/mandos/trunk : revision 541

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (535.1.9 wireless-network-hook)
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

mandos-to-cryptroot-unlock

mandos.service

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

* Password-prompt - Read a password from the terminal and print it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* vasprintf(),

program_invocation_short_name,

asprintf(), getline() */

#include <sys/types.h> /* sig_atomic_t, pid_t */

#define _GNU_SOURCE /* getline(), asprintf() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t,

ssize_t, open() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc(), vfprintf(),

vasprintf() */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <argp.h> /* argp_program_version,

argp_program_bug_address,

struct argp_option,

struct argp_state, argp_state_help,

ARGP_HELP_STD_HELP,

ARGP_HELP_EXIT_ERR,

ARGP_HELP_EXIT_OK, ARGP_HELP_USAGE,

argp_err_exit_status,

ARGP_ERR_UNKNOWN, argp_parse(),

ARGP_IN_ORDER, ARGP_NO_HELP */

#include <stdarg.h> /* va_list, va_start(), vfprintf() */

#include <stdio.h> /* vasprintf(), fprintf(), stderr,

vfprintf(), asprintf(), getline(),

stdin, feof(), clearerr(),

fputc() */

#include <errno.h> /* program_invocation_short_name,

errno, ENOENT, error_t, ENOMEM,

EINVAL, EBADF, ENOTTY, EFAULT,

EFBIG, EIO, ENOSPC, EINTR */

#include <string.h> /* strerror(), strrchr(), strcmp() */

#include <error.h> /* error() */

#include <stdlib.h> /* free(), realloc(), EXIT_SUCCESS,

EXIT_FAILURE, getenv() */

#include <unistd.h> /* access(), R_OK, ssize_t, close(),

read(), STDIN_FILENO, write(),

STDOUT_FILENO */

#include <dirent.h> /* struct dirent, scandir(),

alphasort() */

#include <inttypes.h> /* uintmax_t, strtoumax() */

#include <iso646.h> /* or, and, not */

#include <fcntl.h> /* open(), O_RDONLY */

#include <stddef.h> /* NULL, size_t */

#include <termios.h> /* struct termios, tcgetattr(),

tcflag_t, ECHO, tcsetattr(),

TCSAFLUSH */

#include <signal.h> /* struct sigaction, sigemptyset(),

sigaddset(), SIGINT, SIGHUP,

SIGTERM, SIG_IGN, SIG_DFL,

raise() */

#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,

EX_IOERR, EX_OSFILE, EX_OK */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp, strerror()

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

#include <stdarg.h> /* va_list, va_start(), ... */

volatile sig_atomic_t quit_now = 0;

int signal_received;

/* Needed for conflict resolution */

const char plymouth_name[] = "plymouthd";

__attribute__((format (gnu_printf, 2, 3), nonnull(1)))

int fprintf_plus(FILE *stream, const char *format, ...){

va_list ap;

va_start (ap, format);

TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",

program_invocation_short_name));

return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

if (ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

116

119

from the terminal. Password-prompt will exit if it detects

117

120

plymouth since plymouth performs the same functionality.

118

121

119

if(access("/run/plymouth/pid", R_OK) == 0){

120

return true;

121

}

122

123

122

__attribute__((nonnull))

124

123

int is_plymouth(const struct dirent *proc_entry){

125

124

int ret;

223

222

struct dirent **direntries = NULL;

224

223

int ret;

225

224

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

226

if(ret == -1){

225

if (ret == -1){

227

226

error_plus(1, errno, "scandir");

228

227

}

229

{

230

int i = ret;

231

while(i--){

232

free(direntries[i]);

233

}

234

}

235

228

free(direntries);

236

229

return ret > 0;

237

230

}

244

237

struct termios t_new, t_old;

245

238

char *buffer = NULL;

246

239

char *prefix = NULL;

247

char *prompt = NULL;

248

240

int status = EXIT_SUCCESS;

249

241

struct sigaction old_action,

250

242

new_action = { .sa_handler = termination_handler,

254

246

{ .name = "prefix", .key = 'p',

255

247

.arg = "PREFIX", .flags = 0,

256

248

.doc = "Prefix shown before the prompt", .group = 2 },

257

{ .name = "prompt", .key = 129,

258

.arg = "PROMPT", .flags = 0,

259

.doc = "The prompt to show", .group = 2 },

260

249

{ .name = "debug", .key = 128,

261

250

.doc = "Debug mode", .group = 3 },

262

251

275

264

error_t parse_opt (int key, char *arg, struct argp_state *state){

276

265

errno = 0;

277

266

switch (key){

278

case 'p': /* --prefix */

267

case 'p':

279

268

prefix = arg;

280

269

break;

281

case 128: /* --debug */

270

case 128:

282

271

debug = true;

283

272

break;

284

case 129: /* --prompt */

285

prompt = arg;

286

break;

287

273

288

274

* These reproduce what we would get without ARGP_NO_HELP

289

275

291

277

argp_state_help(state, state->out_stream,

292

278

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

293

279

& ~(unsigned int)ARGP_HELP_EXIT_OK);

294

__builtin_unreachable();

295

280

case -3: /* --usage */

296

281

argp_state_help(state, state->out_stream,

297

282

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

298

__builtin_unreachable();

299

283

case 'V': /* --version */

300

284

fprintf(state->out_stream, "%s\n", argp_program_version);

301

285

exit(argp_err_exit_status);

329

313

fprintf(stderr, "Starting %s\n", argv[0]);

330

314

}

331

315

332

if(conflict_detection()){

316

if (conflict_detection()){

333

317

if(debug){

334

318

fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);

335

319

}

444

428

if(prefix){

445

429

fprintf(stderr, "%s ", prefix);

446

430

}

447

if(prompt != NULL){

448

fprintf(stderr, "%s: ", prompt);

449

} else {

431

{

450

432

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

451

433

const char *crypttarget = getenv("CRYPTTAB_NAME");

452

434

/* Before cryptsetup 1.1.0~rc2 */

527

509

}

528

510

if(sret < 0){

529

511

int e = errno;

530

if(errno != EINTR){

531

if(not feof(stdin)){

532

error_plus(0, errno, "getline");

533

switch(e){

534

case EBADF:

535

status = EX_UNAVAILABLE;

536

break;

537

case EIO:

538

case EINVAL:

539

default:

540

status = EX_IOERR;

541

break;

542

}

543

break;

544

} else {

545

clearerr(stdin);

512

if(errno != EINTR and not feof(stdin)){

513

error_plus(0, errno, "getline");

514

switch(e){

515

case EBADF:

516

status = EX_UNAVAILABLE;

517

break;

518

case EIO:

519

case EINVAL:

520

default:

521

status = EX_IOERR;

522

break;

546

523

}

524

break;

547

525

}

548

526

}

549

527

/* if(sret == 0), then the only sensible thing to do is to retry

Older »