/mandos/trunk : revision 237.4.134

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

Committer: Teddy Hogeborn
Date: 2020-11-30 18:18:25 UTC
mto: This revision was merged to the branch mainline in revision 1228.
Revision ID: teddy@recompile.se-20201130181825-55m01hog9c4yzbin

Tags: version-1.8.13-1

http://bugs.debian.org/975457

Version 1.8.13-1

* Makefile (version): Change to "1.8.13".
* NEWS (Version 1.8.13): Add new entry.
* debian/changelog (1.8.13-1): - '' -

files added:
debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/upstream/metadata

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

plugin-runner.c

plugins.d/mandos-client.c

plugins.d/plymouth.c

Show diffs side-by-side

added added

removed removed

dracut-module/password-agent.c

* Mandos password agent - Simple password agent to run Mandos client

* This file is part of Mandos.

#include <error.h> /* error() */

#include <sysexits.h> /* EX_USAGE, EX_OSERR, EX_OSFILE */

#include <errno.h> /* errno, error_t, EACCES,

ENAMETOOLONG, ENOENT, EEXIST,

ECHILD, EPERM, ENOMEM, EAGAIN,

EINTR, ENOBUFS, EADDRINUSE,

ENAMETOOLONG, ENOENT, ENOTDIR,

ENOMEM, EEXIST, ECHILD, EPERM,

EAGAIN, EINTR, ENOBUFS, EADDRINUSE,

ECONNREFUSED, ECONNRESET,

ETOOMANYREFS, EMSGSIZE, EBADF,

EINVAL */

ARGP_ERR_UNKNOWN, ARGP_KEY_ARGS,

struct argp, argp_parse(),

ARGP_NO_EXIT */

#include <stdint.h> /* SIZE_MAX */

#include <unistd.h> /* uid_t, gid_t, close(), pipe2(),

fork(), _exit(), dup2(),

STDOUT_FILENO, setresgid(),

#include <fcntl.h> /* O_CLOEXEC, O_NONBLOCK, fcntl(),

F_GETFD, F_GETFL, FD_CLOEXEC,

open(), O_WRONLY, O_NOCTTY,

O_RDONLY */

O_RDONLY, O_NOFOLLOW */

#include <sys/wait.h> /* waitpid(), WNOHANG, WIFEXITED(),

WEXITSTATUS() */

#include <limits.h> /* PIPE_BUF, NAME_MAX, INT_MAX */

#include <sys/inotify.h> /* inotify_init1(), IN_NONBLOCK,

IN_CLOEXEC, inotify_add_watch(),

IN_CLOSE_WRITE, IN_MOVED_TO,

IN_DELETE, struct inotify_event */

IN_MOVED_FROM, IN_DELETE,

IN_EXCL_UNLINK, IN_ONLYDIR,

struct inotify_event */

#include <fnmatch.h> /* fnmatch(), FNM_FILE_NAME */

#include <stdio.h> /* asprintf(), FILE, fopen(),

getline(), sscanf(), feof(),

ferror(), fclose(), stderr,

rename(), fdopen(), fprintf(),

100

fscanf() */

#include <stdio.h> /* asprintf(), FILE, stderr, fopen(),

100

fclose(), getline(), sscanf(),

101

feof(), ferror(), rename(),

102

fdopen(), fprintf(), fscanf() */

101

103

#include <glib.h> /* GKeyFile, g_key_file_free(), g_key_file_new(),

102

104

GError, g_key_file_load_from_file(),

103

105

G_KEY_FILE_NONE, TRUE, G_FILE_ERROR_NOENT,

146

148

mono_microsecs next_run;

147

149

} __attribute__((designated_init)) task_queue;

148

150

149

/* "func_type" - A function type for task functions

151

/* "task_func" - A function type for task functions

150

152

151

153

I.e. functions for the code which runs when a task is run, all have

152

154

this type */

649

651

650

652

__attribute__((nonnull, warn_unused_result))

651

653

bool add_to_queue(task_queue *const queue, const task_context task){

654

if((queue->length + 1) > (SIZE_MAX / sizeof(task_context))){

655

/* overflow */

656

error(0, ENOMEM, "Failed to allocate %" PRIuMAX

657

" tasks for queue->tasks", (uintmax_t)(queue->length + 1));

658

errno = ENOMEM;

659

return false;

660

}

652

661

const size_t needed_size = sizeof(task_context)*(queue->length + 1);

653

662

if(needed_size > (queue->allocated)){

654

663

task_context *const new_tasks = realloc(queue->tasks,

859

868

}

860

869

close(pipefds[1]);

861

870

871

if(pid == -1){

872

error(0, errno, "Failed to fork()");

873

close(pipefds[0]);

874

return false;

875

}

876

862

877

if(not add_to_queue(queue, (task_context){

863

878

.func=wait_for_mandos_client_exit,

864

879

.pid=pid,

1178

1193

bool *const password_is_read = task.password_is_read;

1179

1194

1180

1195

/* We use the GLib "Key-value file parser" functions to parse the

1181

question file. See <https://www.freedesktop.org/wiki/Software

1182

/systemd/PasswordAgents/> for specification of contents */

1196

question file. See <https://systemd.io/PASSWORD_AGENTS/> for

1197

specification of contents */

1183

1198

__attribute__((nonnull))

1184

1199

void cleanup_g_key_file(GKeyFile **key_file){

1185

1200

if(*key_file != NULL){

1475

1490

not. You may but don't have to include a final NUL byte in

1476

1491

your message.

