/mandos/trunk : revision 238

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files removed:
debian/watch

mandos-ctl

files modified:
INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

/* -*- coding: utf-8 -*- */

* Password-prompt - Read a password from the terminal and print it

* Passprompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* getline() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

SIGQUIT, SIGHUP, SIGTERM */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getopt_long, getenv() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), perror(), fputc(),

getopt_long */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

stdout, getopt_long */

#include <errno.h> /* errno, EINVAL */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

volatile sig_atomic_t quit_now = 0;

int signal_received;

volatile bool quit_now = false;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

static void termination_handler(int signum){

if(quit_now){

return;

}

quit_now = 1;

signal_received = signum;

static void termination_handler(__attribute__((unused))int signum){

quit_now = true;

}

int main(int argc, char **argv){

.doc = "Debug mode", .group = 3 },

{ .name = NULL }

};

error_t parse_opt (int key, char *arg, struct argp_state *state){

switch (key){

error_t parse_opt (int key, char *arg, struct argp_state *state) {

/* Get the INPUT argument from `argp_parse', which we know is a

pointer to our plugin list pointer. */

switch (key) {

case 'p':

prefix = arg;

break;

debug = true;

break;

100

case ARGP_KEY_ARG:

101

argp_usage(state);

argp_usage (state);

102

break;

103

case ARGP_KEY_END:

104

break;

107

100

}

108

101

return 0;

109

102

}

110

103

111

104

struct argp argp = { .options = options, .parser = parse_opt,

112

105

.args_doc = "",

113

106

.doc = "Mandos password-prompt -- Read and"

114

107

" output a password" };

115

ret = argp_parse(&argp, argc, argv, 0, 0, NULL);

116

if(ret == ARGP_ERR_UNKNOWN){

108

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

109

if (ret == ARGP_ERR_UNKNOWN){

117

110

fprintf(stderr, "Unknown error while parsing arguments\n");

118

return EX_SOFTWARE;

111

return EXIT_FAILURE;

119

112

}

120

113

}

121

122

if(debug){

114

115

if (debug){

123

116

fprintf(stderr, "Starting %s\n", argv[0]);

124

117

}

125

if(debug){

118

if (debug){

126

119

fprintf(stderr, "Storing current terminal attributes\n");

127

120

}

128

121

129

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

130

int e = errno;

122

if (tcgetattr(STDIN_FILENO, &t_old) != 0){

131

123

perror("tcgetattr");

132

switch(e){

133

case EBADF:

134

case ENOTTY:

135

return EX_UNAVAILABLE;

136

default:

137

return EX_OSERR;

138

}

124

return EXIT_FAILURE;

139

125

}

140

126

141

127

sigemptyset(&new_action.sa_mask);

142

ret = sigaddset(&new_action.sa_mask, SIGINT);

143

if(ret == -1){

144

perror("sigaddset");

145

return EX_OSERR;

146

}

147

ret = sigaddset(&new_action.sa_mask, SIGHUP);

148

if(ret == -1){

149

perror("sigaddset");

150

return EX_OSERR;

151

}

152

ret = sigaddset(&new_action.sa_mask, SIGTERM);

153

if(ret == -1){

154

perror("sigaddset");

155

return EX_OSERR;

156

}

157

/* Need to check if the handler is SIG_IGN before handling:

158

| [[info:libc:Initial Signal Actions]] |

159

| [[info:libc:Basic Signal Handling]] |

160

128

sigaddset(&new_action.sa_mask, SIGINT);

129

sigaddset(&new_action.sa_mask, SIGHUP);

130

sigaddset(&new_action.sa_mask, SIGTERM);

161

131

ret = sigaction(SIGINT, NULL, &old_action);

162

132

if(ret == -1){

163

133

perror("sigaction");

164

return EX_OSERR;

134

return EXIT_FAILURE;

165

135

}

166

if(old_action.sa_handler != SIG_IGN){

136

if (old_action.sa_handler != SIG_IGN){

167

137

ret = sigaction(SIGINT, &new_action, NULL);

168

138

if(ret == -1){

169

139

perror("sigaction");

170

return EX_OSERR;

140

return EXIT_FAILURE;

171

141

}

172

142

}

173

143

ret = sigaction(SIGHUP, NULL, &old_action);

174

144

if(ret == -1){

175

145

perror("sigaction");

176

return EX_OSERR;

146

return EXIT_FAILURE;

177

147

}

178

if(old_action.sa_handler != SIG_IGN){

148

if (old_action.sa_handler != SIG_IGN){

179

149

ret = sigaction(SIGHUP, &new_action, NULL);

180

150

if(ret == -1){

181

151

perror("sigaction");

182

return EX_OSERR;

152

return EXIT_FAILURE;

183

153

}

184

154

}

185

155

ret = sigaction(SIGTERM, NULL, &old_action);

