/mandos/trunk : revision 967

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.c

Committer: Teddy Hogeborn
Date: 2019-02-10 03:50:20 UTC
Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu

http://bugs.debian.org/879538

http://bugs.debian.org/916673

Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

files added:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.c

* Password-prompt - Read a password from the terminal and print it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* getline() */

#define _GNU_SOURCE /* getline(), asprintf() */

#include <termios.h> /* struct termios, tcsetattr(),

TCSAFLUSH, tcgetattr(), ECHO */

#include <unistd.h> /* struct termios, tcsetattr(),

STDIN_FILENO, TCSAFLUSH,

tcgetattr(), ECHO */

tcgetattr(), ECHO, readlink() */

#include <signal.h> /* sig_atomic_t, raise(), struct

sigaction, sigemptyset(),

sigaction(), sigaddset(), SIGINT,

SIGQUIT, SIGHUP, SIGTERM,

raise() */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <sys/types.h> /* ssize_t */

#include <sys/types.h> /* ssize_t, struct dirent, pid_t,

ssize_t, open() */

#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE,

getopt_long, getenv() */

getenv(), free() */

#include <dirent.h> /* scandir(), alphasort() */

#include <stdio.h> /* fprintf(), stderr, getline(),

stdin, feof(), perror(), fputc(),

getopt_long */

stdin, feof(), fputc(), vfprintf(),

vasprintf() */

#include <errno.h> /* errno, EBADF, ENOTTY, EINVAL,

EFAULT, EFBIG, EIO, ENOSPC, EINTR

#include <error.h> /* error() */

#include <iso646.h> /* or, not */

#include <stdbool.h> /* bool, false, true */

#include <string.h> /* strlen, rindex, strncmp, strcmp */

#include <inttypes.h> /* strtoumax() */

#include <sys/stat.h> /* struct stat, lstat(), open() */

#include <string.h> /* strlen, rindex, memcmp, strerror()

#include <argp.h> /* struct argp_option, struct

argp_state, struct argp,

argp_parse(), error_t,

ARGP_ERR_UNKNOWN */

#include <sysexits.h> /* EX_SOFTWARE, EX_OSERR,

EX_UNAVAILABLE, EX_IOERR, EX_OK */

#include <fcntl.h> /* open() */

#include <stdarg.h> /* va_list, va_start(), ... */

volatile sig_atomic_t quit_now = 0;

int signal_received;

bool debug = false;

const char *argp_program_version = "password-prompt " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Needed for conflict resolution */

const char plymouth_name[] = "plymouthd";

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": %s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

error(status, errnum, "%s", text);

free(text);

}

static void termination_handler(int signum){

100

if(quit_now){

104

signal_received = signum;

105

}

106

107

bool conflict_detection(void){

108

109

/* plymouth conflicts with password-prompt since both want to read

110

from the terminal. Password-prompt will exit if it detects

111

plymouth since plymouth performs the same functionality.

112

113

__attribute__((nonnull))

114

int is_plymouth(const struct dirent *proc_entry){

115

int ret;

116

int cl_fd;

117

{

118

uintmax_t proc_id;

119

char *tmp;

120

errno = 0;

121

proc_id = strtoumax(proc_entry->d_name, &tmp, 10);

122

123

if(errno != 0 or *tmp != '\0'

124

or proc_id != (uintmax_t)((pid_t)proc_id)){

125

return 0;

126

}

127

}

128

129

char *cmdline_filename;

130

ret = asprintf(&cmdline_filename, "/proc/%s/cmdline",

131

proc_entry->d_name);

132

if(ret == -1){

133

error_plus(0, errno, "asprintf");

134

return 0;

135

}

136

137

/* Open /proc/<pid>/cmdline */

138

cl_fd = open(cmdline_filename, O_RDONLY);

139

free(cmdline_filename);

140

if(cl_fd == -1){

141

if(errno != ENOENT){

142

error_plus(0, errno, "open");

143

}

144

return 0;

145

}

146

147

char *cmdline = NULL;

148

{

149

size_t cmdline_len = 0;

150

size_t cmdline_allocated = 0;

151

char *tmp;

152

const size_t blocksize = 1024;

153

ssize_t sret;

