/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/usplash.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/usplash.c

* Usplash - Read a password from usplash and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf() */

#define _GNU_SOURCE /* asprintf(), TEMP_FAILURE_RETRY() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction(),

#include <fcntl.h> /* open(), O_WRONLY, O_RDONLY */

#include <iso646.h> /* and, or, not*/

#include <errno.h> /* errno, EINTR */

#include <error.h>

#include <sys/types.h> /* size_t, ssize_t, pid_t, DIR, struct

dirent */

#include <stddef.h> /* NULL */

#include <string.h> /* strlen(), memcmp() */

#include <stdio.h> /* asprintf(), perror() */

#include <string.h> /* strlen(), memcmp(), strerror() */

#include <stdio.h> /* asprintf(), vasprintf(), vprintf(),

fprintf() */

#include <unistd.h> /* close(), write(), readlink(),

read(), STDOUT_FILENO, sleep(),

fork(), setuid(), geteuid(),

setsid(), chdir(), dup2(),

STDERR_FILENO, execv() */

#include <stdlib.h> /* free(), EXIT_FAILURE, realloc(),

EXIT_SUCCESS, malloc(), _exit() */

#include <stdlib.h> /* getenv() */

EXIT_SUCCESS, malloc(), _exit(),

getenv() */

#include <dirent.h> /* opendir(), readdir(), closedir() */

#include <inttypes.h> /* intmax_t, strtoimax() */

#include <sys/stat.h> /* struct stat, lstat(), S_ISLNK */

#include <sysexits.h> /* EX_OSERR, EX_UNAVAILABLE */

#include <argz.h> /* argz_count(), argz_extract() */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

static void termination_handler(__attribute__((unused))int signum){

int signal_received;

const char usplash_name[] = "/sbin/usplash";

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

error(status, errnum, "%s", text);

free(text);

}

static void termination_handler(int signum){

if(interrupted_by_signal){

return;

}

interrupted_by_signal = 1;

signal_received = signum;

}

static bool usplash_write(const char *cmd, const char *arg){

static bool usplash_write(int *fifo_fd_r,

const char *cmd, const char *arg){

* usplash_write("TIMEOUT", "15") will write "TIMEOUT 15\0"

* usplash_write("PULSATE", NULL) will write "PULSATE\0"

* usplash_write(&fd, "TIMEOUT", "15") will write "TIMEOUT 15\0"

* usplash_write(&fd, "PULSATE", NULL) will write "PULSATE\0"

* SEE ALSO

* usplash_write(8)

100

101

int ret;

int fifo_fd;

do {

fifo_fd = open("/dev/.initramfs/usplash_fifo", O_WRONLY);

if(fifo_fd == -1 and (errno != EINTR or interrupted_by_signal)){

102

if(*fifo_fd_r == -1){

103

ret = open("/dev/.initramfs/usplash_fifo", O_WRONLY);

104

if(ret == -1){

105

return false;

106

}

} while(fifo_fd == -1);

107

*fifo_fd_r = ret;

108

}

109

110

const char *cmd_line;

111

size_t cmd_line_len;

112

char *cmd_line_alloc = NULL;

113

if(arg == NULL){

114

cmd_line = cmd;

cmd_line_len = strlen(cmd);

115

cmd_line_len = strlen(cmd) + 1;

116

} else {

117

do {

118

ret = asprintf(&cmd_line_alloc, "%s %s", cmd, arg);

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

119

if(ret == -1){

120

int e = errno;

close(fifo_fd);

121

close(*fifo_fd_r);

122

errno = e;

123

return false;

124

}

129

130

size_t written = 0;

131

ssize_t sret = 0;

while(not interrupted_by_signal and written < cmd_line_len){

sret = write(fifo_fd, cmd_line + written,

132

while(written < cmd_line_len){

133

sret = write(*fifo_fd_r, cmd_line + written,

134

cmd_line_len - written);

135

if(sret == -1){

if(errno != EINTR or interrupted_by_signal){

100

int e = errno;

101

close(fifo_fd);

102

free(cmd_line_alloc);

103

errno = e;

104

return false;

105

} else {

106

continue;

107

}

136

int e = errno;

137

close(*fifo_fd_r);

138

free(cmd_line_alloc);

139

errno = e;

140

return false;

108

141

}

109

142

written += (size_t)sret;

110

143

}

111

144

free(cmd_line_alloc);

