/mandos/trunk : revision 305

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/usplash.c

Committer: Teddy Hogeborn
Date: 2009-02-09 02:13:58 UTC
Revision ID: teddy@fukt.bsnet.se-20090209021358-6nrlc91oi08hn5hb

* initramfs-tools-hook: Whitespace change only.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-script

legalnotice.xml

mandos-ctl

mandos-keygen.xml

mandos-options.xml

mandos.lsm

overview.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
network-protocol.txt

files renamed:
mandos-client.c => plugin-runner.c

mandos-client.xml => plugin-runner.xml

plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/usplash.c

/* -*- coding: utf-8 -*- */

* Usplash - Read a password from usplash and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _GNU_SOURCE /* asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction(),

SIG_IGN, kill(), SIGKILL */

#include <stdbool.h> /* bool, false, true */

#include <fcntl.h> /* open(), O_WRONLY, O_RDONLY */

#include <iso646.h> /* and, or, not*/

#include <errno.h> /* errno, EINTR */

#include <sys/types.h> /* size_t, ssize_t, pid_t, DIR, struct

dirent */

#include <stddef.h> /* NULL */

#include <string.h> /* strlen(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), sscanf() */

#include <unistd.h> /* close(), write(), readlink(),

read(), STDOUT_FILENO, sleep(),

fork(), setuid(), geteuid(),

setsid(), chdir(), dup2(),

STDERR_FILENO, execv() */

#include <stdlib.h> /* free(), EXIT_FAILURE, realloc(),

EXIT_SUCCESS, malloc(), _exit() */

#include <stdlib.h> /* getenv() */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <inttypes.h> /* intmax_t, SCNdMAX */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

sig_atomic_t interrupted_by_signal = 0;

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

}

static bool usplash_write(const char *cmd, const char *arg){

* usplash_write("TIMEOUT", "15") will write "TIMEOUT 15\0"

* usplash_write("PULSATE", NULL) will write "PULSATE\0"

* SEE ALSO

* usplash_write(8)

int ret;

int fifo_fd;

do{

fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);

if(fifo_fd == -1 and (errno != EINTR or interrupted_by_signal)){

return false;

}

}while(fifo_fd == -1);

const char *cmd_line;

size_t cmd_line_len;

char *cmd_line_alloc = NULL;

if(arg == NULL){

cmd_line = cmd;

cmd_line_len = strlen(cmd);

}else{

do{

ret = asprintf(&cmd_line_alloc, "%s %s", cmd, arg);

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

int e = errno;

close(fifo_fd);

errno = e;

return false;

}

}while(ret == -1);

cmd_line = cmd_line_alloc;

cmd_line_len = (size_t)ret + 1;

}

size_t written = 0;

ssize_t sret = 0;

while(not interrupted_by_signal and written < cmd_line_len){

sret = write(fifo_fd, cmd_line + written,

cmd_line_len - written);

if(sret == -1){

100

if(errno != EINTR or interrupted_by_signal){

101

int e = errno;

102

close(fifo_fd);

103

free(cmd_line_alloc);

104

errno = e;

105

return false;

106

} else {

107

continue;

108

}

109

}

110

written += (size_t)sret;

111

}

112

free(cmd_line_alloc);

113

do{

114

ret = close(fifo_fd);

115

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

116

return false;

117

}

118

}while(ret == -1);

119

if(interrupted_by_signal){

120

return false;

121

}

122

return true;

123

}

124

125

int main(__attribute__((unused))int argc,

126

__attribute__((unused))char **argv){

127

int ret = 0;

128

ssize_t sret;

129

bool an_error_occured = false;

130

131

/* Create prompt string */

132

char *prompt = NULL;

133

{

134

const char *const cryptsource = getenv("cryptsource");

135

const char *const crypttarget = getenv("crypttarget");

136

const char prompt_start[] = "Enter passphrase to unlock the disk";

