/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
bugs.xml

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

/* -*- coding: utf-8 -*- */

* Plymouth - Read a password from Plymouth and output it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

#include <stdbool.h> /* bool, false, true */

#include <fcntl.h> /* open(), O_RDONLY */

#include <iso646.h> /* and, or, not*/

#include <sys/types.h> /* size_t, ssize_t, pid_t, struct dirent,

waitpid() */

#include <sys/types.h> /* size_t, ssize_t, pid_t, struct

dirent, waitpid() */

#include <sys/wait.h> /* waitpid() */

#include <stddef.h> /* NULL */

#include <string.h> /* strchr(), memcmp() */

#include <stdio.h> /* asprintf(), perror(), fopen(), fscanf() */

#include <unistd.h> /* close(), readlink(), read(), fork()

setsid(), chdir(), dup2()

#include <stdio.h> /* asprintf(), perror(), fopen(),

fscanf(), vasprintf(), fprintf(),

vfprintf() */

#include <unistd.h> /* close(), readlink(), read(),

fork(), setsid(), chdir(), dup2(),

STDERR_FILENO, execv(), access() */

#include <stdlib.h> /* free(), EXIT_FAILURE, realloc(),

EXIT_SUCCESS, malloc(), _exit(),

#include <dirent.h> /* scandir(), alphasort() */

#include <inttypes.h> /* intmax_t, strtoumax(), SCNuMAX */

#include <sys/stat.h> /* struct stat, lstat() */

#include <sysexits.h> /* EX_OSERR */

#include <sysexits.h> /* EX_OSERR, EX_UNAVAILABLE */

#include <error.h> /* error() */

#include <errno.h> /* TEMP_FAILURE_RETRY */

#include <stdarg.h>

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

const char plymouth_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

const char *plymouthd_default_argv[] = {"/sbin/plymouthd", "--mode=boot",

const char *plymouthd_default_argv[] = {"/sbin/plymouthd",

"--mode=boot",

"--attach-to-session",

"--pid-file=/dev/.initramfs/plymouth.pid",

NULL };

static void termination_handler(__attribute__((unused))int signum){

interrupted_by_signal = 1;

}

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

100

error(status, errnum, "%s", text);

101

free(text);

102

}

103

104

/* Create prompt string */

105

char *makeprompt(void){

106

int ret = 0;

107

char *prompt;

108

const char *const cryptsource = getenv("cryptsource");

109

const char *const crypttarget = getenv("crypttarget");

const char prompt_start[] = "Enter passphrase to unlock the disk";

110

const char prompt_start[] = "Unlocking the disk";

111

const char prompt_end[] = "Enter passphrase";

112

113

if(cryptsource == NULL){

114

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s: ", prompt_start);

115

ret = asprintf(&prompt, "%s\n%s", prompt_start, prompt_end);

116

} else {

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

crypttarget);

117

ret = asprintf(&prompt, "%s (%s)\n%s", prompt_start,

118

crypttarget, prompt_end);

119

}

120

} else {

121

if(crypttarget == NULL){

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

122

ret = asprintf(&prompt, "%s %s\n%s", prompt_start, cryptsource,

123

prompt_end);

124

} else {

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

cryptsource, crypttarget);

125

ret = asprintf(&prompt, "%s %s (%s)\n%s", prompt_start,

126

cryptsource, crypttarget, prompt_end);

127

}

128

}

129

if(ret == -1){

140

bool become_a_daemon(void){

141

int ret = setuid(geteuid());

142

if(ret == -1){

error(0, errno, "setuid");

143

error_plus(0, errno, "setuid");

144

}

145

146

setsid();

147

ret = chdir("/");

148

if(ret == -1){

error(0, errno, "chdir");

149

error_plus(0, errno, "chdir");

150

return false;

151

}

152

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

153

if(ret == -1){

error(0, errno, "dup2");

154

error_plus(0, errno, "dup2");

155

return false;

156

}

157

return true;

158

}

159

160

__attribute__((nonnull (2, 3)))

161

bool exec_and_wait(pid_t *pid_return, const char *path,

100

const char **argv, bool interruptable,

162

const char * const *argv, bool interruptable,

101

163

bool daemonize){

102

164

int status;

103

165

int ret;

104

166

pid_t pid;

105

167

pid = fork();

106

168

if(pid == -1){

107

error(0, errno, "fork");

169

error_plus(0, errno, "fork");

108

170

return false;

109

171

}

110

172

if(pid == 0){

114

176

_exit(EX_OSERR);

115

177

}

116

178

}

117

118

char **new_argv = NULL;

119

char *tmp;

179

180

char **new_argv = malloc(sizeof(const char *));