112

do {

113

ret = close(fifo_fd);

114

if(ret == -1 and (errno != EINTR or interrupted_by_signal)){

115

return false;

116

}

117

} while(ret == -1);

118

if(interrupted_by_signal){

119

return false;

120

}

145

121

146

return true;

122

147

}

123

148

149

/* Create prompt string */

150

char *makeprompt(void){

151

int ret = 0;

152

char *prompt;

153

const char *const cryptsource = getenv("cryptsource");

154

const char *const crypttarget = getenv("crypttarget");

155

const char prompt_start[] = "Enter passphrase to unlock the disk";

156

157

if(cryptsource == NULL){

158

if(crypttarget == NULL){

159

ret = asprintf(&prompt, "%s: ", prompt_start);

160

} else {

161

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

162

crypttarget);

163

}

164

} else {

165

if(crypttarget == NULL){

166

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

167

} else {

168

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

169

cryptsource, crypttarget);

170

}

171

}

172

if(ret == -1){

173

return NULL;

174

}

175

return prompt;

176

}

177

178

pid_t find_usplash(char **cmdline_r, size_t *cmdline_len_r){

179

int ret = 0;

180

ssize_t sret = 0;

181

char *cmdline = NULL;

182

size_t cmdline_len = 0;

183

DIR *proc_dir = opendir("/proc");

184

if(proc_dir == NULL){

185

error_plus(0, errno, "opendir");

186

return -1;

187

}

188

errno = 0;

189

for(struct dirent *proc_ent = readdir(proc_dir);

190

proc_ent != NULL;

191

proc_ent = readdir(proc_dir)){

192

pid_t pid;

193

{

194

intmax_t tmpmax;

195

char *tmp;

196

tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);

197

if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'

198

or tmpmax != (pid_t)tmpmax){

199

/* Not a process */

200

errno = 0;

201

continue;

202

}

203

pid = (pid_t)tmpmax;

204

}

205

/* Find the executable name by doing readlink() on the

206

/proc/<pid>/exe link */

207

char exe_target[sizeof(usplash_name)];

208

{

209

/* create file name string */

210

char *exe_link;

211

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

212

if(ret == -1){

213

error_plus(0, errno, "asprintf");

214

goto fail_find_usplash;

215

}

216

217

/* Check that it refers to a symlink owned by root:root */

218

struct stat exe_stat;

219

ret = lstat(exe_link, &exe_stat);

220

if(ret == -1){

221

if(errno == ENOENT){

222

free(exe_link);

223

continue;

224

}

225

error_plus(0, errno, "lstat");

226

free(exe_link);

227

goto fail_find_usplash;

228

}

229

if(not S_ISLNK(exe_stat.st_mode)

230

or exe_stat.st_uid != 0

231

or exe_stat.st_gid != 0){

232

free(exe_link);

233

continue;

234

}

235

236

sret = readlink(exe_link, exe_target, sizeof(exe_target));

237

free(exe_link);

238

}

239

/* Compare executable name */

240

if((sret != ((ssize_t)sizeof(exe_target)-1))

241

or (memcmp(usplash_name, exe_target,

242

sizeof(exe_target)-1) != 0)){

243

/* Not it */

244

continue;

245

}

246

/* Found usplash */

247

/* Read and save the command line of usplash in "cmdline" */

248

{

249

/* Open /proc/<pid>/cmdline */

250

int cl_fd;

251

{

252

char *cmdline_filename;

253

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

254

proc_ent->d_name);

255

if(ret == -1){

256

error_plus(0, errno, "asprintf");

257

goto fail_find_usplash;

258

}

259

cl_fd = open(cmdline_filename, O_RDONLY);

260

free(cmdline_filename);

261

if(cl_fd == -1){

262

error_plus(0, errno, "open");

263

goto fail_find_usplash;

264

}

265

}

266

size_t cmdline_allocated = 0;

267

char *tmp;

268

const size_t blocksize = 1024;

269

do {

270

/* Allocate more space? */

271

if(cmdline_len + blocksize > cmdline_allocated){

272

tmp = realloc(cmdline, cmdline_allocated + blocksize);

273

if(tmp == NULL){

274

error_plus(0, errno, "realloc");

275

close(cl_fd);

276

goto fail_find_usplash;

277

}

278

cmdline = tmp;

279

cmdline_allocated += blocksize;

