To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/splashy.c
- browse files at revision 445
- compare with another revision
- download diff
- download tarball
- view history from revision 445
- Committer: Teddy Hogeborn
- Date: 2010-09-26 21:27:28 UTC
- Revision ID: teddy@fukt.bsnet.se-20100926212728-ej205k5037nfhz2g
Update copyright year to "2010" wherever appropriate.
* plugin-runner.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugin-runner.c: - '' -
* plugins.d/mandos-client.c: - '' -
- files added:
- DBUS-API
- files removed:
- debian/mandos-client.config
- files modified:
- INSTALL
added
removed
plugins.d/splashy.c
1
#define _GNU_SOURCE /* asprintf() */
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Splashy - Read a password from splashy and output it
4
*
5
* Copyright © 2008-2010 Teddy Hogeborn
6
* Copyright © 2008-2010 Björn Påhlsson
7
*
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
* General Public License for more details.
17
*
18
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
*
22
* Contact the authors at <mandos@fukt.bsnet.se>.
23
*/
24
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
2
26
#include <signal.h> /* sig_atomic_t, struct sigaction,
3
27
sigemptyset(), sigaddset(), SIGINT,
4
28
SIGHUP, SIGTERM, sigaction,
5
29
SIG_IGN, kill(), SIGKILL */
6
30
#include <stddef.h> /* NULL */
7
31
#include <stdlib.h> /* getenv() */
8
#include <stdio.h> /* asprintf(), perror() */
9
#include <stdlib.h> /* EXIT_FAILURE, free(), strtoul(),
32
#include <stdio.h> /* asprintf() */
33
#include <stdlib.h> /* EXIT_FAILURE, free(),
10
34
EXIT_SUCCESS */
11
35
#include <sys/types.h> /* pid_t, DIR, struct dirent,
12
36
ssize_t */
13
37
#include <dirent.h> /* opendir(), readdir(), closedir() */
38
#include <inttypes.h> /* intmax_t, strtoimax() */
14
39
#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */
15
40
#include <iso646.h> /* not, or, and */
16
41
#include <unistd.h> /* readlink(), fork(), execl(),
17
42
sleep(), dup2() STDERR_FILENO,
18
STDOUT_FILENO, _exit() */
43
STDOUT_FILENO, _exit(),
44
pause() */
19
45
#include <string.h> /* memcmp() */
20
#include <errno.h> /* errno */
46
#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,
47
ENOENT, ENAMETOOLONG, EMFILE,
48
ENFILE, ENOMEM, ENOEXEC, EINVAL,
49
E2BIG, EFAULT, EIO, ETXTBSY,
50
EISDIR, ELIBBAD, EPERM, EINTR,
51
ECHILD */
52
#include <error.h> /* error() */
21
53
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
22
54
WEXITSTATUS() */
55
#include <sysexits.h> /* EX_OSERR, EX_OSFILE,
56
EX_UNAVAILABLE */
23
57
24
58
sig_atomic_t interrupted_by_signal = 0;
59
int signal_received;
25
60
26
static void termination_handler(__attribute__((unused))int signum){
61
static void termination_handler(int signum){
62
if(interrupted_by_signal){
63
return;
64
}
27
65
interrupted_by_signal = 1;
66
signal_received = signum;
28
67
}
29
68
30
69
int main(__attribute__((unused))int argc,
31
70
__attribute__((unused))char **argv){
32
71
int ret = 0;
72
char *prompt = NULL;
73
DIR *proc_dir = NULL;
74
pid_t splashy_pid = 0;
75
pid_t splashy_command_pid = 0;
76
int exitstatus = EXIT_FAILURE;
33
77
34
78
/* Create prompt string */
35
char *prompt = NULL;
36
79
{
37
80
const char *const cryptsource = getenv("cryptsource");
38
81
const char *const crypttarget = getenv("crypttarget");
55
98
}
56
99
}
57
100
if(ret == -1){
58
return EXIT_FAILURE;
101
prompt = NULL;
102
exitstatus = EX_OSERR;
103
goto failure;