137

138

if(cryptsource == NULL){

139

if(crypttarget == NULL){

140

ret = asprintf(&prompt, "%s: ", prompt_start);

141

} else {

142

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

143

crypttarget);

144

}

145

} else {

146

if(crypttarget == NULL){

147

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

148

} else {

149

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

150

cryptsource, crypttarget);

151

}

152

}

153

if(ret == -1){

154

return EXIT_FAILURE;

155

}

156

}

157

158

/* Find usplash process */

159

pid_t usplash_pid = 0;

160

char *cmdline = NULL;

161

size_t cmdline_len = 0;

162

const char usplash_name[] = "/sbin/usplash";

163

{

164

DIR *proc_dir = opendir("/proc");

165

if(proc_dir == NULL){

166

free(prompt);

167

perror("opendir");

168

return EXIT_FAILURE;

169

}

170

for(struct dirent *proc_ent = readdir(proc_dir);

171

proc_ent != NULL;

172

proc_ent = readdir(proc_dir)){

173

pid_t pid;

174

{

175

intmax_t tmpmax;

176

int numchars;

177

ret = sscanf(proc_ent->d_name, "%" SCNdMAX "%n", &tmpmax,

178

&numchars);

179

if(ret < 1 or tmpmax != (pid_t)tmpmax

180

or proc_ent->d_name[numchars] != '\0'){

181

/* Not a process */

182

continue;

183

}

184

pid = (pid_t)tmpmax;

185

}

186

/* Find the executable name by doing readlink() on the

187

/proc/<pid>/exe link */

188

char exe_target[sizeof(usplash_name)];

189

{

190

/* create file name string */

191

char *exe_link;

192

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

193

if(ret == -1){

194

perror("asprintf");

195

free(prompt);

196

closedir(proc_dir);

197

return EXIT_FAILURE;

198

}

199

200

/* Check that it refers to a symlink owned by root:root */

201

struct stat exe_stat;

202

ret = lstat(exe_link, &exe_stat);

203

if(ret == -1){

204

if(errno == ENOENT){

205

free(exe_link);

206

continue;

207

}

208

perror("lstat");

209

free(exe_link);

210

free(prompt);

211

closedir(proc_dir);

212

return EXIT_FAILURE;

213

}

214

if(not S_ISLNK(exe_stat.st_mode)

215

or exe_stat.st_uid != 0

216

or exe_stat.st_gid != 0){

217

free(exe_link);

218

continue;

219

}

220

221

sret = readlink(exe_link, exe_target, sizeof(exe_target));

222

free(exe_link);

223

}

224

if((sret == ((ssize_t)sizeof(exe_target)-1))

225

and (memcmp(usplash_name, exe_target,

226

sizeof(exe_target)-1) == 0)){

227

usplash_pid = pid;

228

/* Read and save the command line of usplash in "cmdline" */

229

{

230

/* Open /proc/<pid>/cmdline */

231

int cl_fd;

232

{

233

char *cmdline_filename;

234

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

235

proc_ent->d_name);

236

if(ret == -1){

237

perror("asprintf");

238

free(prompt);

239

closedir(proc_dir);

240

return EXIT_FAILURE;

241

}

242

cl_fd = open(cmdline_filename, O_RDONLY);

243

if(cl_fd == -1){

244

perror("open");

245

free(cmdline_filename);

246

free(prompt);

247

closedir(proc_dir);

248

return EXIT_FAILURE;

249

}

250

free(cmdline_filename);

251

}

252

size_t cmdline_allocated = 0;

253

char *tmp;

254

const size_t blocksize = 1024;

255

do{

256

if(cmdline_len + blocksize > cmdline_allocated){

257

tmp = realloc(cmdline, cmdline_allocated + blocksize);

258

if(tmp == NULL){

259

perror("realloc");

260

free(cmdline);

261

free(prompt);

262

closedir(proc_dir);

263

return EXIT_FAILURE;

264

}

265

cmdline = tmp;