280

}

281

/* Read data */

282

sret = read(cl_fd, cmdline + cmdline_len,

283

cmdline_allocated - cmdline_len);

284

if(sret == -1){

285

error_plus(0, errno, "read");

286

close(cl_fd);

287

goto fail_find_usplash;

288

}

289

cmdline_len += (size_t)sret;

290

} while(sret != 0);

291

ret = close(cl_fd);

292

if(ret == -1){

293

error_plus(0, errno, "close");

294

goto fail_find_usplash;

295

}

296

}

297

/* Close directory */

298

ret = closedir(proc_dir);

299

if(ret == -1){

300

error_plus(0, errno, "closedir");

301

goto fail_find_usplash;

302

}

303

/* Success */

304

*cmdline_r = cmdline;

305

*cmdline_len_r = cmdline_len;

306

return pid;

307

}

308

309

fail_find_usplash:

310

311

free(cmdline);

312

if(proc_dir != NULL){

313

int e = errno;

314

closedir(proc_dir);

315

errno = e;

316

}

317

return 0;

318

}

319

124

320

int main(__attribute__((unused))int argc,

125

321

__attribute__((unused))char **argv){

126

322

int ret = 0;

127

323

ssize_t sret;

128

bool an_error_occured = false;

324

int fifo_fd = -1;

325

int outfifo_fd = -1;

326

char *buf = NULL;

327

size_t buf_len = 0;

328

pid_t usplash_pid = -1;

329

bool usplash_accessed = false;

330

int status = EXIT_FAILURE; /* Default failure exit status */

129

331

130

/* Create prompt string */

131

char *prompt = NULL;

132

{

133

const char *const cryptsource = getenv("cryptsource");

134

const char *const crypttarget = getenv("crypttarget");

135

const char prompt_start[] = "Enter passphrase to unlock the disk";

136

137

if(cryptsource == NULL){

138

if(crypttarget == NULL){

139

ret = asprintf(&prompt, "%s: ", prompt_start);

140

} else {

141

ret = asprintf(&prompt, "%s (%s): ", prompt_start,

142

crypttarget);

143

}

144

} else {

145

if(crypttarget == NULL){

146

ret = asprintf(&prompt, "%s %s: ", prompt_start, cryptsource);

147

} else {

148

ret = asprintf(&prompt, "%s %s (%s): ", prompt_start,

149

cryptsource, crypttarget);

150

}

151

}

152

if(ret == -1){

153

return EXIT_FAILURE;

154

}

332

char *prompt = makeprompt();

333

if(prompt == NULL){

334

status = EX_OSERR;

335

goto failure;

155

336

}

156

337

157

338

/* Find usplash process */

158

pid_t usplash_pid = 0;

159

339

char *cmdline = NULL;

160

340

size_t cmdline_len = 0;

161

const char usplash_name[] = "/sbin/usplash";

162

{

163

DIR *proc_dir = opendir("/proc");

164

if(proc_dir == NULL){

165

free(prompt);

166

perror("opendir");

167

return EXIT_FAILURE;

168

}

169

for(struct dirent *proc_ent = readdir(proc_dir);

170

proc_ent != NULL;

171

proc_ent = readdir(proc_dir)){

172

pid_t pid;

173

{

174

intmax_t tmpmax;

175

char *tmp;

176

errno = 0;

177

tmpmax = strtoimax(proc_ent->d_name, &tmp, 10);

178

if(errno != 0 or tmp == proc_ent->d_name or *tmp != '\0'

179

or tmpmax != (pid_t)tmpmax){

180

/* Not a process */

181

continue;

182

}

183

pid = (pid_t)tmpmax;

184

}

185

/* Find the executable name by doing readlink() on the

186

/proc/<pid>/exe link */

187

char exe_target[sizeof(usplash_name)];

188

{

189

/* create file name string */

190

char *exe_link;

191

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

192

if(ret == -1){

193

perror("asprintf");

194

free(prompt);

195

closedir(proc_dir);

196

return EXIT_FAILURE;

197

}

198

199

/* Check that it refers to a symlink owned by root:root */

200

struct stat exe_stat;

201

ret = lstat(exe_link, &exe_stat);

202

if(ret == -1){

203

if(errno == ENOENT){

204

free(exe_link);

205

continue;

206

}

207

perror("lstat");

208

free(exe_link);

209

free(prompt);

210

closedir(proc_dir);

