To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-prompt.c
- browse files at revision 395
- compare with another revision
- download diff
- download tarball
- view history from revision 395
- Committer: Teddy Hogeborn
- Date: 2009-10-26 21:16:16 UTC
- Revision ID: teddy@fukt.bsnet.se-20091026211616-38e9wynf4428ip2l
Merge from release branch.
- files added:
- initramfs-tools-hook-conf
- files removed:
- DBUS-API
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files modified:
- .bzrignore
added
removed
plugins.d/password-prompt.c
2
2
/*
3
3
* Password-prompt - Read a password from the terminal and print it
4
4
*
5
* Copyright © 2008-2019 Teddy Hogeborn
6
* Copyright © 2008-2019 Björn Påhlsson
7
*
8
* This file is part of Mandos.
9
*
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
14
*
15
* Mandos is distributed in the hope that it will be useful, but
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
7
*
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful, but
16
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
17
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
16
* General Public License for more details.
19
17
*
20
18
* You should have received a copy of the GNU General Public License
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
22
21
*
23
* Contact the authors at <mandos@recompile.se>.
22
* Contact the authors at <mandos@fukt.bsnet.se>.
24
23
*/
25
24
26
#define _GNU_SOURCE /* getline(), asprintf() */
25
#define _GNU_SOURCE /* getline() */
27
26
28
#include <termios.h> /* struct termios, tcsetattr(),
27
#include <termios.h> /* struct termios, tcsetattr(),
29
28
TCSAFLUSH, tcgetattr(), ECHO */
30
29
#include <unistd.h> /* struct termios, tcsetattr(),
31
30
STDIN_FILENO, TCSAFLUSH,
32
tcgetattr(), ECHO, readlink() */
31
tcgetattr(), ECHO */
33
32
#include <signal.h> /* sig_atomic_t, raise(), struct
34
33
sigaction, sigemptyset(),
35
34
sigaction(), sigaddset(), SIGINT,
36
35
SIGQUIT, SIGHUP, SIGTERM,
37
36
raise() */
38
37
#include <stddef.h> /* NULL, size_t, ssize_t */
39
#include <sys/types.h> /* ssize_t, struct dirent, pid_t,
40
ssize_t, open() */
38
#include <sys/types.h> /* ssize_t */
41
39
#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,
42
getenv(), free() */
43
#include <dirent.h> /* scandir(), alphasort() */
40
getenv() */
44
41
#include <stdio.h> /* fprintf(), stderr, getline(),
45
stdin, feof(), fputc(), vfprintf(),
46
vasprintf() */
42
stdin, feof(), perror(), fputc()
43
*/
47
44
#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,
48
45
EFAULT, EFBIG, EIO, ENOSPC, EINTR
49
46
*/
50
#include <error.h> /* error() */
51
47
#include <iso646.h> /* or, not */
52
48
#include <stdbool.h> /* bool, false, true */
53
#include <inttypes.h> /* strtoumax() */
54
#include <sys/stat.h> /* struct stat, lstat(), open() */
55
#include <string.h> /* strlen, rindex, memcmp, strerror()
56
*/
49
#include <string.h> /* strlen, rindex, strncmp, strcmp */
57
50
#include <argp.h> /* struct argp_option, struct
58
51
argp_state, struct argp,
59
52
argp_parse(), error_t,
61
54
ARGP_ERR_UNKNOWN */
62
55
#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,
63
56
EX_UNAVAILABLE, EX_IOERR, EX_OK */
64
#include <fcntl.h> /* open() */
65
#include <stdarg.h> /* va_list, va_start(), ... */
66
57
67
58
volatile sig_atomic_t quit_now = 0;
68
59
int signal_received;
69
60
bool debug = false;
70
61
const char *argp_program_version = "password-prompt " VERSION;
71
const char *argp_program_bug_address = "<mandos@recompile.se>";
72
73
/* Needed for conflict resolution */
74
const char plymouth_name[] = "plymouthd";
75
76
/* Function to use when printing errors */
77
__attribute__((format (gnu_printf, 3, 4)))
78
void error_plus(int status, int errnum, const char *formatstring,
79
...){
80
va_list ap;
81
char *text;
82
int ret;
83
84
va_start(ap, formatstring);
85
ret = vasprintf(&text, formatstring, ap);
86
if(ret == -1){
87
fprintf(stderr, "Mandos plugin %s: ",
88
program_invocation_short_name);
89
vfprintf(stderr, formatstring, ap);
90
fprintf(stderr, ": %s\n", strerror(errnum));
91
error(status, errno, "vasprintf while printing error");
92
return;
93
}
94
fprintf(stderr, "Mandos plugin ");
95
error(status, errnum, "%s", text);
96
free(text);
97
}
62
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
98
63
99
64
static void termination_handler(int signum){
100
65
if(quit_now){
104
69
signal_received = signum;
105
70
}
106
71
107
bool conflict_detection(void){
108
109
/* plymouth conflicts with password-prompt since both want to read
110
from the terminal. Password-prompt will exit if it detects
111
plymouth since plymouth performs the same functionality.