181

if(new_argv == NULL){

182

error_plus(0, errno, "malloc");

183

_exit(EX_OSERR);

184

}

185

char **tmp;

120

186

int i = 0;

121

for (; argv[i]!=(char *)NULL; i++){

122

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

123

if (tmp == NULL){

124

error(0, errno, "realloc");

187

for (; argv[i] != NULL; i++){

188

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

189

if(tmp == NULL){

190

error_plus(0, errno, "realloc");

125

191

free(new_argv);

126

_exit(EXIT_FAILURE);

192

_exit(EX_OSERR);

127

193

}

128

new_argv = (char **)tmp;

194

new_argv = tmp;

129

195

new_argv[i] = strdup(argv[i]);

130

196

}

131

new_argv[i] = (char *) NULL;

197

new_argv[i] = NULL;

132

198

133

199

execv(path, (char *const *)new_argv);

134

error(0, errno, "execv");

200

error_plus(0, errno, "execv");

135

201

_exit(EXIT_FAILURE);

136

202

}

137

203

if(pid_return != NULL){

146

212

return false;

147

213

}

148

214

if(ret == -1){

149

error(0, errno, "waitpid");

215

error_plus(0, errno, "waitpid");

150

216

return false;

151

217

}

152

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

218

if(WIFEXITED(status) and (WEXITSTATUS(status) == 0)){

153

219

return true;

154

220

}

155

221

return false;

156

222

}

157

223

224

__attribute__((nonnull))

158

225

int is_plymouth(const struct dirent *proc_entry){

159

226

int ret;

160

227

{

161

uintmax_t maxvalue;

228

uintmax_t proc_id;

162

229

char *tmp;

163

230

errno = 0;

164

maxvalue = strtoumax(proc_entry->d_name, &tmp, 10);

231

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

165

232

166

if(errno != 0 or *tmp != '\0' or maxvalue != (uintmax_t)((pid_t)maxvalue)){

233

if(errno != 0 or *tmp != '\0'

234

or proc_id != (uintmax_t)((pid_t)proc_id)){

167

235

return 0;

168

236

}

169

237

}

170

char exe_target[sizeof(plymouth_path)];

238

char exe_target[sizeof(plymouthd_path)];

171

239

char *exe_link;

172

240

ret = asprintf(&exe_link, "/proc/%s/exe", proc_entry->d_name);

173

241

if(ret == -1){

174

error(0, errno, "asprintf");

242

error_plus(0, errno, "asprintf");

175

243

return 0;

176

244

}

177

245

178

246

struct stat exe_stat;

179

247

ret = lstat(exe_link, &exe_stat);

180

248

if(ret == -1){

181

249

free(exe_link);

182

250

if(errno != ENOENT){

183

error(0, errno, "lstat");

251

error_plus(0, errno, "lstat");

184

252

}

185

253

return 0;

186

254

}

191

259

free(exe_link);

192

260

return 0;

193

261

}

194

262

195

263

ssize_t sret = readlink(exe_link, exe_target, sizeof(exe_target));

196

264

free(exe_link);

197

if((sret != (ssize_t)sizeof(plymouth_path)-1) or

198

(memcmp(plymouth_path, exe_target,

199

sizeof(plymouth_path)-1) != 0)){

265

if((sret != (ssize_t)sizeof(plymouthd_path)-1) or

266

(memcmp(plymouthd_path, exe_target,

267

sizeof(plymouthd_path)-1) != 0)){

200

268

return 0;

201

269

}

202

270

return 1;

204

272

205

273

pid_t get_pid(void){

206

274

int ret;

275

uintmax_t proc_id = 0;

207

276

FILE *pidfile = fopen(plymouth_pid, "r");

208

uintmax_t maxvalue = 0;

277

/* Try the new pid file location */

209

278

if(pidfile != NULL){

210

ret = fscanf(pidfile, "%" SCNuMAX, &maxvalue);

279

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

211

280

if(ret != 1){

212

maxvalue = 0;

281

proc_id = 0;

213

282

}

214

283

fclose(pidfile);

215

284

}

216

if(maxvalue == 0){

217

struct dirent **direntries;

285

/* Try the old pid file location */

286

if(proc_id == 0){

287

pidfile = fopen(plymouth_old_pid, "r");

288

if(pidfile != NULL){

289

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

290

if(ret != 1){

291

proc_id = 0;

292

}

293

fclose(pidfile);

294

}

295

}

296

/* Try the old old pid file location */

297

if(proc_id == 0){

298

pidfile = fopen(plymouth_old_old_pid, "r");

299

if(pidfile != NULL){

300

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

301

if(ret != 1){

302

proc_id = 0;

303

}

304

fclose(pidfile);

305

}

306

}

307

/* Look for a plymouth process */

308

if(proc_id == 0){

309

struct dirent **direntries = NULL;

218

310

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

219

sscanf(direntries[0]->d_name, "%" SCNuMAX, &maxvalue);

311

if(ret == -1){

312

error_plus(0, errno, "scandir");

313

}

314

if(ret > 0){

315

for(int i = ret-1; i >= 0; i--){

316

if(proc_id == 0){

317

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

318

if(ret < 0){

319

error_plus(0, errno, "sscanf");

320

}

321

}

322

free(direntries[i]);

323

}

324

}

325

/* scandir might preallocate for this variable (man page unclear).