211

return EXIT_FAILURE;

212

}

213

if(not S_ISLNK(exe_stat.st_mode)

214

or exe_stat.st_uid != 0

215

or exe_stat.st_gid != 0){

216

free(exe_link);

217

continue;

218

}

219

220

sret = readlink(exe_link, exe_target, sizeof(exe_target));

221

free(exe_link);

222

}

223

if((sret == ((ssize_t)sizeof(exe_target)-1))

224

and (memcmp(usplash_name, exe_target,

225

sizeof(exe_target)-1) == 0)){

226

usplash_pid = pid;

227

/* Read and save the command line of usplash in "cmdline" */

228

{

229

/* Open /proc/<pid>/cmdline */

230

int cl_fd;

231

{

232

char *cmdline_filename;

233

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

234

proc_ent->d_name);

235

if(ret == -1){

236

perror("asprintf");

237

free(prompt);

238

closedir(proc_dir);

239

return EXIT_FAILURE;

240

}

241

cl_fd = open(cmdline_filename, O_RDONLY);

242

if(cl_fd == -1){

243

perror("open");

244

free(cmdline_filename);

245

free(prompt);

246

closedir(proc_dir);

247

return EXIT_FAILURE;

248

}

249

free(cmdline_filename);

250

}

251

size_t cmdline_allocated = 0;

252

char *tmp;

253

const size_t blocksize = 1024;

254

do {

255

if(cmdline_len + blocksize > cmdline_allocated){

256

tmp = realloc(cmdline, cmdline_allocated + blocksize);

257

if(tmp == NULL){

258

perror("realloc");

259

free(cmdline);

260

free(prompt);

261

closedir(proc_dir);

262

return EXIT_FAILURE;

263

}

264

cmdline = tmp;

265

cmdline_allocated += blocksize;

266

}

267

sret = read(cl_fd, cmdline + cmdline_len,

268

cmdline_allocated - cmdline_len);

269

if(sret == -1){

270

perror("read");

271

free(cmdline);

272

free(prompt);

273

closedir(proc_dir);

274

return EXIT_FAILURE;

275

}

276

cmdline_len += (size_t)sret;

277

} while(sret != 0);

278

close(cl_fd);

279

}

280

break;

281

}

282

}

283

closedir(proc_dir);

284

}

341

usplash_pid = find_usplash(&cmdline, &cmdline_len);

285

342

if(usplash_pid == 0){

286

free(prompt);

287

return EXIT_FAILURE;

343

status = EX_UNAVAILABLE;

344

goto failure;

288

345

}

289

346

290

347

/* Set up the signal handler */

293

350

new_action = { .sa_handler = termination_handler,

294

351

.sa_flags = 0 };

295

352

sigemptyset(&new_action.sa_mask);

296

sigaddset(&new_action.sa_mask, SIGINT);

297

sigaddset(&new_action.sa_mask, SIGHUP);

298

sigaddset(&new_action.sa_mask, SIGTERM);

353

ret = sigaddset(&new_action.sa_mask, SIGINT);

354

if(ret == -1){

355

error_plus(0, errno, "sigaddset");

356

status = EX_OSERR;

357

goto failure;

358

}

359

ret = sigaddset(&new_action.sa_mask, SIGHUP);

360

if(ret == -1){

361

error_plus(0, errno, "sigaddset");

362

status = EX_OSERR;

363

goto failure;

364

}

365

ret = sigaddset(&new_action.sa_mask, SIGTERM);

366

if(ret == -1){

367

error_plus(0, errno, "sigaddset");

368

status = EX_OSERR;

369

goto failure;

370

}

299

371

ret = sigaction(SIGINT, NULL, &old_action);

300

372

if(ret == -1){

301

perror("sigaction");

302

free(prompt);

303

return EXIT_FAILURE;

373

if(errno != EINTR){

374

error_plus(0, errno, "sigaction");

375

status = EX_OSERR;

376

}

377

goto failure;

304

378

}

305

379

if(old_action.sa_handler != SIG_IGN){

306

380

ret = sigaction(SIGINT, &new_action, NULL);

307

381

if(ret == -1){

308

perror("sigaction");

309

free(prompt);

310

return EXIT_FAILURE;

382

if(errno != EINTR){

383

error_plus(0, errno, "sigaction");

384

status = EX_OSERR;

385

}

386

goto failure;