154

do {

155

/* Allocate more space? */

156

if(cmdline_len + blocksize + 1 > cmdline_allocated){

157

tmp = realloc(cmdline, cmdline_allocated + blocksize + 1);

158

if(tmp == NULL){

159

error_plus(0, errno, "realloc");

160

free(cmdline);

161

close(cl_fd);

162

return 0;

163

}

164

cmdline = tmp;

165

cmdline_allocated += blocksize;

166

}

167

168

/* Read data */

169

sret = read(cl_fd, cmdline + cmdline_len,

170

cmdline_allocated - cmdline_len);

171

if(sret == -1){

172

error_plus(0, errno, "read");

173

free(cmdline);

174

close(cl_fd);

175

return 0;

176

}

177

cmdline_len += (size_t)sret;

178

} while(sret != 0);

179

ret = close(cl_fd);

180

if(ret == -1){

181

error_plus(0, errno, "close");

182

free(cmdline);

183

return 0;

184

}

185

cmdline[cmdline_len] = '\0'; /* Make sure it is terminated */

186

}

187

/* we now have cmdline */

188

189

/* get basename */

190

char *cmdline_base = strrchr(cmdline, '/');

191

if(cmdline_base != NULL){

192

cmdline_base += 1; /* skip the slash */

193

} else {

194

cmdline_base = cmdline;

195

}

196

197

if(strcmp(cmdline_base, plymouth_name) != 0){

198

if(debug){

199

fprintf(stderr, "\"%s\" is not \"%s\"\n", cmdline_base,

200

plymouth_name);

201

}

202

free(cmdline);

203

return 0;

204

}

205

if(debug){

206

fprintf(stderr, "\"%s\" equals \"%s\"\n", cmdline_base,

207

plymouth_name);

208

}

209

free(cmdline);

210

return 1;

211

}

212

213

struct dirent **direntries = NULL;

214

int ret;

215

ret = scandir("/proc", &direntries, is_plymouth, alphasort);

216

if(ret == -1){

217

error_plus(1, errno, "scandir");

218

}

219

{

220

int i = ret;

221

while(i--){

222

free(direntries[i]);

223

}

224

}

225

free(direntries);

226

return ret > 0;

227

}

228

229

230

int main(int argc, char **argv){

ssize_t ret;

231

ssize_t sret;

232

int ret;

233

size_t n;

234

struct termios t_new, t_old;

235

char *buffer = NULL;

245

.doc = "Prefix shown before the prompt", .group = 2 },

246

{ .name = "debug", .key = 128,

247

.doc = "Debug mode", .group = 3 },

248

249

* These reproduce what we would get without ARGP_NO_HELP

250

251

{ .name = "help", .key = '?',

252

.doc = "Give this help list", .group = -1 },

253

{ .name = "usage", .key = -3,

254

.doc = "Give a short usage message", .group = -1 },

255

{ .name = "version", .key = 'V',

256

.doc = "Print program version", .group = -1 },

257

{ .name = NULL }

258

};

259

260

__attribute__((nonnull(3)))

261

error_t parse_opt (int key, char *arg, struct argp_state *state){

262

errno = 0;

263

switch (key){

264

case 'p':

265

prefix = arg;

267

case 128:

268

debug = true;

269

break;

100

case ARGP_KEY_ARG:

101

argp_usage(state);

102

break;

103

case ARGP_KEY_END:

270

271

* These reproduce what we would get without ARGP_NO_HELP

272

273

case '?': /* --help */

274

argp_state_help(state, state->out_stream,

275

(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)

276

& ~(unsigned int)ARGP_HELP_EXIT_OK);

277

case -3: /* --usage */

278

argp_state_help(state, state->out_stream,

279

ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);

280

case 'V': /* --version */

281

fprintf(state->out_stream, "%s\n", argp_program_version);

282

exit(argp_err_exit_status);

104

283

break;

105

284

default:

106

285

return ARGP_ERR_UNKNOWN;

107

286

}

108

return 0;

287

return errno;

109

288

}

110

289

111

290

struct argp argp = { .options = options, .parser = parse_opt,

112

291

.args_doc = "",

113

292

.doc = "Mandos password-prompt -- Read and"

114

293

" output a password" };