326

even if ret == 0, therefore we need to free it. */

327

free(direntries);

220

328

}

221

329

pid_t pid;

222

pid = (pid_t)maxvalue;

223

if((uintmax_t)pid == maxvalue){

330

pid = (pid_t)proc_id;

331

if((uintmax_t)pid == proc_id){

224

332

return pid;

225

333

}

226

334

227

335

return 0;

228

336

}

229

337

230

const char **getargv(pid_t pid){

338

char **getargv(pid_t pid){

231

339

int cl_fd;

232

340

char *cmdline_filename;

233

341

ssize_t sret;

236

344

ret = asprintf(&cmdline_filename, "/proc/%" PRIuMAX "/cmdline",

237

345

(uintmax_t)pid);

238

346

if(ret == -1){

239

error(0, errno, "asprintf");

347

error_plus(0, errno, "asprintf");

240

348

return NULL;

241

349

}

242

350

244

352

cl_fd = open(cmdline_filename, O_RDONLY);

245

353

free(cmdline_filename);

246

354

if(cl_fd == -1){

247

error(0, errno, "open");

355

error_plus(0, errno, "open");

248

356

return NULL;

249

357

}

250

358

258

366

if(cmdline_len + blocksize > cmdline_allocated){

259

367

tmp = realloc(cmdline, cmdline_allocated + blocksize);

260

368

if(tmp == NULL){

261

error(0, errno, "realloc");

369

error_plus(0, errno, "realloc");

262

370

free(cmdline);

263

371

close(cl_fd);

264

372

return NULL;

271

379

sret = read(cl_fd, cmdline + cmdline_len,

272

380

cmdline_allocated - cmdline_len);

273

381

if(sret == -1){

274

error(0, errno, "read");

382

error_plus(0, errno, "read");

275

383

free(cmdline);

276

384

close(cl_fd);

277

385

return NULL;

280

388

} while(sret != 0);

281

389

ret = close(cl_fd);

282

390

if(ret == -1){

283

error(0, errno, "close");

391

error_plus(0, errno, "close");

284

392

free(cmdline);

285

393

return NULL;

286

394

}

287

395

288

396

/* we got cmdline and cmdline_len, ignore rest... */

289

const char **argv = NULL;

290

size_t argv_size = 0;

291

for(char *arg = cmdline; arg-cmdline < (ssize_t)cmdline_len;

292

arg = strchr(arg, '\0')+1){

293

tmp = realloc(argv, ((++argv_size)+1)*sizeof(char *));

294

if(tmp == NULL){

295

error(0, errno, "realloc");

296

free(argv);

297

return NULL;

298

}

299

argv = (const char **)tmp;

300

argv[argv_size-1] = arg;

397

char **argv = malloc((argz_count(cmdline, cmdline_len) + 1)

398

* sizeof(char *)); /* Get number of args */

399

if(argv == NULL){

400

error_plus(0, errno, "argv = malloc()");

401

free(cmdline);

402

return NULL;

301

403

}

302

argv[argv_size] = NULL;

404

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

303

405

return argv;

304

406

}

305

407

314

416

/* test -x /bin/plymouth */

315

417

ret = access(plymouth_path, X_OK);

316

418

if(ret == -1){

317

exit(EXIT_FAILURE);

419

/* Plymouth is probably not installed. Don't print an error

420

message, just exit. */

421

exit(EX_UNAVAILABLE);

318

422

}

319

423

320

424

{ /* Add signal handlers */

321

425

struct sigaction old_action,

322

426

new_action = { .sa_handler = termination_handler,

323

427

.sa_flags = 0 };

324

428

sigemptyset(&new_action.sa_mask);

325

for(int *sig = (int[]){ SIGINT, SIGHUP, SIGTERM, 0 }; *sig != 0; sig++){

429

for(int *sig = (int[]){ SIGINT, SIGHUP, SIGTERM, 0 };

430

*sig != 0; sig++){

326

431

ret = sigaddset(&new_action.sa_mask, *sig);

327

432

if(ret == -1){

328

error(0, errno, "sigaddset");