311

387

}

312

388

}

313

389

ret = sigaction(SIGHUP, NULL, &old_action);

314

390

if(ret == -1){

315

perror("sigaction");

316

free(prompt);

317

return EXIT_FAILURE;

391

if(errno != EINTR){

392

error_plus(0, errno, "sigaction");

393

status = EX_OSERR;

394

}

395

goto failure;

318

396

}

319

397

if(old_action.sa_handler != SIG_IGN){

320

398

ret = sigaction(SIGHUP, &new_action, NULL);

321

399

if(ret == -1){

322

perror("sigaction");

323

free(prompt);

324

return EXIT_FAILURE;

400

if(errno != EINTR){

401

error_plus(0, errno, "sigaction");

402

status = EX_OSERR;

403

}

404

goto failure;

325

405

}

326

406

}

327

407

ret = sigaction(SIGTERM, NULL, &old_action);

328

408

if(ret == -1){

329

perror("sigaction");

330

free(prompt);

331

return EXIT_FAILURE;

409

if(errno != EINTR){

410

error_plus(0, errno, "sigaction");

411

status = EX_OSERR;

412

}

413

goto failure;

332

414

}

333

415

if(old_action.sa_handler != SIG_IGN){

334

416

ret = sigaction(SIGTERM, &new_action, NULL);

335

417

if(ret == -1){

336

perror("sigaction");

337

free(prompt);

338

return EXIT_FAILURE;

418

if(errno != EINTR){

419

error_plus(0, errno, "sigaction");

420

status = EX_OSERR;

421

}

422

goto failure;

339

423

}

340

424

}

341

425

}

342

426

427

usplash_accessed = true;

343

428

/* Write command to FIFO */

344

if(not interrupted_by_signal){

345

if(not usplash_write("TIMEOUT", "0")

346

and (errno != EINTR)){

347

perror("usplash_write");

348

an_error_occured = true;

349

}

350

}

351

if(not interrupted_by_signal and not an_error_occured){

352

if(not usplash_write("INPUTQUIET", prompt)

353

and (errno != EINTR)){

354

perror("usplash_write");

355

an_error_occured = true;

356

}

357

}

429

if(not usplash_write(&fifo_fd, "TIMEOUT", "0")){

430

if(errno != EINTR){

431

error_plus(0, errno, "usplash_write");

432

status = EX_OSERR;

433

}

434

goto failure;

435

}

436

437

if(interrupted_by_signal){

438

goto failure;

439

}

440

441

if(not usplash_write(&fifo_fd, "INPUTQUIET", prompt)){

442

if(errno != EINTR){

443

error_plus(0, errno, "usplash_write");

444

status = EX_OSERR;

445

}

446

goto failure;

447

}

448

449

if(interrupted_by_signal){

450

goto failure;

451

}

452

358

453

free(prompt);

359

360

/* This is not really a loop; while() is used to be able to "break"

361

out of it; those breaks are marked "Big" */

362

while(not interrupted_by_signal and not an_error_occured){

363

char *buf = NULL;

364

size_t buf_len = 0;

365

366

/* Open FIFO */

367

int fifo_fd;

368

do {

369

fifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);

370

if(fifo_fd == -1){

371

if(errno != EINTR){

372

perror("open");

373

an_error_occured = true;

374

break;

375

}

376

if(interrupted_by_signal){

377

break;

378

}

379

}

380

} while(fifo_fd == -1);

381

if(interrupted_by_signal or an_error_occured){

382

break; /* Big */

383

}

384

385

/* Read from FIFO */

386

size_t buf_allocated = 0;

387

const size_t blocksize = 1024;

388

do {

389

if(buf_len + blocksize > buf_allocated){

390

char *tmp = realloc(buf, buf_allocated + blocksize);

391

if(tmp == NULL){

392

perror("realloc");

393

an_error_occured = true;

394

break;

395

}

396

buf = tmp;

397

buf_allocated += blocksize;

398

}

399

do {

400

sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);

401

if(sret == -1){

402

if(errno != EINTR){

403

perror("read");

404

an_error_occured = true;

405

break;

406

}

407

if(interrupted_by_signal){

408

break;

409

}

410

}

411

} while(sret == -1);

412

if(interrupted_by_signal or an_error_occured){

413

break;

414

}

415

416

buf_len += (size_t)sret;

417

} while(sret != 0);

418

close(fifo_fd);