1477

1492

1478

— <https://www.freedesktop.org/wiki/Software/systemd/

1479

PasswordAgents/> (Wed 08 Oct 2014 02:14:28 AM UTC)

1493

— <https://systemd.io/PASSWORD_AGENTS/> (Tue, 15 Sep 2020

1494

14:24:20 GMT)

1480

1495

1481

1496

send_buffer[0] = '+'; /* Prefix with "+" */

1482

1497

/* Always add an extra NUL */

1487

1502

errno = 0;

1488

1503

ssize_t ssret = send(fd, send_buffer, send_buffer_length,

1489

1504

MSG_NOSIGNAL);

1490

const error_t saved_errno = errno;

1505

const error_t saved_errno = (ssret < 0) ? errno : 0;

1491

1506

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 25)

1492

1507

explicit_bzero(send_buffer, send_buffer_length);

1493

1508

#else

1511

1526

/* Retry, below */

1512

1527

break;

1513

1528

case EMSGSIZE:

1514

error(0, 0, "Password of size %" PRIuMAX " is too big",

1515

(uintmax_t)password->length);

1529

error(0, saved_errno, "Password of size %" PRIuMAX

1530

" is too big", (uintmax_t)password->length);

1516

1531

#if __GNUC__ < 7

1517

1532

/* FALLTHROUGH */

1518

1533

#else

1520

1535

#endif

1521

1536

case 0:

1522

1537

if(ssret >= 0 and ssret < (ssize_t)send_buffer_length){

1523

error(0, 0, "Password only partially sent to socket");

1538

error(0, 0, "Password only partially sent to socket %s: %"

1539

PRIuMAX " out of %" PRIuMAX " bytes sent", filename,

1540

(uintmax_t)ssret, (uintmax_t)send_buffer_length);

1524

1541

}

1525

1542

#if __GNUC__ < 7

1526

1543

/* FALLTHROUGH */

1882

1899

g_assert_true(queue->tasks[0].func == dummy_func);

1883

1900

}

1884

1901

1902

static void test_add_to_queue_overflow(__attribute__((unused))

1903

test_fixture *fixture,

1904

__attribute__((unused))

1905

gconstpointer user_data){

1906

__attribute__((cleanup(cleanup_queue)))

1907

task_queue *queue = create_queue();

1908

g_assert_nonnull(queue);

1909

g_assert_true(queue->length == 0);

1910

queue->length = SIZE_MAX / sizeof(task_context); /* fake max size */

1911

1912

FILE *real_stderr = stderr;

1913

FILE *devnull = fopen("/dev/null", "we");

1914

g_assert_nonnull(devnull);

1915

stderr = devnull;

1916

const bool ret = add_to_queue(queue,

1917

(task_context){ .func=dummy_func });

1918

g_assert_true(errno == ENOMEM);

1919

g_assert_false(ret);

1920

stderr = real_stderr;

1921

g_assert_cmpint(fclose(devnull), ==, 0);

1922

queue->length = 0; /* Restore real size */

1923

}

1924

1885

1925

static void dummy_func(__attribute__((unused))

1886

1926

const task_context task,

1887

1927

__attribute__((unused))

2158

2198

}

2159

2199

exit(EXIT_SUCCESS);

2160

2200

}

2201

if(pid == -1){

2202

error(EXIT_FAILURE, errno, "Failed to fork()");

2203

}

2204

2161

2205

int status;

2162

2206

waitpid(pid, &status, 0);

2163

2207

if(WIFEXITED(status) and (WEXITSTATUS(status) == EXIT_SUCCESS)){

5765

5809

char write_data[PIPE_BUF];

5766

5810

{

5767

5811

/* Construct test password buffer */

5768

/* Start with + since that is what the real procotol uses */

5812

/* Start with + since that is what the real protocol uses */

5769

5813

write_data[0] = '+';

5770

5814

/* Set a special character at string end just to mark the end */

5771

5815

write_data[sizeof(write_data)-2] = 'y';

5923

5967

char *const filename = strdup("/nonexistent/socket");

5924

5968

__attribute__((cleanup(string_set_clear)))

5925

5969

string_set cancelled_filenames = {};

