/mandos/trunk : revision 238

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/splashy.c

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files removed:
debian/watch

mandos-ctl

files modified:
INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/splashy.c

/* -*- coding: utf-8 -*- */

* Splashy - Read a password from splashy and output it

* Passprompt - Read a password from splashy and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#define _GNU_SOURCE /* asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction,

#include <stddef.h> /* NULL */

#include <stdlib.h> /* getenv() */

#include <stdio.h> /* asprintf(), perror() */

#include <stdlib.h> /* EXIT_FAILURE, free(),

#include <stdlib.h> /* EXIT_FAILURE, free(), strtoul(),

EXIT_SUCCESS */

#include <sys/types.h> /* pid_t, DIR, struct dirent,

ssize_t */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <inttypes.h> /* intmax_t, strtoimax() */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

#include <iso646.h> /* not, or, and */

#include <unistd.h> /* readlink(), fork(), execl(),

sleep(), dup2() STDERR_FILENO,

STDOUT_FILENO, _exit(),

pause() */

STDOUT_FILENO, _exit() */

#include <string.h> /* memcmp() */

#include <errno.h> /* errno */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS() */

#include <sysexits.h> /* EX_OSERR, EX_OSFILE,

EX_UNAVAILABLE */

sig_atomic_t interrupted_by_signal = 0;

int signal_received;

static void termination_handler(int signum){

if(interrupted_by_signal){

return;

}

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

signal_received = signum;

}

int main(__attribute__((unused))int argc,

__attribute__((unused))char **argv){

int ret = 0;

/* Create prompt string */

char *prompt = NULL;

DIR *proc_dir = NULL;

pid_t splashy_pid = 0;

pid_t splashy_command_pid = 0;

int exitstatus = EXIT_FAILURE;

/* Create prompt string */

{

const char *const cryptsource = getenv("cryptsource");

const char *const crypttarget = getenv("crypttarget");

}

if(ret == -1){

prompt = NULL;

exitstatus = EX_OSERR;

goto failure;

return EXIT_FAILURE;

}

100

}

101

102

/* Find splashy process */

pid_t splashy_pid = 0;

103

{

104

const char splashy_name[] = "/sbin/splashy";

105

proc_dir = opendir("/proc");

DIR *proc_dir = opendir("/proc");

106

if(proc_dir == NULL){

107

int e = errno;

free(prompt);

108

perror("opendir");

109

switch(e){

110

case EACCES:

111

case ENOTDIR:

112

case ELOOP:

113

case ENOENT:

114

default:

115

exitstatus = EX_OSFILE;

116

break;

117

case ENAMETOOLONG:

118

case EMFILE:

119

case ENFILE:

120

case ENOMEM:

121

exitstatus = EX_OSERR;

122

break;

123

}

124

goto failure;

return EXIT_FAILURE;

125

}

126

for(struct dirent *proc_ent = readdir(proc_dir);

127

proc_ent != NULL;

128

proc_ent = readdir(proc_dir)){

129

pid_t pid;

130

{

131

intmax_t tmpmax;

132

char *tmp;

133

errno = 0;

134

tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);

135

if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'

136

or tmpmax != (pid_t)tmpmax){

137

/* Not a process */

138

continue;

139

}

140

pid = (pid_t)tmpmax;

100

pid_t pid = (pid_t) strtoul(proc_ent->d_name, NULL, 10);

101

if(pid == 0){

102

/* Not a process */

103

continue;

141

104

}

142

105

/* Find the executable name by doing readlink() on the

143

106

/proc/<pid>/exe link */

148

111

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

149

112

if(ret == -1){

150

113

perror("asprintf");

151

exitstatus = EX_OSERR;

152

goto failure;

114

free(prompt);

115

closedir(proc_dir);

116

return EXIT_FAILURE;

153

117

}

154

118

155

119

/* Check that it refers to a symlink owned by root:root */

156

120

struct stat exe_stat;

157

121

ret = lstat(exe_link, &exe_stat);

158

122

if(ret == -1){

159

if(errno == ENOENT){

160

free(exe_link);

161

continue;

162

}

163

int e = errno;

164

123

perror("lstat");

165

124

free(exe_link);

166

switch(e){

167

case EACCES:

168

case ENOTDIR:

169

case ELOOP:

170

default:

171

exitstatus = EX_OSFILE;

172

break;

173

case ENAMETOOLONG:

174

exitstatus = EX_OSERR;

175

break;

176

}

177

goto failure;

125

free(prompt);

126

closedir(proc_dir);

127

return EXIT_FAILURE;