419

if(interrupted_by_signal or an_error_occured){

420

break; /* Big */

421

}

422

423

if(not usplash_write("TIMEOUT", "15")

424

and (errno != EINTR)){

425

perror("usplash_write");

426

an_error_occured = true;

427

}

428

if(interrupted_by_signal or an_error_occured){

429

break; /* Big */

430

}

431

432

/* Print password to stdout */

433

size_t written = 0;

434

while(written < buf_len){

435

do {

436

sret = write(STDOUT_FILENO, buf + written, buf_len - written);

437

if(sret == -1){

438

if(errno != EINTR){

439

perror("write");

440

an_error_occured = true;

441

break;

442

}

443

if(interrupted_by_signal){

444

break;

445

}

446

}

447

} while(sret == -1);

448

if(interrupted_by_signal or an_error_occured){

449

break;

450

}

451

written += (size_t)sret;

452

}

453

free(buf);

454

if(not interrupted_by_signal and not an_error_occured){

455

free(cmdline);

456

return EXIT_SUCCESS;

457

}

458

break; /* Big */

459

} /* end of non-loop while() */

460

461

/* If we got here, an error or interrupt must have happened */

462

463

/* Create argc and argv for new usplash*/

464

int cmdline_argc = 0;

465

char **cmdline_argv = malloc(sizeof(char *));

466

{

467

size_t position = 0;

468

while(position < cmdline_len){

469

char **tmp = realloc(cmdline_argv,

470

(sizeof(char *)

471

* (size_t)(cmdline_argc + 2)));

454

prompt = NULL;

455

456

/* Read reply from usplash */

457

/* Open FIFO */

458

outfifo_fd = open("/dev/.initramfs/usplash_outfifo", O_RDONLY);

459

if(outfifo_fd == -1){

460

if(errno != EINTR){

461

error_plus(0, errno, "open");

462

status = EX_OSERR;

463

}

464

goto failure;

465

}

466

467

if(interrupted_by_signal){

468

goto failure;

469

}

470

471

/* Read from FIFO */

472

size_t buf_allocated = 0;

473

const size_t blocksize = 1024;

474

do {

475

/* Allocate more space */

476

if(buf_len + blocksize > buf_allocated){

477

char *tmp = realloc(buf, buf_allocated + blocksize);

472

478

if(tmp == NULL){

473

perror("realloc");

474

free(cmdline_argv);

475

return EXIT_FAILURE;

476

}

477

cmdline_argv = tmp;

478

cmdline_argv[cmdline_argc] = cmdline + position;

479

cmdline_argc++;

480

position += strlen(cmdline + position) + 1;

481

}

482

cmdline_argv[cmdline_argc] = NULL;

483

}

479

if(errno != EINTR){

480

error_plus(0, errno, "realloc");

481

status = EX_OSERR;

482

}

483

goto failure;

484

}

485

buf = tmp;

486

buf_allocated += blocksize;

487

}

488

sret = read(outfifo_fd, buf + buf_len,

489

buf_allocated - buf_len);

490

if(sret == -1){

491

if(errno != EINTR){

492

error_plus(0, errno, "read");

493

status = EX_OSERR;

494

}

495

close(outfifo_fd);

496

goto failure;

497

}

498

if(interrupted_by_signal){

499

break;

500

}

501

502

buf_len += (size_t)sret;

503

} while(sret != 0);

504

ret = close(outfifo_fd);

505

if(ret == -1){

506

if(errno != EINTR){

507

error_plus(0, errno, "close");

508

status = EX_OSERR;

509

}

510

goto failure;

511

}

512

outfifo_fd = -1;

513

514

if(interrupted_by_signal){

515

goto failure;

516

}

517

518

if(not usplash_write(&fifo_fd, "TIMEOUT", "15")){

519

if(errno != EINTR){

520

error_plus(0, errno, "usplash_write");

521

status = EX_OSERR;

522

}

523

goto failure;

524

}

525

526

if(interrupted_by_signal){

527

goto failure;

528

}

529

530

ret = close(fifo_fd);

531

if(ret == -1){

532

if(errno != EINTR){

533

error_plus(0, errno, "close");

534

status = EX_OSERR;

535

}

536

goto failure;

537

}

538

fifo_fd = -1;

539

540

/* Print password to stdout */

541

size_t written = 0;

542

while(written < buf_len){

543

do {

544

sret = write(STDOUT_FILENO, buf + written, buf_len - written);