59
104
}
60
105
}
61
106
62
107
/* Find splashy process */
63
pid_t splashy_pid = 0;
64
108
{
65
109
const char splashy_name[] = "/sbin/splashy";
66
DIR *proc_dir = opendir("/proc");
110
proc_dir = opendir("/proc");
67
111
if(proc_dir == NULL){
68
free(prompt);
69
perror("opendir");
70
return EXIT_FAILURE;
112
int e = errno;
113
error(0, errno, "opendir");
114
switch(e){
115
case EACCES:
116
case ENOTDIR:
117
case ELOOP:
118
case ENOENT:
119
default:
120
exitstatus = EX_OSFILE;
121
break;
122
case ENAMETOOLONG:
123
case EMFILE:
124
case ENFILE:
125
case ENOMEM:
126
exitstatus = EX_OSERR;
127
break;
128
}
129
goto failure;
71
130
}
72
131
for(struct dirent *proc_ent = readdir(proc_dir);
73
132
proc_ent != NULL;
74
133
proc_ent = readdir(proc_dir)){
75
pid_t pid = (pid_t) strtoul(proc_ent->d_name, NULL, 10);
76
if(pid == 0){
77
/* Not a process */
78
continue;
134
pid_t pid;
135
{
136
intmax_t tmpmax;
137
char *tmp;
138
errno = 0;
139
tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);
140
if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'
141
or tmpmax != (pid_t)tmpmax){
142
/* Not a process */
143
continue;
144
}
145
pid = (pid_t)tmpmax;
79
146
}
80
147
/* Find the executable name by doing readlink() on the
81
148
/proc/<pid>/exe link */
85
152
char *exe_link;
86
153
ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);
87
154
if(ret == -1){
88
perror("asprintf");
89
free(prompt);
90
closedir(proc_dir);
91
return EXIT_FAILURE;
155
error(0, errno, "asprintf");
156
exitstatus = EX_OSERR;
157
goto failure;
92
158
}
93
159
94
160
/* Check that it refers to a symlink owned by root:root */
95
161
struct stat exe_stat;
96
162
ret = lstat(exe_link, &exe_stat);
97
163
if(ret == -1){
98
perror("lstat");
164
if(errno == ENOENT){
165
free(exe_link);
166
continue;
167
}
168
int e = errno;
169
error(0, errno, "lstat");
99
170
free(exe_link);
100
free(prompt);
101
closedir(proc_dir);
102
return EXIT_FAILURE;
171
switch(e){
172
case EACCES:
173
case ENOTDIR:
174
case ELOOP:
175
default:
176
exitstatus = EX_OSFILE;
177
break;
178
case ENAMETOOLONG:
179
exitstatus = EX_OSERR;
180
break;
181
}
182
goto failure;
103
183
}
104
184
if(not S_ISLNK(exe_stat.st_mode)
105
185
or exe_stat.st_uid != 0
119
199
}
120
200
}
121
201
closedir(proc_dir);
202
proc_dir = NULL;
122
203
}
123
204
if(splashy_pid == 0){
124
free(prompt);
125
return EXIT_FAILURE;
205
exitstatus = EX_UNAVAILABLE;
206
goto failure;
126
207
}
127
208
128
209
/* Set up the signal handler */
131
212
new_action = { .sa_handler = termination_handler,
132
213
.sa_flags = 0 };
133
214
sigemptyset(&new_action.sa_mask);
134
sigaddset(&new_action.sa_mask, SIGINT);
135
sigaddset(&new_action.sa_mask, SIGHUP);
136
sigaddset(&new_action.sa_mask, SIGTERM);
215
ret = sigaddset(&new_action.sa_mask, SIGINT);
216
if(ret == -1){
217
error(0, errno, "sigaddset");
218
exitstatus = EX_OSERR;
219
goto failure;
220
}
221
ret = sigaddset(&new_action.sa_mask, SIGHUP);
222
if(ret == -1){
223
error(0, errno, "sigaddset");
224
exitstatus = EX_OSERR;
225
goto failure;
226
}
227
ret = sigaddset(&new_action.sa_mask, SIGTERM);
228
if(ret == -1){
229
error(0, errno, "sigaddset");
230
exitstatus = EX_OSERR;
231
goto failure;
232
}
137
233
ret = sigaction(SIGINT, NULL, &old_action);
138
234
if(ret == -1){
139
perror("sigaction");
140
free(prompt);
141
return EXIT_FAILURE;
235
error(0, errno, "sigaction");
236
exitstatus = EX_OSERR;
237
goto failure;
142
238
}
143
