3
3
* Password-prompt - Read a password from the terminal and print it
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
5
* Copyright © 2008-2010 Teddy Hogeborn
6
* Copyright © 2008-2010 Björn Påhlsson
8
8
* This program is free software: you can redistribute it and/or
9
9
* modify it under the terms of the GNU General Public License as
22
22
* Contact the authors at <mandos@fukt.bsnet.se>.
25
#define _GNU_SOURCE /* getline() */
25
#define _GNU_SOURCE /* getline(), asprintf() */
27
#include <termios.h> /* struct termios, tcsetattr(),
27
#include <termios.h> /* struct termios, tcsetattr(),
28
28
TCSAFLUSH, tcgetattr(), ECHO */
29
29
#include <unistd.h> /* struct termios, tcsetattr(),
30
30
STDIN_FILENO, TCSAFLUSH,
31
tcgetattr(), ECHO, readlink() */
32
32
#include <signal.h> /* sig_atomic_t, raise(), struct
33
33
sigaction, sigemptyset(),
34
34
sigaction(), sigaddset(), SIGINT,
35
35
SIGQUIT, SIGHUP, SIGTERM,
37
37
#include <stddef.h> /* NULL, size_t, ssize_t */
38
#include <sys/types.h> /* ssize_t */
38
#include <sys/types.h> /* ssize_t, struct dirent, pid_t,
39
40
#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,
42
#include <dirent.h> /* scandir(), alphasort() */
41
43
#include <stdio.h> /* fprintf(), stderr, getline(),
42
stdin, feof(), perror(), fputc()
44
stdin, feof(), fputc(), vfprintf(),
44
46
#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,
45
47
EFAULT, EFBIG, EIO, ENOSPC, EINTR
49
#include <error.h> /* error() */
47
50
#include <iso646.h> /* or, not */
48
51
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* strlen, rindex, strncmp, strcmp */
52
#include <inttypes.h> /* strtoumax() */
53
#include <sys/stat.h> /* struct stat, lstat(), open() */
54
#include <string.h> /* strlen, rindex, memcmp, strerror()
50
56
#include <argp.h> /* struct argp_option, struct
51
57
argp_state, struct argp,
52
58
argp_parse(), error_t,
61
69
const char *argp_program_version = "password-prompt " VERSION;
62
70
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
72
/* Needed for conflict resolution */
73
const char plymouth_name[] = "plymouthd";
75
/* Function to use when printing errors */
76
void error_plus(int status, int errnum, const char *formatstring,
82
va_start(ap, formatstring);
83
ret = vasprintf(&text, formatstring, ap);
85
fprintf(stderr, "Mandos plugin %s: ",
86
program_invocation_short_name);
87
vfprintf(stderr, formatstring, ap);
88
fprintf(stderr, ": ");
89
fprintf(stderr, "%s\n", strerror(errnum));
90
error(status, errno, "vasprintf while printing error");
93
fprintf(stderr, "Mandos plugin ");
94
error(status, errnum, "%s", text);
64
98
static void termination_handler(int signum){
69
103
signal_received = signum;
106
bool conflict_detection(void){
108
/* plymouth conflicts with password-prompt since both want to read
109
from the terminal. Password-prompt will exit if it detects
110
plymouth since plymouth performs the same functionality.