545

if(sret == -1){

546

if(errno != EINTR){

547

error_plus(0, errno, "write");

548

status = EX_OSERR;

549

}

550

goto failure;

551

}

552

} while(sret == -1);

553

554

if(interrupted_by_signal){

555

goto failure;

556

}

557

written += (size_t)sret;

558

}

559

free(buf);

560

buf = NULL;

561

562

if(interrupted_by_signal){

563

goto failure;

564

}

565

566

free(cmdline);

567

return EXIT_SUCCESS;

568

569

failure:

570

571

free(buf);

572

573

free(prompt);

574

575

/* If usplash was never accessed, we can stop now */

576

if(not usplash_accessed){

577

return status;

578

}

579

580

/* Close FIFO */

581

if(fifo_fd != -1){

582

ret = close(fifo_fd);

583

if(ret == -1 and errno != EINTR){

584

error_plus(0, errno, "close");

585

}

586

fifo_fd = -1;

587

}

588

589

/* Close output FIFO */

590

if(outfifo_fd != -1){

591

ret = close(outfifo_fd);

592

if(ret == -1){

593

error_plus(0, errno, "close");

594

}

595

}

596

597

/* Create argv for new usplash*/

598

char **cmdline_argv = malloc((argz_count(cmdline, cmdline_len) + 1)

599

* sizeof(char *)); /* Count args */

600

if(cmdline_argv == NULL){

601

error_plus(0, errno, "malloc");

602

return status;

603

}

604

argz_extract(cmdline, cmdline_len, cmdline_argv); /* Create argv */

605

484

606

/* Kill old usplash */

485

607

kill(usplash_pid, SIGTERM);

486

608

sleep(2);

488

610

kill(usplash_pid, SIGKILL);

489

611

sleep(1);

490

612

}

613

491

614

pid_t new_usplash_pid = fork();

492

615

if(new_usplash_pid == 0){

493

616

/* Child; will become new usplash process */

496

619

the real user ID (_mandos) */

497

620

ret = setuid(geteuid());

498

621

if(ret == -1){

499

perror("setuid");

622

error_plus(0, errno, "setuid");

500

623

}

501

624

502

625

setsid();

503

626

ret = chdir("/");

627

if(ret == -1){

628

error_plus(0, errno, "chdir");

629

_exit(EX_OSERR);

630

}

504

631

/* if(fork() != 0){ */

505

632

/* _exit(EXIT_SUCCESS); */

506

633

/* } */

507

634

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

508

635

if(ret == -1){

509

perror("dup2");

510

_exit(EXIT_FAILURE);

636

error_plus(0, errno, "dup2");

637

_exit(EX_OSERR);

511

638

}

512

639

513

640

execv(usplash_name, cmdline_argv);

514

641

if(not interrupted_by_signal){

515

perror("execv");

642

error_plus(0, errno, "execv");

516

643

}

517

644

free(cmdline);

518

645

free(cmdline_argv);

519

_exit(EXIT_FAILURE);

646

_exit(EX_OSERR);

520

647

}

521

648

free(cmdline);

522

649

free(cmdline_argv);

523

650

sleep(2);

524

if(not usplash_write("PULSATE", NULL)

525

and (errno != EINTR)){

526

perror("usplash_write");

527

}

528

529

return EXIT_FAILURE;

651

if(not usplash_write(&fifo_fd, "PULSATE", NULL)){

652

if(errno != EINTR){

653

error_plus(0, errno, "usplash_write");

654

}

655

}

656

657

/* Close FIFO (again) */

658

if(fifo_fd != -1){

659

ret = close(fifo_fd);

660

if(ret == -1 and errno != EINTR){

661

error_plus(0, errno, "close");

662

}

663

fifo_fd = -1;

664

}

665

666

if(interrupted_by_signal){

667

struct sigaction signal_action = { .sa_handler = SIG_DFL };

668

sigemptyset(&signal_action.sa_mask);

669

ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,

670

&signal_action, NULL));

671

if(ret == -1){

672

error_plus(0, errno, "sigaction");

673

}

674

do {

675

ret = raise(signal_received);

676

} while(ret != 0 and errno == EINTR);

677

if(ret != 0){

678

error_plus(0, errno, "raise");

679

abort();

680

}

681

TEMP_FAILURE_RETRY(pause());

682

}

683

684

return status;

530

685

}

Older »