239
if(old_action.sa_handler != SIG_IGN){
144
240
ret = sigaction(SIGINT, &new_action, NULL);
145
241
if(ret == -1){
146
perror("sigaction");
147
free(prompt);
148
return EXIT_FAILURE;
242
error(0, errno, "sigaction");
243
exitstatus = EX_OSERR;
244
goto failure;
149
245
}
150
246
}
151
247
ret = sigaction(SIGHUP, NULL, &old_action);
152
248
if(ret == -1){
153
perror("sigaction");
154
free(prompt);
155
return EXIT_FAILURE;
249
error(0, errno, "sigaction");
250
exitstatus = EX_OSERR;
251
goto failure;
156
252
}
157
253
if(old_action.sa_handler != SIG_IGN){
158
254
ret = sigaction(SIGHUP, &new_action, NULL);
159
255
if(ret == -1){
160
perror("sigaction");
161
free(prompt);
162
return EXIT_FAILURE;
256
error(0, errno, "sigaction");
257
exitstatus = EX_OSERR;
258
goto failure;
163
259
}
164
260
}
165
261
ret = sigaction(SIGTERM, NULL, &old_action);
166
262
if(ret == -1){
167
perror("sigaction");
168
free(prompt);
169
return EXIT_FAILURE;
263
error(0, errno, "sigaction");
264
exitstatus = EX_OSERR;
265
goto failure;
170
266
}
171
267
if(old_action.sa_handler != SIG_IGN){
172
268
ret = sigaction(SIGTERM, &new_action, NULL);
173
269
if(ret == -1){
174
perror("sigaction");
175
free(prompt);
176
return EXIT_FAILURE;
270
error(0, errno, "sigaction");
271
exitstatus = EX_OSERR;
272
goto failure;
177
273
}
178
274
}
179
275
}
180
276
277
if(interrupted_by_signal){
278
goto failure;
279
}
280
181
281
/* Fork off the splashy command to prompt for password */
182
pid_t splashy_command_pid = 0;
183
if(not interrupted_by_signal){
184
splashy_command_pid = fork();
185
if(splashy_command_pid == -1){
186
if(not interrupted_by_signal){
187
perror("fork");
188
}
189
return EXIT_FAILURE;
190
}
191
/* Child */
192
if(splashy_command_pid == 0){
282
splashy_command_pid = fork();
283
if(splashy_command_pid != 0 and interrupted_by_signal){
284
goto failure;
285
}
286
if(splashy_command_pid == -1){
287
error(0, errno, "fork");
288
exitstatus = EX_OSERR;
289
goto failure;
290
}
291
/* Child */
292
if(splashy_command_pid == 0){
293
if(not interrupted_by_signal){
193
294
const char splashy_command[] = "/sbin/splashy_update";
194
ret = execl(splashy_command, splashy_command, prompt,
195
(char *)NULL);
196
if(not interrupted_by_signal){
197
perror("execl");
295
execl(splashy_command, splashy_command, prompt, (char *)NULL);
296
int e = errno;
297
error(0, errno, "execl");
298
switch(e){
299
case EACCES:
300
case ENOENT:
301
case ENOEXEC:
302
case EINVAL:
303
_exit(EX_UNAVAILABLE);
304
case ENAMETOOLONG:
305
case E2BIG:
306
case ENOMEM:
307
case EFAULT:
308
case EIO:
309
case EMFILE:
310
case ENFILE:
311
case ETXTBSY:
312
default:
313
_exit(EX_OSERR);
314
case ENOTDIR:
315
case ELOOP:
316
case EISDIR:
317
case ELIBBAD:
318
case EPERM:
319
_exit(EX_OSFILE);
198
320
}
199
free(prompt);
200
_exit(EXIT_FAILURE);
201
321
}
322
free(prompt);
323
_exit(EXIT_FAILURE);
202
324
}
203
325
204
326
/* Parent */
205
327
free(prompt);
328
prompt = NULL;
329
330
if(interrupted_by_signal){
331
goto failure;
332
}
206
333
207
334
/* Wait for command to complete */
208
if(not interrupted_by_signal and splashy_command_pid != 0){
335
{
209
336
int status;
210
ret = waitpid(splashy_command_pid, &status, 0);
337
do {
338
ret = waitpid(splashy_command_pid, &status, 0);
339
} while(ret == -1 and errno == EINTR
340
and not interrupted_by_signal);
341
if(interrupted_by_signal){
342
goto failure;
343
}
211
344
if(ret == -1){
212
if(errno != EINTR){
