/mandos/trunk : revision 541

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (535.1.9 wireless-network-hook)
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
bad-ca.pem

bad-cert.pem

bad-client-cert.pem

bad-client-key.pem

bad-crl.pem

bad-key.pem

ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

clients.conf

crl.pem

key.pem

server.cpp

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* getline(), asprintf() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO, readlink() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t,

ssize_t, open() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), fputc(), vfprintf(),

vasprintf() */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp, strerror()

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_KEY_ARG, ARGP_KEY_END,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

#include <stdarg.h> /* va_list, va_start(), ... */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Needed for conflict resolution */

const char plymouth_name[] = "plymouthd";

__attribute__((format (gnu_printf, 2, 3), nonnull(1)))

int fprintf_plus(FILE *stream, const char *format, ...){

va_list ap;

va_start (ap, format);

TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",

program_invocation_short_name));

return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if (ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": %s\n", strerror(errnum));

100

error(status, errno, "vasprintf while printing error");

101

return;

102

}

103

fprintf(stderr, "Mandos plugin ");

104

error(status, errnum, "%s", text);

105

free(text);

106

}

107

108

static void termination_handler(int signum){

109

if(quit_now){

110

return;

111

}

112

quit_now = 1;

113

signal_received = signum;

114

}

115

116

bool conflict_detection(void){

117

118

/* plymouth conflicts with password-prompt since both want to read

119

from the terminal. Password-prompt will exit if it detects

120

plymouth since plymouth performs the same functionality.

121

122

__attribute__((nonnull))

123

int is_plymouth(const struct dirent *proc_entry){

124

int ret;

125

int cl_fd;

126

{

127

uintmax_t proc_id;

128

char *tmp;

129

errno = 0;

130

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

131

132

if(errno != 0 or *tmp != '\0'

133

or proc_id != (uintmax_t)((pid_t)proc_id)){

134

return 0;

135

}

136

}

137

138

char *cmdline_filename;

139

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

140

proc_entry->d_name);

141

if(ret == -1){

142

error_plus(0, errno, "asprintf");

143

return 0;

144

}

145

146

/* Open /proc/<pid>/cmdline */

147

cl_fd = open(cmdline_filename, O_RDONLY);

148

free(cmdline_filename);

149

if(cl_fd == -1){

150

if(errno != ENOENT){

151

error_plus(0, errno, "open");

152

}

153

return 0;

154

}

155

156

char *cmdline = NULL;

157

{

158

size_t cmdline_len = 0;

159

size_t cmdline_allocated = 0;

160

char *tmp;

161

const size_t blocksize = 1024;

162

ssize_t sret;

163

do {

164

/* Allocate more space? */

165

if(cmdline_len + blocksize + 1 > cmdline_allocated){

166

tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);

167

if(tmp == NULL){

168

error_plus(0, errno, "realloc");

169

free(cmdline);

170

close(cl_fd);

171

return 0;

172

}

173

cmdline = tmp;

174

cmdline_allocated += blocksize;

175

}

176

177

/* Read data */

178

sret = read(cl_fd, cmdline + cmdline_len,

179

cmdline_allocated - cmdline_len);

180

if(sret == -1){

181

error_plus(0, errno, "read");

182

free(cmdline);

183

close(cl_fd);

184

return 0;

185

}

186

cmdline_len += (size_t)sret;

187

} while(sret != 0);

188

ret = close(cl_fd);

189

if(ret == -1){

190

error_plus(0, errno, "close");

191

free(cmdline);

192

return 0;

193

}

194

cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */

195

}

196

/* we now have cmdline */

197

198

/* get basename */

199

char *cmdline_base = strrchr(cmdline, '/');

200

if(cmdline_base != NULL){

201

cmdline_base += 1; /* skip the slash */

202

} else {

203

cmdline_base = cmdline;

204

}

205

206

if(strcmp(cmdline_base, plymouth_name) != 0){

207

if(debug){

208

fprintf(stderr, "\"%s\" is not \"%s\"\n", cmdline_base,

209

plymouth_name);

210

}

211

free(cmdline);

212

return 0;

213

}

214

if(debug){

215

fprintf(stderr, "\"%s\" equals \"%s\"\n", cmdline_base,

216

plymouth_name);

217

}

218

free(cmdline);

219

return 1;

220

}

221

222

struct dirent **direntries = NULL;

223

int ret;

224

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

225

if (ret == -1){

226

error_plus(1, errno, "scandir");

227

}

228

free(direntries);

229

return ret > 0;

230

}

231

232

233

int main(int argc, char **argv){

234

ssize_t sret;

235

int ret;

236

size_t n;

237

struct termios t_new, t_old;

238

char *buffer = NULL;

239

char *prefix = NULL;

240

int status = EXIT_SUCCESS;

