t)tmpmax){
145
205
/* Not a process */
148
/* Find the executable name by doing readlink() on the
149
/proc/<pid>/exe link */
150
char exe_target[sizeof(usplash_name)];
211
/* Find the executable name by doing readlink() on the
212
/proc/<pid>/exe link */
213
char exe_target[sizeof(usplash_name)];
215
/* create file name string */
217
ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);
219
error_plus(0, errno, "asprintf");
220
goto fail_find_usplash;
223
/* Check that it refers to a symlink owned by root:root */
224
struct stat exe_stat;
225
ret = lstat(exe_link, &exe_stat);
231
error_plus(0, errno, "lstat");
233
goto fail_find_usplash;
235
if(not S_ISLNK(exe_stat.st_mode)
236
or exe_stat.st_uid != 0
237
or exe_stat.st_gid != 0){
242
sret = readlink(exe_link, exe_target, sizeof(exe_target));
245
/* Compare executable name */
246
if((sret != ((ssize_t)sizeof(exe_target)-1))
247
or (memcmp(usplash_name, exe_target,
248
sizeof(exe_target)-1) != 0)){
253
/* Read and save the command line of usplash in "cmdline" */
255
/* Open /proc/<pid>/cmdline */
153
ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);
258
char *cmdline_filename;
259
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
160
sret = readlink(exe_link, exe_target, sizeof(exe_target));
262
error_plus(0, errno, "asprintf");
263
goto fail_find_usplash;
265
cl_fd = open(cmdline_filename, O_RDONLY);
266
free(cmdline_filename);
268
error_plus(0, errno, "open");
269
goto fail_find_usplash;
163
if((sret == ((ssize_t)sizeof(exe_target)-1))
164
and (memcmp(usplash_name, exe_target,
165
sizeof(exe_target)-1) == 0)){
167
/* Read and save the command line of usplash in "cmdline" */
169
/* Open /proc/<pid>/cmdline */
172
char *cmdline_filename;
173
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
181
cl_fd = open(cmdline_filename, O_RDONLY);
184
free(cmdline_filename);
189
free(cmdline_filename);
272
size_t cmdline_allocated = 0;
274
const size_t blocksize = 1024;
276
/* Allocate more space? */
277
if(cmdline_len + blocksize > cmdline_allocated){
278
tmp = realloc(cmdline, cmdline_allocated + blocksize);
280
error_plus(0, errno, "realloc");
282
goto fail_find_usplash;
191
size_t cmdline_allocated = 0;
193
const size_t blocksize = 1024;
195
if(cmdline_len + blocksize > cmdline_allocated){
196
tmp = realloc(cmdline, cmdline_allocated + blocksize);
205
cmdline_allocated += blocksize;
207
sret = read(cl_fd, cmdline + cmdline_len,
208
cmdline_allocated - cmdline_len);
216
cmdline_len += (size_t)sret;
285
cmdline_allocated += blocksize;
288
sret = read(cl_fd, cmdline + cmdline_len,
289
cmdline_allocated - cmdline_len);
291
error_plus(0, errno, "read");
293
goto fail_find_usplash;
295
cmdline_len += (size_t)sret;
299
error_plus(0, errno, "close");
300
goto fail_find_usplash;
303
/* Close directory */
304
ret = closedir(proc_dir);
306
error_plus(0, errno, "closedir");
307
goto fail_find_usplash;
310
*cmdline_r = cmdline;
311
*cmdline_len_r = cmdline_len;
318
if(proc_dir != NULL){
223
320
closedir(proc_dir);
326
int main(__attribute__((unused))int argc,
327
__attribute__((unused))char **argv){
334
pid_t usplash_pid = -1;
335
bool usplash_accessed = false;
336
int status = EXIT_FAILURE; /* Default failure exit status */
338
char *prompt = makeprompt();
344
/* Find usplash process */
345
char *cmdline = NULL;
346
size_t cmdline_len = 0;
347
usplash_pid = find_usplash(&cmdline, &cmdline_len);
225
348
if(usplash_pid == 0){
349
status = EX_UNAVAILABLE;
230
353
/* Set up the signal handler */
233
356
new_action = { .sa_handler = termination_handler,