329

exit(EX_OSERR);

433

error_plus(EX_OSERR, errno, "sigaddset");

330

434

}

331

435

ret = sigaction(*sig, NULL, &old_action);

332

436

if(ret == -1){

333

error(0, errno, "sigaction");

334

exit(EX_OSERR);

437

error_plus(EX_OSERR, errno, "sigaction");

335

438

}

336

439

if(old_action.sa_handler != SIG_IGN){

337

440

ret = sigaction(*sig, &new_action, NULL);

338

441

if(ret == -1){

339

error(0, errno, "sigaction");

340

exit(EX_OSERR);

442

error_plus(EX_OSERR, errno, "sigaction");

341

443

}

342

444

}

343

445

}

344

446

}

345

447

346

448

/* plymouth --ping */

347

449

bret = exec_and_wait(&plymouth_command_pid, plymouth_path,

348

(const char *[]){ (const char *)plymouth_path, (const char *)"--ping", (const char *)NULL},

450

(const char *[])

451

{ plymouth_path, "--ping", NULL },

349

452

true, false);

350

453

if(not bret){

351

454

if(interrupted_by_signal){

352

455

kill_and_wait(plymouth_command_pid);

456

exit(EXIT_FAILURE);

353

457

}

354

exit(EXIT_FAILURE);

458

/* Plymouth is probably not running. Don't print an error

459

message, just exit. */

460

exit(EX_UNAVAILABLE);

355

461

}

356

462

357

463

prompt = makeprompt();

358

464

ret = asprintf(&prompt_arg, "--prompt=%s", prompt);

359

465

free(prompt);

360

466

if(ret == -1){

361

error(0, errno, "asprintf");

362

exit(EXIT_FAILURE);

467

error_plus(EX_OSERR, errno, "asprintf");

363

468

}

364

469

365

470

/* plymouth ask-for-password --prompt="$prompt" */

366

bret = exec_and_wait(&plymouth_command_pid, plymouth_path,

367

(const char *[]){plymouth_path, "ask-for-password", prompt_arg, NULL},

471

bret = exec_and_wait(&plymouth_command_pid,

472

plymouth_path, (const char *[])

473

{ plymouth_path, "ask-for-password",

474

prompt_arg, NULL },

368

475

true, false);

369

476

free(prompt_arg);

370

if(not bret){

371

if(interrupted_by_signal){

372

kill_and_wait(plymouth_command_pid);

373

} else {

374

exit(EXIT_FAILURE);

375

}

376

}

377

378

477

if(bret){

379

478

exit(EXIT_SUCCESS);

380

479

}

480

if(not interrupted_by_signal){

481

/* exec_and_wait failed for some other reason */

482

exit(EXIT_FAILURE);

483

}

484

kill_and_wait(plymouth_command_pid);

381

485

382

const char **plymouthd_argv = NULL;

486

char **plymouthd_argv = NULL;

383

487

pid_t pid = get_pid();

384

488

if(pid == 0){

385

error(0, 0, "plymouthd pid not found");

489

error_plus(0, 0, "plymouthd pid not found");

386

490

} else {

387

491

plymouthd_argv = getargv(pid);

388

492

}

389

if(plymouthd_argv == NULL){

390

plymouthd_argv = plymouthd_default_argv;

391

}

392

493

393

bret = exec_and_wait(NULL, plymouth_path,

394

(const char *[]){plymouth_path, "quit", NULL}, false, false);

395

if(not bret){

396

exit(EXIT_FAILURE);

397

}

398

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv, false, true);

399

if(not bret){

400

exit(EXIT_FAILURE);

401

}

402

exec_and_wait(NULL, plymouth_path,

403

(const char *[]){ plymouth_path, "show-splash", NULL }, false, false);

494

bret = exec_and_wait(NULL, plymouth_path, (const char *[])

495

{ plymouth_path, "quit", NULL },

496

false, false);

497

if(not bret){

498

if(plymouthd_argv != NULL){

499

free(*plymouthd_argv);

500

free(plymouthd_argv);

501

}

502

exit(EXIT_FAILURE);

503

}

504

bret = exec_and_wait(NULL, plymouthd_path,

505

(plymouthd_argv != NULL)

506

? (const char * const *)plymouthd_argv

507

: plymouthd_default_argv,

508

false, true);

509

if(plymouthd_argv != NULL){

510

free(*plymouthd_argv);

511

free(plymouthd_argv);

512

}

513

if(not bret){

514

exit(EXIT_FAILURE);

515

}

516

exec_and_wait(NULL, plymouth_path, (const char *[])

517

{ plymouth_path, "show-splash", NULL },

518

false, false);

404

519

exit(EXIT_FAILURE);

405

520

}

Older »