3
3
* Password-prompt - Read a password from the terminal and print it
5
* Copyright © 2008-2017 Teddy Hogeborn
6
* Copyright © 2008-2017 Björn Påhlsson
8
* This file is part of Mandos.
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
15
* Mandos is distributed in the hope that it will be useful, but
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
13
* This program is distributed in the hope that it will be useful, but
16
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
17
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
16
* General Public License for more details.
20
18
* You should have received a copy of the GNU General Public License
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
23
* Contact the authors at <mandos@recompile.se>.
22
* Contact the authors at <mandos@fukt.bsnet.se>.
26
#define _GNU_SOURCE /* getline(), asprintf() */
25
#define _GNU_SOURCE /* getline() */
28
#include <termios.h> /* struct termios, tcsetattr(),
27
#include <termios.h> /* struct termios, tcsetattr(),
29
28
TCSAFLUSH, tcgetattr(), ECHO */
30
29
#include <unistd.h> /* struct termios, tcsetattr(),
31
30
STDIN_FILENO, TCSAFLUSH,
32
tcgetattr(), ECHO, readlink() */
33
32
#include <signal.h> /* sig_atomic_t, raise(), struct
34
33
sigaction, sigemptyset(),
35
34
sigaction(), sigaddset(), SIGINT,
36
35
SIGQUIT, SIGHUP, SIGTERM,
38
37
#include <stddef.h> /* NULL, size_t, ssize_t */
39
#include <sys/types.h> /* ssize_t, struct dirent, pid_t,
38
#include <sys/types.h> /* ssize_t */
41
39
#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,
43
#include <dirent.h> /* scandir(), alphasort() */
44
41
#include <stdio.h> /* fprintf(), stderr, getline(),
45
stdin, feof(), fputc(), vfprintf(),
42
stdin, feof(), perror(), fputc()
47
44
#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,
48
45
EFAULT, EFBIG, EIO, ENOSPC, EINTR
50
#include <error.h> /* error() */
51
47
#include <iso646.h> /* or, not */
52
48
#include <stdbool.h> /* bool, false, true */
53
#include <inttypes.h> /* strtoumax() */
54
#include <sys/stat.h> /* struct stat, lstat(), open() */
55
#include <string.h> /* strlen, rindex, memcmp, strerror()
49
#include <string.h> /* strlen, rindex, strncmp, strcmp */
57
50
#include <argp.h> /* struct argp_option, struct
58
51
argp_state, struct argp,
59
52
argp_parse(), error_t,
61
54
ARGP_ERR_UNKNOWN */
62
55
#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,
63
56
EX_UNAVAILABLE, EX_IOERR, EX_OK */
64
#include <fcntl.h> /* open() */
65
#include <stdarg.h> /* va_list, va_start(), ... */
67
58
volatile sig_atomic_t quit_now = 0;
68
59
int signal_received;
69
60
bool debug = false;
70
61
const char *argp_program_version = "password-prompt " VERSION;
71
const char *argp_program_bug_address = "<mandos@recompile.se>";
73
/* Needed for conflict resolution */
74
const char plymouth_name[] = "plymouthd";
76
/* Function to use when printing errors */
77
__attribute__((format (gnu_printf, 3, 4)))
78
void error_plus(int status, int errnum, const char *formatstring,
84
va_start(ap, formatstring);
85
ret = vasprintf(&text, formatstring, ap);
87
fprintf(stderr, "Mandos plugin %s: ",
88
program_invocation_short_name);
89
vfprintf(stderr, formatstring, ap);
90
fprintf(stderr, ": %s\n", strerror(errnum));
91
error(status, errno, "vasprintf while printing error");
94
fprintf(stderr, "Mandos plugin ");
95
error(status, errnum, "%s", text);
62
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
99
64
static void termination_handler(int signum){
104
69
signal_received = signum;
107
bool conflict_detection(void){
109
/* plymouth conflicts with password-prompt since both want to read
110
from the terminal. Password-prompt will exit if it detects
111
plymouth since plymouth performs the same functionality.