112
*/
113
__attribute__((nonnull))
114
int is_plymouth(const struct dirent *proc_entry){
115
int ret;
116
int cl_fd;
117
{
118
uintmax_t proc_id;
119
char *tmp;
120
errno = 0;
121
proc_id = strtoumax(proc_entry->d_name, &tmp, 10);
122
123
if(errno != 0 or *tmp != '\0'
124
or proc_id != (uintmax_t)((pid_t)proc_id)){
125
return 0;
126
}
127
}
128
129
char *cmdline_filename;
130
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
131
proc_entry->d_name);
132
if(ret == -1){
133
error_plus(0, errno, "asprintf");
134
return 0;
135
}
136
137
/* Open /proc/<pid>/cmdline */
138
cl_fd = open(cmdline_filename, O_RDONLY);
139
free(cmdline_filename);
140
if(cl_fd == -1){
141
if(errno != ENOENT){
142
error_plus(0, errno, "open");
143
}
144
return 0;
145
}
146
147
char *cmdline = NULL;
148
{
149
size_t cmdline_len = 0;
150
size_t cmdline_allocated = 0;
151
char *tmp;
152
const size_t blocksize = 1024;
153
ssize_t sret;
154
do {
155
/* Allocate more space? */
156
if(cmdline_len + blocksize + 1 > cmdline_allocated){
157
tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);
158
if(tmp == NULL){
159
error_plus(0, errno, "realloc");
160
free(cmdline);
161
close(cl_fd);
162
return 0;
163
}
164
cmdline = tmp;
165
cmdline_allocated += blocksize;
166
}
167
168
/* Read data */
169
sret = read(cl_fd, cmdline + cmdline_len,
170
cmdline_allocated - cmdline_len);
171
if(sret == -1){
172
error_plus(0, errno, "read");
173
free(cmdline);
174
close(cl_fd);
175
return 0;
176
}
177
cmdline_len += (size_t)sret;
178
} while(sret != 0);
179
ret = close(cl_fd);
180
if(ret == -1){
181
error_plus(0, errno, "close");
182
free(cmdline);
183
return 0;
184
}
185
cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */
186
}
187
/* we now have cmdline */
188
189
/* get basename */
190
char *cmdline_base = strrchr(cmdline, '/');
191
if(cmdline_base != NULL){
192
cmdline_base += 1; /* skip the slash */
193
} else {
194
cmdline_base = cmdline;
195
}
196
197
if(strcmp(cmdline_base, plymouth_name) != 0){
198
if(debug){
199
fprintf(stderr, "\"%s\" is not \"%s\"\n", cmdline_base,
200
plymouth_name);
201
}
202
free(cmdline);
203
return 0;
204
}
205
if(debug){
206
fprintf(stderr, "\"%s\" equals \"%s\"\n", cmdline_base,
207
plymouth_name);
208
}
209
free(cmdline);
210
return 1;
211
}
212
213
struct dirent **direntries = NULL;
214
int ret;
215
ret = scandir("/proc", &direntries, is_plymouth, alphasort);
216
if(ret == -1){
217
error_plus(1, errno, "scandir");
218
}
219
{
220
int i = ret;
221
while(i--){
222
free(direntries[i]);
223
}
224
}
225
free(direntries);
226
return ret > 0;
227
}
228
229
230
72
int main(int argc, char **argv){
231
ssize_t sret;
232
int ret;
73
ssize_t ret;
233
74
size_t n;
234
75
struct termios t_new, t_old;
235
76
char *buffer = NULL;
257
98
{ .name = NULL }
258
99
};
259
100
260
__attribute__((nonnull(3)))
261
101
error_t parse_opt (int key, char *arg, struct argp_state *state){
262
102
errno = 0;
263
103
switch (key){
274
114
argp_state_help(state, state->out_stream,
275
115
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
276
116
& ~(unsigned int)ARGP_HELP_EXIT_OK);
277
__builtin_unreachable();
278
117
case -3: /* --usage */
279
118
argp_state_help(state, state->out_stream,
280
119
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
281
__builtin_unreachable();
282
120
case 'V': /* --version */