115

ret = argp_parse(&argp, argc, argv, 0, 0, NULL);

116

if(ret == ARGP_ERR_UNKNOWN){

117

fprintf(stderr, "Unknown error while parsing arguments\n");

118

return EX_SOFTWARE;

294

ret = argp_parse(&argp, argc, argv,

295

ARGP_IN_ORDER | ARGP_NO_HELP, NULL, NULL);

296

switch(ret){

297

case 0:

298

break;

299

case ENOMEM:

300

default:

301

errno = ret;

302

error_plus(0, errno, "argp_parse");

303

return EX_OSERR;

304

case EINVAL:

305

return EX_USAGE;

119

306

}

120

307

}

121

308

122

309

if(debug){

123

310

fprintf(stderr, "Starting %s\n", argv[0]);

124

311

}

312

313

if(conflict_detection()){

314

if(debug){

315

fprintf(stderr, "Stopping %s because of conflict\n", argv[0]);

316

}

317

return EXIT_FAILURE;

318

}

319

125

320

if(debug){

126

321

fprintf(stderr, "Storing current terminal attributes\n");

127

322

}

128

323

129

324

if(tcgetattr(STDIN_FILENO, &t_old) != 0){

130

325

int e = errno;

131

perror("tcgetattr");

326

error_plus(0, errno, "tcgetattr");

132

327

switch(e){

133

328

case EBADF:

134

329

case ENOTTY:

141

336

sigemptyset(&new_action.sa_mask);

142

337

ret = sigaddset(&new_action.sa_mask, SIGINT);

143

338

if(ret == -1){

144

perror("sigaddset");

339

error_plus(0, errno, "sigaddset");

145

340

return EX_OSERR;

146

341

}

147

342

ret = sigaddset(&new_action.sa_mask, SIGHUP);

148

343

if(ret == -1){

149

perror("sigaddset");

344

error_plus(0, errno, "sigaddset");

150

345

return EX_OSERR;

151

346

}

152

347

ret = sigaddset(&new_action.sa_mask, SIGTERM);

153

348

if(ret == -1){

154

perror("sigaddset");

349

error_plus(0, errno, "sigaddset");

155

350

return EX_OSERR;

156

351

}

157

352

/* Need to check if the handler is SIG_IGN before handling:

160

355

161

356

ret = sigaction(SIGINT, NULL, &old_action);

162

357

if(ret == -1){

163

perror("sigaction");

358

error_plus(0, errno, "sigaction");

164

359

return EX_OSERR;

165

360

}

166

361

if(old_action.sa_handler != SIG_IGN){

167

362

ret = sigaction(SIGINT, &new_action, NULL);

168

363

if(ret == -1){

169

perror("sigaction");

364

error_plus(0, errno, "sigaction");

170

365

return EX_OSERR;

171

366

}

172

367

}

173

368

ret = sigaction(SIGHUP, NULL, &old_action);

174

369

if(ret == -1){

175

perror("sigaction");

370

error_plus(0, errno, "sigaction");

176

371

return EX_OSERR;

177

372

}

178

373

if(old_action.sa_handler != SIG_IGN){

179

374

ret = sigaction(SIGHUP, &new_action, NULL);

180

375

if(ret == -1){

181

perror("sigaction");

376

error_plus(0, errno, "sigaction");

182

377

return EX_OSERR;

183

378

}

184

379

}

185

380

ret = sigaction(SIGTERM, NULL, &old_action);

186

381

if(ret == -1){

187

perror("sigaction");

382

error_plus(0, errno, "sigaction");

188

383

return EX_OSERR;

189

384

}

190

385

if(old_action.sa_handler != SIG_IGN){

191

386

ret = sigaction(SIGTERM, &new_action, NULL);

192

387

if(ret == -1){

193

perror("sigaction");

388

error_plus(0, errno, "sigaction");

194

389

return EX_OSERR;

195

390

}

196

391

}

204

399

t_new.c_lflag &= ~(tcflag_t)ECHO;

205

400

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_new) != 0){

206

401

int e = errno;

207

perror("tcsetattr-echo");

402

error_plus(0, errno, "tcsetattr-echo");

208

403

switch(e){

209

404

case EBADF:

210

405

case ENOTTY:

