/mandos/trunk : revision 397

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/splashy.c

Committer: Teddy Hogeborn
Date: 2009-10-30 16:23:43 UTC
Revision ID: teddy@fukt.bsnet.se-20091030162343-1p2a8bf3gc084kc9

* plugins.d/password-prompt.c: Use environment variables and prompt
                               text from cryptsetup 1.1.
* plugins.d/password-prompt.xml (ENVIRONMENT): Document change in
                                               environment variables
                                               used.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-options.xml

mandos.lsm

overview.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/splashy.c

/* -*- coding: utf-8 -*- */

* Splashy - Read a password from splashy and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction,

SIG_IGN, kill(), SIGKILL */

#include <stddef.h> /* NULL */

#include <stdlib.h> /* getenv() */

#include <stdio.h> /* asprintf(), perror() */

#include <stdlib.h> /* EXIT_FAILURE, free(),

EXIT_SUCCESS */

#include <sys/types.h> /* pid_t, DIR, struct dirent,

ssize_t */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <inttypes.h> /* intmax_t, strtoimax() */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

#include <iso646.h> /* not, or, and */

#include <unistd.h> /* readlink(), fork(), execl(),

sleep(), dup2() STDERR_FILENO,

STDOUT_FILENO, _exit(),

pause() */

#include <string.h> /* memcmp() */

#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,

ENOENT, ENAMETOOLONG, EMFILE,

ENFILE, ENOMEM, ENOEXEC, EINVAL,

E2BIG, EFAULT, EIO, ETXTBSY,

EISDIR, ELIBBAD, EPERM, EINTR,

ECHILD */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS() */

#include <sysexits.h> /* EX_OSERR, EX_OSFILE,

EX_UNAVAILABLE */

sig_atomic_t interrupted_by_signal = 0;

int signal_received;

static void termination_handler(int signum){

if(interrupted_by_signal){

return;

}

interrupted_by_signal = 1;

signal_received = signum;

}

int main(__attribute__((unused))int argc,

__attribute__((unused))char **argv){

int ret = 0;

char *prompt = NULL;

DIR *proc_dir = NULL;

pid_t splashy_pid = 0;

pid_t splashy_command_pid = 0;

int exitstatus = EXIT_FAILURE;

/* Create prompt string */

{

const char *const cryptsource = getenv("cryptsource");

const char *const crypttarget = getenv("crypttarget");

const char *const prompt_start = "getpass "

"Enter passphrase to unlock the disk";

if(cryptsource == NULL){

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s: ", prompt_start);

} else {

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

crypttarget);

}

} else {

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

} else {

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

cryptsource, crypttarget);

}

if(ret == -1){

100

prompt = NULL;

101

exitstatus = EX_OSERR;

102

goto failure;

103

}

104

}

105

106

/* Find splashy process */

107

{

108

const char splashy_name[] = "/sbin/splashy";

109

proc_dir = opendir("/proc");

110

if(proc_dir == NULL){

111

int e = errno;

112

perror("opendir");

113

switch(e){

114

case EACCES:

115

case ENOTDIR:

116

case ELOOP:

117

case ENOENT:

118

default:

119

exitstatus = EX_OSFILE;

120

break;

121

case ENAMETOOLONG:

122

case EMFILE:

123

case ENFILE:

124

case ENOMEM:

125

exitstatus = EX_OSERR;

126

break;

127

}

128

goto failure;

129

}

130

for(struct dirent *proc_ent = readdir(proc_dir);

131

proc_ent != NULL;

132

proc_ent = readdir(proc_dir)){

133

pid_t pid;

134

{

135

intmax_t tmpmax;

136

char *tmp;

137

errno = 0;

138

tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);

139

if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'

140

or tmpmax != (pid_t)tmpmax){

141

/* Not a process */

142

continue;

143

}

144

pid = (pid_t)tmpmax;

145

}

146

/* Find the executable name by doing readlink() on the

147

/proc/<pid>/exe link */

148

char exe_target[sizeof(splashy_name)];

149

ssize_t sret;