283
121
fprintf(state->out_stream, "%s\n", argp_program_version);
284
122
exit(argp_err_exit_status);
301
139
case ENOMEM:
302
140
default:
303
141
errno = ret;
304
error_plus(0, errno, "argp_parse");
142
perror("argp_parse");
305
143
return EX_OSERR;
306
144
case EINVAL:
307
145
return EX_USAGE;
311
149
if(debug){
312
150
fprintf(stderr, "Starting %s\n", argv[0]);
313
151
}
314
315
if(conflict_detection()){
316
if(debug){
317
fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);
318
}
319
return EXIT_FAILURE;
320
}
321
322
152
if(debug){
323
153
fprintf(stderr, "Storing current terminal attributes\n");
324
154
}
325
155
326
156
if(tcgetattr(STDIN_FILENO, &t_old) != 0){
327
157
int e = errno;
328
error_plus(0, errno, "tcgetattr");
158
perror("tcgetattr");
329
159
switch(e){
330
160
case EBADF:
331
161
case ENOTTY:
338
168
sigemptyset(&new_action.sa_mask);
339
169
ret = sigaddset(&new_action.sa_mask, SIGINT);
340
170
if(ret == -1){
341
error_plus(0, errno, "sigaddset");
171
perror("sigaddset");
342
172
return EX_OSERR;
343
173
}
344
174
ret = sigaddset(&new_action.sa_mask, SIGHUP);
345
175
if(ret == -1){
346
error_plus(0, errno, "sigaddset");
176
perror("sigaddset");
347
177
return EX_OSERR;
348
178
}
349
179
ret = sigaddset(&new_action.sa_mask, SIGTERM);
350
180
if(ret == -1){
351
error_plus(0, errno, "sigaddset");
181
perror("sigaddset");
352
182
return EX_OSERR;
353
183
}
354
184
/* Need to check if the handler is SIG_IGN before handling:
357
187
*/
358
188
ret = sigaction(SIGINT, NULL, &old_action);
359
189
if(ret == -1){
360
error_plus(0, errno, "sigaction");
190
perror("sigaction");
361
191
return EX_OSERR;
362
192
}
363
193
if(old_action.sa_handler != SIG_IGN){
364
194
ret = sigaction(SIGINT, &new_action, NULL);
365
195
if(ret == -1){
366
error_plus(0, errno, "sigaction");
196
perror("sigaction");
367
197
return EX_OSERR;
368
198
}
369
199
}
370
200
ret = sigaction(SIGHUP, NULL, &old_action);
371
201
if(ret == -1){
372
error_plus(0, errno, "sigaction");
202
perror("sigaction");
373
203
return EX_OSERR;
374
204
}
375
205
if(old_action.sa_handler != SIG_IGN){
376
206
ret = sigaction(SIGHUP, &new_action, NULL);
377
207
if(ret == -1){
378
error_plus(0, errno, "sigaction");
208
perror("sigaction");
379
209
return EX_OSERR;
380
210
}
381
211
}
382
212
ret = sigaction(SIGTERM, NULL, &old_action);
383
213
if(ret == -1){
384
error_plus(0, errno, "sigaction");
214
perror("sigaction");
385
215
return EX_OSERR;
386
216
}
387
217
if(old_action.sa_handler != SIG_IGN){
388
218
ret = sigaction(SIGTERM, &new_action, NULL);
389
219
if(ret == -1){
390
error_plus(0, errno, "sigaction");
220
perror("sigaction");
391
221
return EX_OSERR;
392
222
}
393
223
}
401
231
t_new.c_lflag &= ~(tcflag_t)ECHO;
402
232
if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){
403
233
int e = errno;
404
error_plus(0, errno, "tcsetattr-echo");
234
perror("tcsetattr-echo");
405
235
switch(e){
406
236
case EBADF:
407
237
case ENOTTY:
428
258
fprintf(stderr, "%s ", prefix);
429
259
}
430
260
{
431
const char *cryptsource = getenv("CRYPTTAB_SOURCE");
432
const char *crypttarget = getenv("CRYPTTAB_NAME");
433
/* Before cryptsetup 1.1.0~rc2 */
434
if(cryptsource == NULL){
435
cryptsource = getenv("cryptsource");
436
}
437
if(crypttarget == NULL){
438
crypttarget = getenv("crypttarget");
439
}
440