213
perror("waitpid");
214
}
345
error(0, errno, "waitpid");
215
346
if(errno == ECHILD){
216
347
splashy_command_pid = 0;
217
348
}
218
349
} else {
219
350
/* The child process has exited */
220
351
splashy_command_pid = 0;
221
if(not interrupted_by_signal and WIFEXITED(status)
222
and WEXITSTATUS(status)==0){
352
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
223
353
return EXIT_SUCCESS;
224
354
}
225
355
}
226
356
}
227
kill(splashy_pid, SIGTERM);
228
if(interrupted_by_signal and splashy_command_pid != 0){
229
kill(splashy_command_pid, SIGTERM);
230
}
231
sleep(2);
232
while(kill(splashy_pid, 0) == 0){
233
kill(splashy_pid, SIGKILL);
234
sleep(1);
235
}
236
pid_t new_splashy_pid = fork();
237
if(new_splashy_pid == 0){
238
/* Child; will become new splashy process */
239
240
/* Make the effective user ID (root) the only user ID instead of
241
the real user ID (mandos) */
242
ret = setuid(geteuid());
243
if(ret == -1){
244
perror("setuid");
245
}
246
247
setsid();
248
ret = chdir("/");
249
/* if(fork() != 0){ */
250
/* _exit(EXIT_SUCCESS); */
251
/* } */
252
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */
253
if(ret == -1){
254
perror("dup2");
255
_exit(EXIT_FAILURE);
256
}
257
258
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
259
if(not interrupted_by_signal){
260
perror("execl");
261
}
262
_exit(EXIT_FAILURE);
263
}
264
265
return EXIT_FAILURE;
357
358
failure:
359
360
free(prompt);
361
362
if(proc_dir != NULL){
363
TEMP_FAILURE_RETRY(closedir(proc_dir));
364
}
365
366
if(splashy_command_pid != 0){
367
TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));
368
369
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));
370
sleep(2);
371
while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){
372
TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));
373
sleep(1);
374
}
375
pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());
376
if(new_splashy_pid == 0){
377
/* Child; will become new splashy process */
378
379
/* Make the effective user ID (root) the only user ID instead of
380
the real user ID (_mandos) */
381
ret = setuid(geteuid());
382
if(ret == -1){
383
error(0, errno, "setuid");
384
}
385
386
setsid();
387
ret = chdir("/");
388
if(ret == -1){
389
error(0, errno, "chdir");
390
}
391
/* if(fork() != 0){ */
392
/* _exit(EXIT_SUCCESS); */
393
/* } */
394
ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */
395
if(ret == -1){
396
error(0, errno, "dup2");
397
_exit(EX_OSERR);
398
}
399
400
execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);
401
{
402
int e = errno;
403
error(0, errno, "execl");
404
switch(e){
405
case EACCES:
406
case ENOENT:
407
case ENOEXEC:
408
default:
409
_exit(EX_UNAVAILABLE);
410
case ENAMETOOLONG:
411
case E2BIG:
412
case ENOMEM:
413
_exit(EX_OSERR);
414
case ENOTDIR:
415
case ELOOP:
416
_exit(EX_OSFILE);
417
}
418
}
419
}
420
}
421
422
if(interrupted_by_signal){
423
struct sigaction signal_action;
424
sigemptyset(&signal_action.sa_mask);
425
signal_action.sa_handler = SIG_DFL;
426
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
427
&signal_action, NULL));
428
if(ret == -1){
429
error(0, errno, "sigaction");
430
}
431
do {
432
ret = raise(signal_received);
433
} while(ret != 0 and errno == EINTR);
434
if(ret != 0){
435
error(0, errno, "raise");
436
abort();
437
}
438
TEMP_FAILURE_RETRY(pause());
439
}
440
441
return exitstatus;
266
442
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0