235
358
sigemptyset(&new_action.sa_mask);
236
sigaddset(&new_action.sa_mask, SIGINT);
237
sigaddset(&new_action.sa_mask, SIGHUP);
238
sigaddset(&new_action.sa_mask, SIGTERM);
359
ret = sigaddset(&new_action.sa_mask, SIGINT);
361
error_plus(0, errno, "sigaddset");
365
ret = sigaddset(&new_action.sa_mask, SIGHUP);
367
error_plus(0, errno, "sigaddset");
371
ret = sigaddset(&new_action.sa_mask, SIGTERM);
373
error_plus(0, errno, "sigaddset");
239
377
ret = sigaction(SIGINT, NULL, &old_action);
380
error_plus(0, errno, "sigaction");
245
if (old_action.sa_handler != SIG_IGN){
385
if(old_action.sa_handler != SIG_IGN){
246
386
ret = sigaction(SIGINT, &new_action, NULL);
389
error_plus(0, errno, "sigaction");
253
395
ret = sigaction(SIGHUP, NULL, &old_action);
398
error_plus(0, errno, "sigaction");
259
if (old_action.sa_handler != SIG_IGN){
403
if(old_action.sa_handler != SIG_IGN){
260
404
ret = sigaction(SIGHUP, &new_action, NULL);
407
error_plus(0, errno, "sigaction");
267
413
ret = sigaction(SIGTERM, NULL, &old_action);
416
error_plus(0, errno, "sigaction");
273
if (old_action.sa_handler != SIG_IGN){
421
if(old_action.sa_handler != SIG_IGN){
274
422
ret = sigaction(SIGTERM, &new_action, NULL);
425
error_plus(0, errno, "sigaction");
433
usplash_accessed = true;
283
434
/* Write command to FIFO */
284
if(not interrupted_by_signal){
285
if(not usplash_write("TIMEOUT", "0")
286
and (errno != EINTR)){
287
perror("usplash_write");
288
an_error_occured = true;
291
if(not interrupted_by_signal and not an_error_occured){
292
if(not usplash_write("INPUTQUIET", prompt)
293
and (errno != EINTR)){
294
perror("usplash_write");
295
an_error_occured = true;
435
if(not usplash_write(&fifo_fd, "TIMEOUT", "0")){
437
error_plus(0, errno, "usplash_write");
443
if(interrupted_by_signal){
447
if(not usplash_write(&fifo_fd, "INPUTQUIET", prompt)){
449
error_plus(0, errno, "usplash_write");
455
if(interrupted_by_signal){
300
/* This is not really a loop; while() is used to be able to "break"
301
out of it; those breaks are marked "Big" */
302
while(not interrupted_by_signal and not an_error_occured){
309
fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);
313
an_error_occured = true;
316
if(interrupted_by_signal){
320
}while(fifo_fd == -1);
321
if(interrupted_by_signal or an_error_occured){
326
size_t buf_allocated = 0;
327
const size_t blocksize = 1024;
329
if(buf_len + blocksize > buf_allocated){
330
char *tmp = realloc(buf, buf_allocated + blocksize);
333
an_error_occured = true;
337
buf_allocated += blocksize;
340
sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);
344
an_error_occured = true;
347
if(interrupted_by_signal){
352
if(interrupted_by_signal or an_error_occured){
356
buf_len += (size_t)sret;
359
if(interrupted_by_signal or an_error_occured){
363
if(not usplash_write("TIMEOUT", "15")
364
and (errno != EINTR)){
365
perror("usplash_write");
366
an_error_occured = true;
368
if(interrupted_by_signal or an_error_occured){
372
/* Print password to stdout */
376
sret = write(STDOUT_FILENO, buf + written, buf_len - written);
380
an_error_occured = true;
383
if(interrupted_by_signal){
388
if(interrupted_by_signal or an_error_occured){
392
written += (size_t)sret;
393
}while(written < buf_len);
394
if(not interrupted_by_signal and not an_error_occured){
400
/* If we got here, an error or interrupt must have happened */
402
int cmdline_argc = 0;
403
char **cmdline_argv = malloc(sizeof(char *));
404
/* Create argv and argc for new usplash*/
407
while(position < cmdline_len){
408