113
__attribute__((nonnull))
114
int is_plymouth(const struct dirent *proc_entry){
121
proc_id = strtoumax(proc_entry->d_name, &tmp, 10);
123
if(errno != 0 or *tmp != '\0'
124
or proc_id != (uintmax_t)((pid_t)proc_id)){
129
char *cmdline_filename;
130
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
133
error_plus(0, errno, "asprintf");
137
/* Open /proc/<pid>/cmdline */
138
cl_fd = open(cmdline_filename, O_RDONLY);
139
free(cmdline_filename);
142
error_plus(0, errno, "open");
147
char *cmdline = NULL;
149
size_t cmdline_len = 0;
150
size_t cmdline_allocated = 0;
152
const size_t blocksize = 1024;
155
/* Allocate more space? */
156
if(cmdline_len + blocksize + 1 > cmdline_allocated){
157
tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);
159
error_plus(0, errno, "realloc");
165
cmdline_allocated += blocksize;
169
sret = read(cl_fd, cmdline + cmdline_len,
170
cmdline_allocated - cmdline_len);
172
error_plus(0, errno, "read");
177
cmdline_len += (size_t)sret;
181
error_plus(0, errno, "close");
185
cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */
187
/* we now have cmdline */
190
char *cmdline_base = strrchr(cmdline, '/');
191
if(cmdline_base != NULL){
192
cmdline_base += 1; /* skip the slash */
194
cmdline_base = cmdline;
197
if(strcmp(cmdline_base, plymouth_name) != 0){
199
fprintf(stderr, "\"%s\" is not \"%s\"\n", cmdline_base,
206
fprintf(stderr, "\"%s\" equals \"%s\"\n", cmdline_base,
213
struct dirent **direntries = NULL;
215
ret = scandir("/proc", &direntries, is_plymouth, alphasort);
217
error_plus(1, errno, "scandir");
230
72
int main(int argc, char **argv){
234
75
struct termios t_new, t_old;
235
76
char *buffer = NULL;
356
188
ret = sigaction(SIGINT, NULL, &old_action);
358
error_plus(0, errno, "sigaction");
361
193
if(old_action.sa_handler != SIG_IGN){
362
194
ret = sigaction(SIGINT, &new_action, NULL);
364
error_plus(0, errno, "sigaction");
368
200
ret = sigaction(SIGHUP, NULL, &old_action);
370
error_plus(0, errno, "sigaction");
373
205
if(old_action.sa_handler != SIG_IGN){
374
206
ret = sigaction(SIGHUP, &new_action, NULL);
376
error_plus(0, errno, "sigaction");
380
212
ret = sigaction(SIGTERM, NULL, &old_action);
382
error_plus(0, errno, "sigaction");
385
217
if(old_action.sa_handler != SIG_IGN){
386
218
ret = sigaction(SIGTERM, &new_action, NULL);
388
error_plus(0, errno, "sigaction");
426
258
fprintf(stderr, "%s ", prefix);
429
const char *cryptsource = getenv("CRYPTTAB_SOURCE");
430
const char *crypttarget = getenv("CRYPTTAB_NAME");
431
/* Before cryptsetup 1.1.0~rc2 */
432
if(cryptsource == NULL){
433
cryptsource = getenv("cryptsource");
435
if(crypttarget == NULL){
436
crypttarget = getenv("crypttarget");
438
const char *const prompt1 = "Unlocking the disk";
439
const char *const prompt2 = "Enter passphrase";
261
const char *cryptsource = getenv("cryptsource");
262
const char *crypttarget = getenv("crypttarget");
263
const char *const prompt
264
= "Enter passphrase to unlock the disk";
440
265
if(cryptsource == NULL){
441
266
if(crypttarget == NULL){
442
fprintf(stderr, "%s to unlock the disk: ", prompt2);
267
fprintf(stderr, "%s: ", prompt);
444
fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,
269
fprintf(stderr, "%s (%s): ", prompt, crypttarget);
448
272
if(crypttarget == NULL){
449
fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,
273
fprintf(stderr, "%s %s: ", prompt, cryptsource);
452
fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,
453
crypttarget, prompt2);
275
fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,
457
sret = getline(&buffer, &n, stdin);
280
ret = getline(&buffer, &n, stdin);
459
282
status = EXIT_SUCCESS;
460
283
/* Make n = data size instead of allocated buffer size */
462
285
/* Strip final newline */
463
286
if(n > 0 and buffer[n-1] == '\n'){
464
287
buffer[n-1] = '\0'; /* not strictly necessary */