178

128

}

179

129

if(not S_ISLNK(exe_stat.st_mode)

180

130

or exe_stat.st_uid != 0

194

144

}

195

145

}

196

146

closedir(proc_dir);

197

proc_dir = NULL;

198

147

}

199

148

if(splashy_pid == 0){

200

exitstatus = EX_UNAVAILABLE;

201

goto failure;

149

free(prompt);

150

return EXIT_FAILURE;

202

151

}

203

152

204

153

/* Set up the signal handler */

207

156

new_action = { .sa_handler = termination_handler,

208

157

.sa_flags = 0 };

209

158

sigemptyset(&new_action.sa_mask);

210

ret = sigaddset(&new_action.sa_mask, SIGINT);

211

if(ret == -1){

212

perror("sigaddset");

213

exitstatus = EX_OSERR;

214

goto failure;

215

}

216

ret = sigaddset(&new_action.sa_mask, SIGHUP);

217

if(ret == -1){

218

perror("sigaddset");

219

exitstatus = EX_OSERR;

220

goto failure;

221

}

222

ret = sigaddset(&new_action.sa_mask, SIGTERM);

223

if(ret == -1){

224

perror("sigaddset");

225

exitstatus = EX_OSERR;

226

goto failure;

227

}

159

sigaddset(&new_action.sa_mask, SIGINT);

160

sigaddset(&new_action.sa_mask, SIGHUP);

161

sigaddset(&new_action.sa_mask, SIGTERM);

228

162

ret = sigaction(SIGINT, NULL, &old_action);

229

163

if(ret == -1){

230

164

perror("sigaction");

231

exitstatus = EX_OSERR;

232

goto failure;

165

free(prompt);

166

return EXIT_FAILURE;

233

167

}

234

168

if(old_action.sa_handler != SIG_IGN){

235

169

ret = sigaction(SIGINT, &new_action, NULL);

236

170

if(ret == -1){

237

171

perror("sigaction");

238

exitstatus = EX_OSERR;

239

goto failure;

172

free(prompt);

173

return EXIT_FAILURE;

240

174

}

241

175

}

242

176

ret = sigaction(SIGHUP, NULL, &old_action);

243

177

if(ret == -1){

244

178

perror("sigaction");

245

exitstatus = EX_OSERR;

246

goto failure;

179

free(prompt);

180

return EXIT_FAILURE;

247

181

}

248

182

if(old_action.sa_handler != SIG_IGN){

249

183

ret = sigaction(SIGHUP, &new_action, NULL);

250

184

if(ret == -1){

251

185

perror("sigaction");

252

exitstatus = EX_OSERR;

253

goto failure;

186

free(prompt);

187

return EXIT_FAILURE;

254

188

}

255

189

}

256

190

ret = sigaction(SIGTERM, NULL, &old_action);

257

191

if(ret == -1){

258

192

perror("sigaction");

259

exitstatus = EX_OSERR;

260

goto failure;

193

free(prompt);

194

return EXIT_FAILURE;

261

195

}

262

196

if(old_action.sa_handler != SIG_IGN){

263

197

ret = sigaction(SIGTERM, &new_action, NULL);

264

198

if(ret == -1){

265

199

perror("sigaction");

266

exitstatus = EX_OSERR;

267

goto failure;

200

free(prompt);

201

return EXIT_FAILURE;

268

202

}

269

203

}

270

204

}

271

205

272

if(interrupted_by_signal){

273

goto failure;

274

}

275

276

206

/* Fork off the splashy command to prompt for password */

277

splashy_command_pid = fork();

278

if(splashy_command_pid != 0 and interrupted_by_signal){

279

goto failure;

280

}

281

if(splashy_command_pid == -1){

282

perror("fork");

283

exitstatus = EX_OSERR;

284

goto failure;

285

}

286

/* Child */

287

if(splashy_command_pid == 0){

288

if(not interrupted_by_signal){

207

pid_t splashy_command_pid = 0;

208

if(not interrupted_by_signal){

209

splashy_command_pid = fork();

210

if(splashy_command_pid == -1){

211

if(not interrupted_by_signal){

212

perror("fork");

213

}

214

return EXIT_FAILURE;

215

}

216

/* Child */

217

if(splashy_command_pid == 0){

289

218

const char splashy_command[] = "/sbin/splashy_update";

290

execl(splashy_command, splashy_command, prompt, (char *)NULL);

291

perror("execl");

219

ret = execl(splashy_command, splashy_command, prompt,

220

(char *)NULL);

221

if(not interrupted_by_signal){

222

perror("execl");