150

{

151

char *exe_link;

152

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

153

if(ret == -1){

154

perror("asprintf");

155

exitstatus = EX_OSERR;

156

goto failure;

157

}

158

159

/* Check that it refers to a symlink owned by root:root */

160

struct stat exe_stat;

161

ret = lstat(exe_link, &exe_stat);

162

if(ret == -1){

163

if(errno == ENOENT){

164

free(exe_link);

165

continue;

166

}

167

int e = errno;

168

perror("lstat");

169

free(exe_link);

170

switch(e){

171

case EACCES:

172

case ENOTDIR:

173

case ELOOP:

174

default:

175

exitstatus = EX_OSFILE;

176

break;

177

case ENAMETOOLONG:

178

exitstatus = EX_OSERR;

179

break;

180

}

181

goto failure;

182

}

183

if(not S_ISLNK(exe_stat.st_mode)

184

or exe_stat.st_uid != 0

185

or exe_stat.st_gid != 0){

186

free(exe_link);

187

continue;

188

}

189

190

sret = readlink(exe_link, exe_target, sizeof(exe_target));

191

free(exe_link);

192

}

193

if((sret == ((ssize_t)sizeof(exe_target)-1))

194

and (memcmp(splashy_name, exe_target,

195

sizeof(exe_target)-1) == 0)){

196

splashy_pid = pid;

197

break;

198

}

199

}

200

closedir(proc_dir);

201

proc_dir = NULL;

202

}

203

if(splashy_pid == 0){

204

exitstatus = EX_UNAVAILABLE;

205

goto failure;

206

}

207

208

/* Set up the signal handler */

209

{

210

struct sigaction old_action,

211

new_action = { .sa_handler = termination_handler,

212

.sa_flags = 0 };

213

sigemptyset(&new_action.sa_mask);

214

ret = sigaddset(&new_action.sa_mask, SIGINT);

215

if(ret == -1){

216

perror("sigaddset");

217

exitstatus = EX_OSERR;

218

goto failure;

219

}

220

ret = sigaddset(&new_action.sa_mask, SIGHUP);

221

if(ret == -1){

222

perror("sigaddset");

223

exitstatus = EX_OSERR;

224

goto failure;

225

}

226

ret = sigaddset(&new_action.sa_mask, SIGTERM);

227

if(ret == -1){

228

perror("sigaddset");

229

exitstatus = EX_OSERR;

230

goto failure;

231

}

232

ret = sigaction(SIGINT, NULL, &old_action);

233

if(ret == -1){

234

perror("sigaction");

235

exitstatus = EX_OSERR;

236

goto failure;

237

}

238

if(old_action.sa_handler != SIG_IGN){

239

ret = sigaction(SIGINT, &new_action, NULL);

240

if(ret == -1){

241

perror("sigaction");

242

exitstatus = EX_OSERR;

243

goto failure;

244

}

245

}

246

ret = sigaction(SIGHUP, NULL, &old_action);

247

if(ret == -1){

248

perror("sigaction");

249

exitstatus = EX_OSERR;

250

goto failure;

251

}

252

if(old_action.sa_handler != SIG_IGN){

253

ret = sigaction(SIGHUP, &new_action, NULL);

254

if(ret == -1){

255

perror("sigaction");

256

exitstatus = EX_OSERR;

257

goto failure;

258

}

259

}

260

ret = sigaction(SIGTERM, NULL, &old_action);

261

if(ret == -1){

262

perror("sigaction");

263

exitstatus = EX_OSERR;

264

goto failure;

265

}

266

if(old_action.sa_handler != SIG_IGN){

267

ret = sigaction(SIGTERM, &new_action, NULL);

268

if(ret == -1){

269

perror("sigaction");

270

exitstatus = EX_OSERR;

271

goto failure;

272

}

273

}

274

}

275

276

if(interrupted_by_signal){

277

goto failure;

278

}

279

280

/* Fork off the splashy command to prompt for password */

281

splashy_command_pid = fork();