241

struct sigaction old_action,

242

new_action = { .sa_handler = termination_handler,

243

.sa_flags = 0 };

244

{

245

struct argp_option options[] = {

246

{ .name = "prefix", .key = 'p',

247

.arg = "PREFIX", .flags = 0,

248

.doc = "Prefix shown before the prompt", .group = 2 },

249

{ .name = "debug", .key = 128,

250

.doc = "Debug mode", .group = 3 },

251

252

* These reproduce what we would get without ARGP_NO_HELP

253

254

{ .name = "help", .key = '?',

255

.doc = "Give this help list", .group = -1 },

256

{ .name = "usage", .key = -3,

257

.doc = "Give a short usage message", .group = -1 },

258

{ .name = "version", .key = 'V',

259

.doc = "Print program version", .group = -1 },

260

{ .name = NULL }

261

};

262

263

__attribute__((nonnull(3)))

264

error_t parse_opt (int key, char *arg, struct argp_state *state){

265

errno = 0;

266

switch (key){

267

case 'p':

268

prefix = arg;

269

break;

270

case 128:

271

debug = true;

272

break;

273

274

* These reproduce what we would get without ARGP_NO_HELP

275

276

case '?': /* --help */

277

argp_state_help(state, state->out_stream,

278

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

279

& ~(unsigned int)ARGP_HELP_EXIT_OK);

280

case -3: /* --usage */

281

argp_state_help(state, state->out_stream,

282

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

283

case 'V': /* --version */

284

fprintf(state->out_stream, "%s\n", argp_program_version);

285

exit(argp_err_exit_status);

286

break;

287

default:

288

return ARGP_ERR_UNKNOWN;

289

}

290

return errno;

291

}

292

293

struct argp argp = { .options = options, .parser = parse_opt,

294

.args_doc = "",

295

.doc = "Mandos password-prompt -- Read and"

296

" output a password" };

297

ret = argp_parse(&argp, argc, argv,

298

ARGP_IN_ORDER | ARGP_NO_HELP, NULL, NULL);

299

switch(ret){

300

case 0:

301

break;

302

case ENOMEM:

303

default:

304

errno = ret;

305

error_plus(0, errno, "argp_parse");

306

return EX_OSERR;

307

case EINVAL:

308

return EX_USAGE;

309

}

310

}

311

312

if(debug){

313

fprintf(stderr, "Starting %s\n", argv[0]);

314

}

315

316

if (conflict_detection()){

317

if(debug){

318

fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);

319

}

320

return EXIT_FAILURE;

321

}

322

323

if(debug){

324

fprintf(stderr, "Storing current terminal attributes\n");

325

}

326

327

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

328

int e = errno;

329

error_plus(0, errno, "tcgetattr");

330

switch(e){

331

case EBADF:

332

case ENOTTY:

333

return EX_UNAVAILABLE;

334

default:

335

return EX_OSERR;

336

}

337

}

338

339

sigemptyset(&new_action.sa_mask);

340

ret = sigaddset(&new_action.sa_mask, SIGINT);

341

if(ret == -1){

342

error_plus(0, errno, "sigaddset");

343

return EX_OSERR;

344

}

345

ret = sigaddset(&new_action.sa_mask, SIGHUP);

346

if(ret == -1){

347

error_plus(0, errno, "sigaddset");

348

return EX_OSERR;

349

}

350

ret = sigaddset(&new_action.sa_mask, SIGTERM);

351

if(ret == -1){

352

error_plus(0, errno, "sigaddset");

353

return EX_OSERR;

354

}

355

/* Need to check if the handler is SIG_IGN before handling:

356

| [[info:libc:Initial Signal Actions]] |

357

| [[info:libc:Basic Signal Handling]] |

358

359

ret = sigaction(SIGINT, NULL, &old_action);

360

if(ret == -1){

361

error_plus(0, errno, "sigaction");

362

return EX_OSERR;

363

}

364

if(old_action.sa_handler != SIG_IGN){

365

ret = sigaction(SIGINT, &new_action, NULL);

366

if(ret == -1){

367

error_plus(0, errno, "sigaction");

368

return EX_OSERR;

369

}

370

}

371

ret = sigaction(SIGHUP, NULL, &old_action);

372

if(ret == -1){

373

error_plus(0, errno, "sigaction");

374

return EX_OSERR;

375

}

376

if(old_action.sa_handler != SIG_IGN){

377

ret = sigaction(SIGHUP, &new_action, NULL);

378

if(ret == -1){

379

error_plus(0, errno, "sigaction");

380

return EX_OSERR;

381

}

382

}

383

ret = sigaction(SIGTERM, NULL, &old_action);

384

if(ret == -1){

385

error_plus(0, errno, "sigaction");

386

return EX_OSERR;

387

}

388

if(old_action.sa_handler != SIG_IGN){

389

ret = sigaction(SIGTERM, &new_action, NULL);