223

}

224

free(prompt);

225

_exit(EXIT_FAILURE);

292

226

}

293

free(prompt);

294

_exit(EXIT_FAILURE);

295

227

}

296

228

297

229

/* Parent */

298

230

free(prompt);

299

prompt = NULL;

300

301

if(interrupted_by_signal){

302

goto failure;

303

}

304

231

305

232

/* Wait for command to complete */

306

{

233

if(not interrupted_by_signal and splashy_command_pid != 0){

307

234

int status;

308

do {

309

ret = waitpid(splashy_command_pid, &status, 0);

310

} while(ret == -1 and errno == EINTR

311

and not interrupted_by_signal);

312

if(interrupted_by_signal){

313

goto failure;

314

}

235

ret = waitpid(splashy_command_pid, &status, 0);

315

236

if(ret == -1){

316

perror("waitpid");

237

if(errno != EINTR){

238

perror("waitpid");

239

}

317

240

if(errno == ECHILD){

318

241

splashy_command_pid = 0;

319

242

}

320

243

} else {

321

244

/* The child process has exited */

322

245

splashy_command_pid = 0;

323

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

246

if(not interrupted_by_signal and WIFEXITED(status)

247

and WEXITSTATUS(status)==0){

324

248

return EXIT_SUCCESS;

325

249

}

326

250

}

327

251

}

328

329

failure:

330

331

free(prompt);

332

333

if(proc_dir != NULL){

334

TEMP_FAILURE_RETRY(closedir(proc_dir));

335

}

336

337

if(splashy_command_pid != 0){

338

TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));

339

340

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));

341

sleep(2);

342

while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){

343

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));

344

sleep(1);

345

}

346

pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());

347

if(new_splashy_pid == 0){

348

/* Child; will become new splashy process */

349

350

/* Make the effective user ID (root) the only user ID instead of

351

the real user ID (_mandos) */

352

ret = setuid(geteuid());

353

if(ret == -1){

354

perror("setuid");

355

}

356

357

setsid();

358

ret = chdir("/");

359

if(ret == -1){

360

perror("chdir");

361

}

362

/* if(fork() != 0){ */

363

/* _exit(EXIT_SUCCESS); */

364

/* } */

365

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */

366

if(ret == -1){

367

perror("dup2");

368

_exit(EX_OSERR);

369

}

370

371

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

372

{

373

int e = errno;

374

perror("execl");

375

switch(e){

376

case EACCES:

377

case ENOENT:

378

case ENOEXEC:

379

default:

380

_exit(EX_UNAVAILABLE);

381

case ENAMETOOLONG:

382

case E2BIG:

383

case ENOMEM:

384

_exit(EX_OSERR);

385

case ENOTDIR:

386

case ELOOP:

387

_exit(EX_OSFILE);

388

}

389

}

390

}

391

}

392

393

if(interrupted_by_signal){

394

struct sigaction signal_action;

395

sigemptyset(&signal_action.sa_mask);

396

signal_action.sa_handler = SIG_DFL;

397

ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,

398

&signal_action, NULL));

399

if(ret == -1){

400

perror("sigaction");

401

}

402

do {

403

ret = raise(signal_received);

404

} while(ret != 0 and errno == EINTR);

405

if(ret != 0){

406

perror("raise");

407

abort();

408

}

409

TEMP_FAILURE_RETRY(pause());

410

}

411

412

return exitstatus;

252

kill(splashy_pid, SIGTERM);

253

if(interrupted_by_signal and splashy_command_pid != 0){

254

kill(splashy_command_pid, SIGTERM);

255

}

256

sleep(2);

257

while(kill(splashy_pid, 0) == 0){

258

kill(splashy_pid, SIGKILL);

259

sleep(1);

260

}

261

pid_t new_splashy_pid = fork();

262

if(new_splashy_pid == 0){

263

/* Child; will become new splashy process */

264

265

/* Make the effective user ID (root) the only user ID instead of

266

the real user ID (mandos) */

267

ret = setuid(geteuid());

268

if(ret == -1){

269

perror("setuid");

270

}

271

272

setsid();

273

ret = chdir("/");

274

/* if(fork() != 0){ */

275

/* _exit(EXIT_SUCCESS); */

276

/* } */

277

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

278

if(ret == -1){

279

perror("dup2");

280

_exit(EXIT_FAILURE);

281

}

282

283

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

284

if(not interrupted_by_signal){

285

perror("execl");

286

}

287

_exit(EXIT_FAILURE);

288

}

289

290

return EXIT_FAILURE;

413

291

}

Older »