char **tmp = realloc(cmdline_argv,
409
(sizeof(char *) * (size_t)(cmdline_argc + 2)));
462
/* Read reply from usplash */
464
outfifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);
465
if(outfifo_fd == -1){
467
error_plus(0, errno, "open");
473
if(interrupted_by_signal){
478
size_t buf_allocated = 0;
479
const size_t blocksize = 1024;
481
/* Allocate more space */
482
if(buf_len + blocksize > buf_allocated){
483
char *tmp = realloc(buf, buf_allocated + blocksize);
416
cmdline_argv[cmdline_argc] = cmdline + position;
418
position += strlen(cmdline + position) + 1;
420
cmdline_argv[cmdline_argc] = NULL;
486
error_plus(0, errno, "realloc");
492
buf_allocated += blocksize;
494
sret = read(outfifo_fd, buf + buf_len,
495
buf_allocated - buf_len);
498
error_plus(0, errno, "read");
504
if(interrupted_by_signal){
508
buf_len += (size_t)sret;
510
ret = close(outfifo_fd);
513
error_plus(0, errno, "close");
520
if(interrupted_by_signal){
524
if(not usplash_write(&fifo_fd, "TIMEOUT", "15")){
526
error_plus(0, errno, "usplash_write");
532
if(interrupted_by_signal){
536
ret = close(fifo_fd);
539
error_plus(0, errno, "close");
546
/* Print password to stdout */
548
while(written < buf_len){
550
sret = write(STDOUT_FILENO, buf + written, buf_len - written);
553
error_plus(0, errno, "write");
560
if(interrupted_by_signal){
563
written += (size_t)sret;
568
if(interrupted_by_signal){
581
/* If usplash was never accessed, we can stop now */
582
if(not usplash_accessed){
588
ret = close(fifo_fd);
589
if(ret == -1 and errno != EINTR){
590
error_plus(0, errno, "close");
595
/* Close output FIFO */
596
if(outfifo_fd != -1){
597
ret = close(outfifo_fd);
599
error_plus(0, errno, "close");
603
/* Create argv for new usplash*/
604
char **cmdline_argv = malloc((argz_count(cmdline, cmdline_len) + 1)
605
* sizeof(char *)); /* Count args */
606
if(cmdline_argv == NULL){
607
error_plus(0, errno, "malloc");
610
argz_extract(cmdline, cmdline_len, cmdline_argv); /* Create argv */
422
612
/* Kill old usplash */
423
kill(usplash_pid, SIGTERM);
613
kill(usplash_pid, SIGTERM);
425
615
while(kill(usplash_pid, 0) == 0){
426
616
kill(usplash_pid, SIGKILL);
429
620
pid_t new_usplash_pid = fork();
430
621
if(new_usplash_pid == 0){
431
622
/* Child; will become new usplash process */
433
624
/* Make the effective user ID (root) the only user ID instead of
434
the real user ID (mandos) */
625
the real user ID (_mandos) */
435
626
ret = setuid(geteuid());
628
error_plus(0, errno, "setuid");
441
632
ret = chdir("/");
634
error_plus(0, errno, "chdir");
442
637
/* if(fork() != 0){ */
443
638
/* _exit(EXIT_SUCCESS); */
445
640
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */
642
error_plus(0, errno, "dup2");
451
646
execv(usplash_name, cmdline_argv);
647
if(not interrupted_by_signal){
648
error_plus(0, errno, "execv");
454
if(not usplash_write("PULSATE", NULL)
455
and (errno != EINTR)){
456
perror("usplash_write");
657
if(not usplash_write(&fifo_fd, "PULSATE", NULL)){
659
error_plus(0, errno, "usplash_write");
663
/* Close FIFO (again) */
665
ret = close(fifo_fd);
666
if(ret == -1 and errno != EINTR){
667
error_plus(0, errno, "close");
672
if(interrupted_by_signal){
673
struct sigaction signal_action = { .sa_handler = SIG_DFL };
674
sigemptyset(&signal_action.sa_mask);
675
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
676
&signal_action, NULL));
678
error_plus(0, errno, "sigaction");
681
ret = raise(signal_received);
682
} while(ret != 0 and errno == EINTR);
684
error_plus(0, errno, "raise");
687
TEMP_FAILURE_RETRY(pause());