390

if(ret == -1){

391

error_plus(0, errno, "sigaction");

392

return EX_OSERR;

393

}

394

}

395

396

397

if(debug){

398

fprintf(stderr, "Removing echo flag from terminal attributes\n");

399

}

400

401

t_new = t_old;

402

t_new.c_lflag &= ~(tcflag_t)ECHO;

403

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

404

int e = errno;

405

error_plus(0, errno, "tcsetattr-echo");

406

switch(e){

407

case EBADF:

408

case ENOTTY:

409

return EX_UNAVAILABLE;

410

case EINVAL:

411

default:

412

return EX_OSERR;

413

}

414

}

415

416

if(debug){

417

fprintf(stderr, "Waiting for input from stdin \n");

418

}

419

while(true){

420

if(quit_now){

421

if(debug){

422

fprintf(stderr, "Interrupted by signal, exiting.\n");

423

}

424

status = EXIT_FAILURE;

425

break;

426

}

427

428

if(prefix){

429

fprintf(stderr, "%s ", prefix);

430

}

431

{

432

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

433

const char *crypttarget = getenv("CRYPTTAB_NAME");

434

/* Before cryptsetup 1.1.0~rc2 */

435

if(cryptsource == NULL){

436

cryptsource = getenv("cryptsource");

437

}

438

if(crypttarget == NULL){

439

crypttarget = getenv("crypttarget");

440

}

441

const char *const prompt1 = "Unlocking the disk";

442

const char *const prompt2 = "Enter passphrase";

443

if(cryptsource == NULL){

444

if(crypttarget == NULL){

445

fprintf(stderr, "%s to unlock the disk: ", prompt2);

446

} else {

447

fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,

448

prompt2);

449

}

450

} else {

451

if(crypttarget == NULL){

452

fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,

453

prompt2);

454

} else {

455

fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,

456

crypttarget, prompt2);

457

}

458

}

459

}

460

sret = getline(&buffer, &n, stdin);

461

if(sret > 0){

462

status = EXIT_SUCCESS;

463

/* Make n = data size instead of allocated buffer size */

464

n = (size_t)sret;

465

/* Strip final newline */

466

if(n > 0 and buffer[n-1] == '\n'){

467

buffer[n-1] = '\0'; /* not strictly necessary */

468

n--;

469

}

470

size_t written = 0;

471

while(written < n){

472

sret = write(STDOUT_FILENO, buffer + written, n - written);

473

if(sret < 0){

474

int e = errno;

475

error_plus(0, errno, "write");

476

switch(e){

477

case EBADF:

478

case EFAULT:

479

case EINVAL:

480

case EFBIG:

481

case EIO:

482

case ENOSPC:

483

default:

484

status = EX_IOERR;

485

break;

486

case EINTR:

487

status = EXIT_FAILURE;

488

break;

489

}

490

break;

491

}

492

written += (size_t)sret;

493

}

494

sret = close(STDOUT_FILENO);

495

if(sret == -1){

496

int e = errno;

497

error_plus(0, errno, "close");

498

switch(e){

499

case EBADF:

500

status = EX_OSFILE;

501

break;

502

case EIO:

503

default:

504

status = EX_IOERR;

505

break;

506

}

507

}

508

break;

509

}

510

if(sret < 0){

511

int e = errno;

512

if(errno != EINTR and not feof(stdin)){

513

error_plus(0, errno, "getline");

514

switch(e){

515

case EBADF:

516

status = EX_UNAVAILABLE;

517

break;

518

case EIO:

519

case EINVAL:

520

default:

521

status = EX_IOERR;

522

break;

523

}

524

break;

525

}

526

}

527

/* if(sret == 0), then the only sensible thing to do is to retry

528

to read from stdin */

529

fputc('\n', stderr);

530

if(debug and not quit_now){

531

/* If quit_now is nonzero, we were interrupted by a signal, and

532

will print that later, so no need to show this too. */

533

fprintf(stderr, "getline() returned 0, retrying.\n");

534

}

535

}

536

537

free(buffer);

538

539

if(debug){

540

fprintf(stderr, "Restoring terminal attributes\n");

541

}

542

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

543

error_plus(0, errno, "tcsetattr+echo");

544

}

545

546

if(quit_now){

547

sigemptyset(&old_action.sa_mask);

548

old_action.sa_handler = SIG_DFL;

549

ret = sigaction(signal_received, &old_action, NULL);

550

if(ret == -1){

551

error_plus(0, errno, "sigaction");

552

}

553

raise(signal_received);

554

}

555

556

if(debug){

557

fprintf(stderr, "%s is exiting with status %d\n", argv[0],

558

status);

559

}

560

if(status == EXIT_SUCCESS or status == EX_OK){

561

fputc('\n', stderr);

562

}

563

564

return status;

565

}

Older »