282

if(splashy_command_pid != 0 and interrupted_by_signal){

283

goto failure;

284

}

285

if(splashy_command_pid == -1){

286

perror("fork");

287

exitstatus = EX_OSERR;

288

goto failure;

289

}

290

/* Child */

291

if(splashy_command_pid == 0){

292

if(not interrupted_by_signal){

293

const char splashy_command[] = "/sbin/splashy_update";

294

execl(splashy_command, splashy_command, prompt, (char *)NULL);

295

int e = errno;

296

perror("execl");

297

switch(e){

298

case EACCES:

299

case ENOENT:

300

case ENOEXEC:

301

case EINVAL:

302

_exit(EX_UNAVAILABLE);

303

case ENAMETOOLONG:

304

case E2BIG:

305

case ENOMEM:

306

case EFAULT:

307

case EIO:

308

case EMFILE:

309

case ENFILE:

310

case ETXTBSY:

311

default:

312

_exit(EX_OSERR);

313

case ENOTDIR:

314

case ELOOP:

315

case EISDIR:

316

case ELIBBAD:

317

case EPERM:

318

_exit(EX_OSFILE);

319

}

320

}

321

free(prompt);

322

_exit(EXIT_FAILURE);

323

}

324

325

/* Parent */

326

free(prompt);

327

prompt = NULL;

328

329

if(interrupted_by_signal){

330

goto failure;

331

}

332

333

/* Wait for command to complete */

334

{

335

int status;

336

do {

337

ret = waitpid(splashy_command_pid, &status, 0);

338

} while(ret == -1 and errno == EINTR

339

and not interrupted_by_signal);

340

if(interrupted_by_signal){

341

goto failure;

342

}

343

if(ret == -1){

344

perror("waitpid");

345

if(errno == ECHILD){

346

splashy_command_pid = 0;

347

}

348

} else {

349

/* The child process has exited */

350

splashy_command_pid = 0;

351

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

352

return EXIT_SUCCESS;

353

}

354

}

355

}

356

357

failure:

358

359

free(prompt);

360

361

if(proc_dir != NULL){

362

TEMP_FAILURE_RETRY(closedir(proc_dir));

363

}

364

365

if(splashy_command_pid != 0){

366

TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));

367

368

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));

369

sleep(2);

370

while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){

371

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));

372

sleep(1);

373

}

374

pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());

375

if(new_splashy_pid == 0){

376

/* Child; will become new splashy process */

377

378

/* Make the effective user ID (root) the only user ID instead of

379

the real user ID (_mandos) */

380

ret = setuid(geteuid());

381

if(ret == -1){

382

perror("setuid");

383

}

384

385

setsid();

386

ret = chdir("/");

387

if(ret == -1){

388

perror("chdir");

389

}

390

/* if(fork() != 0){ */

391

/* _exit(EXIT_SUCCESS); */

392

/* } */

393

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */

394

if(ret == -1){

395

perror("dup2");

396

_exit(EX_OSERR);

397

}

398

399

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

400

{

401

int e = errno;

402

perror("execl");

403

switch(e){

404

case EACCES:

405

case ENOENT:

406

case ENOEXEC:

407

default:

408

_exit(EX_UNAVAILABLE);

409

case ENAMETOOLONG:

410

case E2BIG:

411

case ENOMEM:

412

_exit(EX_OSERR);

413

case ENOTDIR:

414

case ELOOP:

415

_exit(EX_OSFILE);

416

}

417

}

418

}

419

}

420

421

if(interrupted_by_signal){

422

struct sigaction signal_action;

423

sigemptyset(&signal_action.sa_mask);

424

signal_action.sa_handler = SIG_DFL;

425

ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,

426

&signal_action, NULL));

427

if(ret == -1){

428

perror("sigaction");

429

}

430

do {

431

ret = raise(signal_received);

432

} while(ret != 0 and errno == EINTR);

433

if(ret != 0){

434

perror("raise");

435

abort();

436

}

437

TEMP_FAILURE_RETRY(pause());

438

}

439

440

return exitstatus;

441

}

Older »