266

cmdline_allocated += blocksize;

267

}

268

sret = read(cl_fd, cmdline + cmdline_len,

269

cmdline_allocated - cmdline_len);

270

if(sret == -1){

271

perror("read");

272

free(cmdline);

273

free(prompt);

274

closedir(proc_dir);

275

return EXIT_FAILURE;

276

}

277

cmdline_len += (size_t)sret;

278

} while(sret != 0);

279

close(cl_fd);

280

}

281

break;

282

}

283

}

284

closedir(proc_dir);

285

}

286

if(usplash_pid == 0){

287

free(prompt);

288

return EXIT_FAILURE;

289

}

290

291

/* Set up the signal handler */

292

{

293

struct sigaction old_action,

294

new_action = { .sa_handler = termination_handler,

295

.sa_flags = 0 };

296

sigemptyset(&new_action.sa_mask);

297

sigaddset(&new_action.sa_mask, SIGINT);

298

sigaddset(&new_action.sa_mask, SIGHUP);

299

sigaddset(&new_action.sa_mask, SIGTERM);

300

ret = sigaction(SIGINT, NULL, &old_action);

301

if(ret == -1){

302

perror("sigaction");

303

free(prompt);

304

return EXIT_FAILURE;

305

}

306

if(old_action.sa_handler != SIG_IGN){

307

ret = sigaction(SIGINT, &new_action, NULL);

308

if(ret == -1){

309

perror("sigaction");

310

free(prompt);

311

return EXIT_FAILURE;

312

}

313

}

314

ret = sigaction(SIGHUP, NULL, &old_action);

315

if(ret == -1){

316

perror("sigaction");

317

free(prompt);

318

return EXIT_FAILURE;

319

}

320

if(old_action.sa_handler != SIG_IGN){

321

ret = sigaction(SIGHUP, &new_action, NULL);

322

if(ret == -1){

323

perror("sigaction");

324

free(prompt);

325

return EXIT_FAILURE;

326

}

327

}

328

ret = sigaction(SIGTERM, NULL, &old_action);

329

if(ret == -1){

330

perror("sigaction");

331

free(prompt);

332

return EXIT_FAILURE;

333

}

334

if(old_action.sa_handler != SIG_IGN){

335

ret = sigaction(SIGTERM, &new_action, NULL);

336

if(ret == -1){

337

perror("sigaction");

338

free(prompt);

339

return EXIT_FAILURE;

340

}

341

}

342

}

343

344

/* Write command to FIFO */

345

if(not interrupted_by_signal){

346

if(not usplash_write("TIMEOUT", "0")

347

and (errno != EINTR)){

348

perror("usplash_write");

349

an_error_occured = true;

350

}

351

}

352

if(not interrupted_by_signal and not an_error_occured){

353

if(not usplash_write("INPUTQUIET", prompt)

354

and (errno != EINTR)){

355

perror("usplash_write");

356

an_error_occured = true;

357

}

358

}

359

free(prompt);

360

361

/* This is not really a loop; while() is used to be able to "break"

362

out of it; those breaks are marked "Big" */

363

while(not interrupted_by_signal and not an_error_occured){

364

char *buf = NULL;

365

size_t buf_len = 0;

366

367

/* Open FIFO */

368

int fifo_fd;

369

do{

370

fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);

371

if(fifo_fd == -1){

372

if(errno != EINTR){

373

perror("open");

374

an_error_occured = true;

375

break;

376

}

377

if(interrupted_by_signal){

378

break;

379

}

380

}

381

}while(fifo_fd == -1);

382

if(interrupted_by_signal or an_error_occured){

383

break; /* Big */

384

}

385

386

/* Read from FIFO */

387

size_t buf_allocated = 0;

388

const size_t blocksize = 1024;

389

do{

390

if(buf_len + blocksize > buf_allocated){

391

char *tmp = realloc(buf, buf_allocated + blocksize);

392

if(tmp == NULL){

393

perror("realloc");