186

156

if(ret == -1){

187

157

perror("sigaction");

188

return EX_OSERR;

158

return EXIT_FAILURE;

189

159

}

190

if(old_action.sa_handler != SIG_IGN){

160

if (old_action.sa_handler != SIG_IGN){

191

161

ret = sigaction(SIGTERM, &new_action, NULL);

192

162

if(ret == -1){

193

163

perror("sigaction");

194

return EX_OSERR;

164

return EXIT_FAILURE;

195

165

}

196

166

}

197

167

198

168

199

if(debug){

169

if (debug){

200

170

fprintf(stderr, "Removing echo flag from terminal attributes\n");

201

171

}

202

172

203

173

t_new = t_old;

204

t_new.c_lflag &= ~(tcflag_t)ECHO;

205

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

206

int e = errno;

174

t_new.c_lflag &= ~ECHO;

175

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

207

176

perror("tcsetattr-echo");

208

switch(e){

209

case EBADF:

210

case ENOTTY:

211

return EX_UNAVAILABLE;

212

case EINVAL:

213

default:

214

return EX_OSERR;

215

}

177

return EXIT_FAILURE;

216

178

}

217

218

if(debug){

179

180

if (debug){

219

181

fprintf(stderr, "Waiting for input from stdin \n");

220

182

}

221

183

while(true){

222

if(quit_now){

184

if (quit_now){

223

185

if(debug){

224

186

fprintf(stderr, "Interrupted by signal, exiting.\n");

225

187

}

251

213

}

252

214

}

253

215

ret = getline(&buffer, &n, stdin);

254

if(ret > 0){

216

if (ret > 0){

255

217

status = EXIT_SUCCESS;

256

218

/* Make n = data size instead of allocated buffer size */

257

219

n = (size_t)ret;

258

220

/* Strip final newline */

259

if(n > 0 and buffer[n-1] == '\n'){

221

if(n>0 and buffer[n-1] == '\n'){

260

222

buffer[n-1] = '\0'; /* not strictly necessary */

261

223

n--;

262

224

}

264

226

while(written < n){

265

227

ret = write(STDOUT_FILENO, buffer + written, n - written);

266

228

if(ret < 0){

267

int e = errno;

268

229

perror("write");

269

switch(e){

270

case EBADF:

271

case EFAULT:

272

case EINVAL:

273

case EFBIG:

274

case EIO:

275

case ENOSPC:

276

default:

277

status = EX_IOERR;

278

break;

279

case EINTR:

280

status = EXIT_FAILURE;

281

break;

282

}

230

status = EXIT_FAILURE;

283

231

break;

284

232

}

285

233

written += (size_t)ret;

286

234

}

287

ret = close(STDOUT_FILENO);

288

if(ret == -1){

289

int e = errno;

290

perror("close");

291

switch(e){

292

case EBADF:

293

status = EX_OSFILE;

294

break;

295

case EIO:

296

default:

297

status = EX_IOERR;

298

break;

299

}

300

}

301

235

break;

302

236

}

303

if(ret < 0){

304

int e = errno;

305

if(errno != EINTR and not feof(stdin)){

237

if (ret < 0){

238

if (errno != EINTR and not feof(stdin)){

306

239

perror("getline");

307

switch(e){

308

case EBADF:

309

status = EX_UNAVAILABLE;

310

case EIO:

311

case EINVAL:

312

default:

313

status = EX_IOERR;

314

break;

315

}

240

status = EXIT_FAILURE;

316

241

break;

317

242

}

318

243

}

320

245

read from stdin */

321

246

fputc('\n', stderr);

322

247

if(debug and not quit_now){

323

/* If quit_now is nonzero, we were interrupted by a signal, and

248

/* If quit_now is true, we were interrupted by a signal, and

324

249

will print that later, so no need to show this too. */

325

250

fprintf(stderr, "getline() returned 0, retrying.\n");

326

251

}

327

252

}

328

253

329

254

free(buffer);

330

255

331

if(debug){

256

if (debug){

332

257

fprintf(stderr, "Restoring terminal attributes\n");

333

258

}

334

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

259

if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

335

260

perror("tcsetattr+echo");

336

261

}

337

262

338

if(quit_now){

339

sigemptyset(&old_action.sa_mask);

340

old_action.sa_handler = SIG_DFL;

341

ret = sigaction(signal_received, &old_action, NULL);

342

if(ret == -1){

343

perror("sigaction");

344

}

345

raise(signal_received);

346

}

347

348

if(debug){

263

if (debug){

349

264

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

350

265

status);

351

266

}

352

if(status == EXIT_SUCCESS or status == EX_OK){

267

if(status == EXIT_SUCCESS){

353

268

fputc('\n', stderr);

354

269

}

355

270

Older »