5926

const size_t oversized = 1024*1024; /* Limit seems to be 212960 */

5927

__attribute__((cleanup(cleanup_buffer)))

5928

buffer password = {

5929

.data=malloc(oversized),

5930

.length=oversized,

5931

.allocated=oversized,

5970

int socketfds[2];

5971

5972

/* Find a message size which triggers EMSGSIZE */

5973

__attribute__((cleanup(cleanup_string)))

5974

char *message_buffer = NULL;

5975

size_t message_size = PIPE_BUF + 1;

5976

for(ssize_t ssret = 0; ssret >= 0; message_size += 1024){

5977

if(message_size >= 1024*1024*1024){ /* 1 GiB */

5978

g_test_skip("Skipping EMSGSIZE test: Will not try 1GiB");

5979

return;

5980

}

5981

free(message_buffer);

5982

message_buffer = malloc(message_size);

5983

if(message_buffer == NULL){

5984

g_test_skip("Skipping EMSGSIZE test");

5985

g_test_message("Failed to malloc() %" PRIuMAX " bytes",

5986

(uintmax_t)message_size);

5987

return;

5988

}

5989

/* Fill buffer with 'x' */

5990

memset(message_buffer, 'x', message_size);

5991

/* Create a new socketpair for each message size to avoid having

5992

to empty the pipe by reading the message to a separate buffer

5993

5994

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5995

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5996

socketfds), ==, 0);

5997

ssret = send(socketfds[1], message_buffer, message_size,

5998

MSG_NOSIGNAL);

5999

error_t saved_errno = errno;

6000

g_assert_cmpint(close(socketfds[0]), ==, 0);

6001

g_assert_cmpint(close(socketfds[1]), ==, 0);

6002

6003

if(ssret < 0){

6004

if(saved_errno != EMSGSIZE) {

6005

g_test_skip("Skipping EMSGSIZE test");

6006

g_test_message("Error on send(): %s", strerror(saved_errno));

6007

return;

6008

}

6009

} else if(ssret != (ssize_t)message_size){

6010

g_test_skip("Skipping EMSGSIZE test");

6011

g_test_message("Partial send(): %" PRIuMAX " of %" PRIdMAX

6012

" bytes", (uintmax_t)ssret,

6013

(intmax_t)message_size);

6014

return;

6015

}

6016

}

6017

g_test_message("EMSGSIZE triggered by %" PRIdMAX " bytes",

6018

(intmax_t)message_size);

6019

6020

buffer password = {

6021

.data=message_buffer,

6022

.length=message_size - 2, /* Compensate for added '+' and NUL */

6023

.allocated=message_size,

5932

6024

};

5933

g_assert_nonnull(password.data);

5934

6025

if(mlock(password.data, password.allocated) != 0){

5935

6026

g_assert_true(errno == EPERM or errno == ENOMEM);

5936

6027

}

5937

/* Construct test password buffer */

5938

/* Start with + since that is what the real procotol uses */

5939

password.data[0] = '+';

5940

/* Set a special character at string end just to mark the end */

5941

password.data[oversized-3] = 'y';

5942

/* Set NUL at buffer end, as suggested by the protocol */

5943

password.data[oversized-2] = '\0';

5944

/* Fill rest of password with 'x' */

5945

memset(password.data+1, 'x', oversized-3);

5946

6028

5947

6029

__attribute__((cleanup(cleanup_queue)))

5948

6030

task_queue *queue = create_queue();

5949

6031

g_assert_nonnull(queue);

5950

int socketfds[2];

5951

6032

g_assert_cmpint(socketpair(PF_LOCAL, SOCK_DGRAM

5952

6033

| SOCK_NONBLOCK | SOCK_CLOEXEC, 0,

5953

6034

socketfds), ==, 0);

7860

7941

test_add("/parse_arguments/mixed", test_parse_arguments_mixed);

7861

7942

test_add("/queue/create", test_create_queue);

7862

7943

test_add("/queue/add", test_add_to_queue);

7944

test_add("/queue/add/overflow", test_add_to_queue_overflow);

7863

7945

test_add("/queue/has_question/empty",

7864

7946

test_queue_has_question_empty);

7865

7947

test_add("/queue/has_question/false",

8090

8172

g_option_context_set_help_enabled(context, FALSE);

8091

8173

g_option_context_set_ignore_unknown_options(context, TRUE);

8092

8174

8093

gboolean run_tests = FALSE;

8175

gboolean should_run_tests = FALSE;

8094

8176

GOptionEntry entries[] = {

8095

8177

{ "test", 0, 0, G_OPTION_ARG_NONE,

8096

&run_tests, "Run tests", NULL },

8178

&should_run_tests, "Run tests", NULL },

8097

8179

{ NULL }

8098

8180

};

8099

8181

g_option_context_add_main_entries(context, entries, NULL);

8106

8188

}

8107

8189

8108

8190

g_option_context_free(context);

8109

return run_tests != FALSE;

8191

return should_run_tests != FALSE;

8110

8192

}

Older »