394

an_error_occured = true;

395

break;

396

}

397

buf = tmp;

398

buf_allocated += blocksize;

399

}

400

do{

401

sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);

402

if(sret == -1){

403

if(errno != EINTR){

404

perror("read");

405

an_error_occured = true;

406

break;

407

}

408

if(interrupted_by_signal){

409

break;

410

}

411

}

412

}while(sret == -1);

413

if(interrupted_by_signal or an_error_occured){

414

break;

415

}

416

417

buf_len += (size_t)sret;

418

}while(sret != 0);

419

close(fifo_fd);

420

if(interrupted_by_signal or an_error_occured){

421

break; /* Big */

422

}

423

424

if(not usplash_write("TIMEOUT", "15")

425

and (errno != EINTR)){

426

perror("usplash_write");

427

an_error_occured = true;

428

}

429

if(interrupted_by_signal or an_error_occured){

430

break; /* Big */

431

}

432

433

/* Print password to stdout */

434

size_t written = 0;

435

while(written < buf_len){

436

do{

437

sret = write(STDOUT_FILENO, buf + written, buf_len - written);

438

if(sret == -1){

439

if(errno != EINTR){

440

perror("write");

441

an_error_occured = true;

442

break;

443

}

444

if(interrupted_by_signal){

445

break;

446

}

447

}

448

}while(sret == -1);

449

if(interrupted_by_signal or an_error_occured){

450

break;

451

}

452

written += (size_t)sret;

453

}

454

free(buf);

455

if(not interrupted_by_signal and not an_error_occured){

456

free(cmdline);

457

return EXIT_SUCCESS;

458

}

459

break; /* Big */

460

} /* end of non-loop while() */

461

462

/* If we got here, an error or interrupt must have happened */

463

464

/* Create argc and argv for new usplash*/

465

int cmdline_argc = 0;

466

char **cmdline_argv = malloc(sizeof(char *));

467

{

468

size_t position = 0;

469

while(position < cmdline_len){

470

char **tmp = realloc(cmdline_argv,

471

(sizeof(char *)

472

* (size_t)(cmdline_argc + 2)));

473

if(tmp == NULL){

474

perror("realloc");

475

free(cmdline_argv);

476

return EXIT_FAILURE;

477

}

478

cmdline_argv = tmp;

479

cmdline_argv[cmdline_argc] = cmdline + position;

480

cmdline_argc++;

481

position += strlen(cmdline + position) + 1;

482

}

483

cmdline_argv[cmdline_argc] = NULL;

484

}

485

/* Kill old usplash */

486

kill(usplash_pid, SIGTERM);

487

sleep(2);

488

while(kill(usplash_pid, 0) == 0){

489

kill(usplash_pid, SIGKILL);

490

sleep(1);

491

}

492

pid_t new_usplash_pid = fork();

493

if(new_usplash_pid == 0){

494

/* Child; will become new usplash process */

495

496

/* Make the effective user ID (root) the only user ID instead of

497

the real user ID (_mandos) */

498

ret = setuid(geteuid());

499

if(ret == -1){

500

perror("setuid");

501

}

502

503

setsid();

504

ret = chdir("/");

505

/* if(fork() != 0){ */

506

/* _exit(EXIT_SUCCESS); */

507

/* } */

508

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

509

if(ret == -1){

510

perror("dup2");

511

_exit(EXIT_FAILURE);

512

}

513

514

execv(usplash_name, cmdline_argv);

515

if(not interrupted_by_signal){

516

perror("execv");

517

}

518

free(cmdline);

519

free(cmdline_argv);

520

_exit(EXIT_FAILURE);

521

}

522

free(cmdline);

523

free(cmdline_argv);

524

sleep(2);

525

if(not usplash_write("PULSATE", NULL)

526

and (errno != EINTR)){

527

perror("usplash_write");

528

}

529

530

return EXIT_FAILURE;

531

}

Older »