112
int is_plymouth(const struct dirent *proc_entry){
119
maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);
121
if(errno != 0 or *tmp != '\0'
122
or maxvalue != (uintmax_t)((pid_t)maxvalue)){
127
char *cmdline_filename;
128
ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",
131
error(0, errno, "asprintf");
135
/* Open /proc/<pid>/cmdline */
136
cl_fd = open(cmdline_filename, O_RDONLY);
137
free(cmdline_filename);
140
error(0, errno, "open");
145
char *cmdline = NULL;
147
size_t cmdline_len = 0;
148
size_t cmdline_allocated = 0;
150
const size_t blocksize = 1024;
153
/* Allocate more space? */
154
if(cmdline_len + blocksize + 1 > cmdline_allocated){
155
tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);
157
error(0, errno, "realloc");
163
cmdline_allocated += blocksize;
167
sret = read(cl_fd, cmdline + cmdline_len,
168
cmdline_allocated - cmdline_len);
170
error(0, errno, "read");
175
cmdline_len += (size_t)sret;
179
error(0, errno, "close");
183
cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */
185
/* we now have cmdline */
188
char *cmdline_base = strrchr(cmdline, '/');
189
if(cmdline_base != NULL){
190
cmdline_base += 1; /* skip the slash */
192
cmdline_base = cmdline;
195
if(strcmp(cmdline_base, plymouth_name) != 0){
197
fprintf(stderr, "\"%s\" is not \"%s\"\n", cmdline_base,
204
fprintf(stderr, "\"%s\" equals \"%s\"\n", cmdline_base,
211
struct dirent **direntries;
213
ret = scandir("/proc", &direntries, is_plymouth, alphasort);
215
error(1, errno, "scandir");
72
221
int main(int argc, char **argv){
75
225
struct termios t_new, t_old;
76
226
char *buffer = NULL;
150
300
fprintf(stderr, "Starting %s\n", argv[0]);
303
if (conflict_detection()){
305
fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);
153
311
fprintf(stderr, "Storing current terminal attributes\n");
156
314
if(tcgetattr(STDIN_FILENO, &t_old) != 0){
316
error(0, errno, "tcgetattr");
168
326
sigemptyset(&new_action.sa_mask);
169
327
ret = sigaddset(&new_action.sa_mask, SIGINT);
329
error(0, errno, "sigaddset");
174
332
ret = sigaddset(&new_action.sa_mask, SIGHUP);
334
error(0, errno, "sigaddset");
179
337
ret = sigaddset(&new_action.sa_mask, SIGTERM);
339
error(0, errno, "sigaddset");
184
342
/* Need to check if the handler is SIG_IGN before handling:
188
346
ret = sigaction(SIGINT, NULL, &old_action);
348
error(0, errno, "sigaction");
193
351
if(old_action.sa_handler != SIG_IGN){
194
352
ret = sigaction(SIGINT, &new_action, NULL);
354
error(0, errno, "sigaction");
200
358
ret = sigaction(SIGHUP, NULL, &old_action);
360
error(0, errno, "sigaction");
205
363
if(old_action.sa_handler != SIG_IGN){
206
364
ret = sigaction(SIGHUP, &new_action, NULL);
366
error(0, errno, "sigaction");
212
370
ret = sigaction(SIGTERM, NULL, &old_action);
372
error(0, errno, "sigaction");
217
375
if(old_action.sa_handler != SIG_IGN){
218
376
ret = sigaction(SIGTERM, &new_action, NULL);
378
error(0, errno, "sigaction");
258
416
fprintf(stderr, "%s ", prefix);
261
const char *cryptsource = getenv("cryptsource");
262
const char *crypttarget = getenv("crypttarget");
263
const char *const prompt
264
= "Enter passphrase to unlock the disk";
419
const char *cryptsource = getenv("CRYPTTAB_SOURCE");
420
const char *crypttarget = getenv("CRYPTTAB_NAME");
421
/* Before cryptsetup 1.1.0~rc2 */
422
if(cryptsource == NULL){
423
cryptsource = getenv("cryptsource");
425
if(crypttarget == NULL){
426
crypttarget = getenv("crypttarget");
428
const char *const prompt1 = "Unlocking the disk";
429
const char *const prompt2 = "Enter passphrase";
265
430
if(cryptsource == NULL){
266
431
if(crypttarget == NULL){
267
fprintf(stderr, "%s: ", prompt);
432
fprintf(stderr, "%s to unlock the disk: ", prompt2);
269
fprintf(stderr, "%s (%s): ", prompt, crypttarget);
434
fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,
272
438
if(crypttarget == NULL){
273
fprintf(stderr, "%s %s: ", prompt, cryptsource);
439
fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,
275
fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,
442
fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,
443
crypttarget, prompt2);
280
ret = getline(&buffer, &n, stdin);
447
sret = getline(&buffer, &n, stdin);
282
449
status = EXIT_SUCCESS;
283
450
/* Make n = data size instead of allocated buffer size */
285
452
/* Strip final newline */
286
453
if(n > 0 and buffer[n-1] == '\n'){
287
454
buffer[n-1] = '\0'; /* not strictly necessary */