const char *const prompt1 = "Unlocking the disk";
441
const char *const prompt2 = "Enter passphrase";
261
const char *cryptsource = getenv("cryptsource");
262
const char *crypttarget = getenv("crypttarget");
263
const char *const prompt
264
= "Enter passphrase to unlock the disk";
442
265
if(cryptsource == NULL){
443
266
if(crypttarget == NULL){
444
fprintf(stderr, "%s to unlock the disk: ", prompt2);
267
fprintf(stderr, "%s: ", prompt);
445
268
} else {
446
fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,
447
prompt2);
269
fprintf(stderr, "%s (%s): ", prompt, crypttarget);
448
270
}
449
271
} else {
450
272
if(crypttarget == NULL){
451
fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,
452
prompt2);
273
fprintf(stderr, "%s %s: ", prompt, cryptsource);
453
274
} else {
454
fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,
455
crypttarget, prompt2);
275
fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,
276
crypttarget);
456
277
}
457
278
}
458
279
}
459
sret = getline(&buffer, &n, stdin);
460
if(sret > 0){
280
ret = getline(&buffer, &n, stdin);
281
if(ret > 0){
461
282
status = EXIT_SUCCESS;
462
283
/* Make n = data size instead of allocated buffer size */
463
n = (size_t)sret;
284
n = (size_t)ret;
464
285
/* Strip final newline */
465
286
if(n > 0 and buffer[n-1] == '\n'){
466
287
buffer[n-1] = '\0'; /* not strictly necessary */
468
289
}
469
290
size_t written = 0;
470
291
while(written < n){
471
sret = write(STDOUT_FILENO, buffer + written, n - written);
472
if(sret < 0){
292
ret = write(STDOUT_FILENO, buffer + written, n - written);
293
if(ret < 0){
473
294
int e = errno;
474
error_plus(0, errno, "write");
295
perror("write");
475
296
switch(e){
476
297
case EBADF:
477
298
case EFAULT:
488
309
}
489
310
break;
490
311
}
491
written += (size_t)sret;
312
written += (size_t)ret;
492
313
}
493
sret = close(STDOUT_FILENO);
494
if(sret == -1){
314
ret = close(STDOUT_FILENO);
315
if(ret == -1){
495
316
int e = errno;
496
error_plus(0, errno, "close");
317
perror("close");
497
318
switch(e){
498
319
case EBADF:
499
320
status = EX_OSFILE;
506
327
}
507
328
break;
508
329
}
509
if(sret < 0){
330
if(ret < 0){
510
331
int e = errno;
511
332
if(errno != EINTR and not feof(stdin)){
512
error_plus(0, errno, "getline");
333
perror("getline");
513
334
switch(e){
514
335
case EBADF:
515
336
status = EX_UNAVAILABLE;
516
break;
517
337
case EIO:
518
338
case EINVAL:
519
339
default:
523
343
break;
524
344
}
525
345
}
526
/* if(sret == 0), then the only sensible thing to do is to retry
527
to read from stdin */
346
/* if(ret == 0), then the only sensible thing to do is to retry to
347
read from stdin */
528
348
fputc('\n', stderr);
529
349
if(debug and not quit_now){
530
350
/* If quit_now is nonzero, we were interrupted by a signal, and
539
359
fprintf(stderr, "Restoring terminal attributes\n");
540
360
}
541
361
if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){
542
error_plus(0, errno, "tcsetattr+echo");
362
perror("tcsetattr+echo");
543
363
}
544
364
545
365
if(quit_now){
547
367
old_action.sa_handler = SIG_DFL;
548
368
ret = sigaction(signal_received, &old_action, NULL);
549
369
if(ret == -1){
550
error_plus(0, errno, "sigaction");
370
perror("sigaction");
551
371
}
552
372
raise(signal_received);
553
373
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0