231

426

fprintf(stderr, "%s ", prefix);

232

427

}

233

428

{

234

const char *cryptsource = getenv("cryptsource");

235

const char *crypttarget = getenv("crypttarget");

236

const char *const prompt

237

= "Enter passphrase to unlock the disk";

429

const char *cryptsource = getenv("CRYPTTAB_SOURCE");

430

const char *crypttarget = getenv("CRYPTTAB_NAME");

431

/* Before cryptsetup 1.1.0~rc2 */

432

if(cryptsource == NULL){

433

cryptsource = getenv("cryptsource");

434

}

435

if(crypttarget == NULL){

436

crypttarget = getenv("crypttarget");

437

}

438

const char *const prompt1 = "Unlocking the disk";

439

const char *const prompt2 = "Enter passphrase";

238

440

if(cryptsource == NULL){

239

441

if(crypttarget == NULL){

240

fprintf(stderr, "%s: ", prompt);

442

fprintf(stderr, "%s to unlock the disk: ", prompt2);

241

443

} else {

242

fprintf(stderr, "%s (%s): ", prompt, crypttarget);

444

fprintf(stderr, "%s (%s)\n%s: ", prompt1, crypttarget,

445

prompt2);

243

446

}

244

447

} else {

245

448

if(crypttarget == NULL){

246

fprintf(stderr, "%s %s: ", prompt, cryptsource);

449

fprintf(stderr, "%s %s\n%s: ", prompt1, cryptsource,

450

prompt2);

247

451

} else {

248

fprintf(stderr, "%s %s (%s): ", prompt, cryptsource,

249

crypttarget);

452

fprintf(stderr, "%s %s (%s)\n%s: ", prompt1, cryptsource,

453

crypttarget, prompt2);

250

454

}

251

455

}

252

456

}

253

ret = getline(&buffer, &n, stdin);

254

if(ret > 0){

457

sret = getline(&buffer, &n, stdin);

458

if(sret > 0){

255

459

status = EXIT_SUCCESS;

256

460

/* Make n = data size instead of allocated buffer size */

257

n = (size_t)ret;

461

n = (size_t)sret;

258

462

/* Strip final newline */

259

463

if(n > 0 and buffer[n-1] == '\n'){

260

464

buffer[n-1] = '\0'; /* not strictly necessary */

262

466

}

263

467

size_t written = 0;

264

468

while(written < n){

265

ret = write(STDOUT_FILENO, buffer + written, n - written);

266

if(ret < 0){

469

sret = write(STDOUT_FILENO, buffer + written, n - written);

470

if(sret < 0){

267

471

int e = errno;

268

perror("write");

472

error_plus(0, errno, "write");

269

473

switch(e){

270

474

case EBADF:

271

475

case EFAULT:

282

486

}

283

487

break;

284

488

}

285

written += (size_t)ret;

489

written += (size_t)sret;

286

490

}

287

ret = close(STDOUT_FILENO);

288

if(ret == -1){

491

sret = close(STDOUT_FILENO);

492

if(sret == -1){

289

493

int e = errno;

290

perror("close");

494

error_plus(0, errno, "close");

291

495

switch(e){

292

496

case EBADF:

293

497

status = EX_OSFILE;

300

504

}

301

505

break;

302

506

}

303

if(ret < 0){

507

if(sret < 0){

304

508

int e = errno;

305

509

if(errno != EINTR and not feof(stdin)){

306

perror("getline");

510

error_plus(0, errno, "getline");

307

511

switch(e){

308

512

case EBADF:

309

513

status = EX_UNAVAILABLE;

514

break;

310

515

case EIO:

311

516

case EINVAL:

312

517

default:

316

521

break;

317

522

}

318

523

}

319

/* if(ret == 0), then the only sensible thing to do is to retry to

320

read from stdin */

524

/* if(sret == 0), then the only sensible thing to do is to retry

525

to read from stdin */

321

526

fputc('\n', stderr);

322

527

if(debug and not quit_now){

323

528

/* If quit_now is nonzero, we were interrupted by a signal, and

332

537

fprintf(stderr, "Restoring terminal attributes\n");

333

538

}

334

539

if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_old) != 0){

335

perror("tcsetattr+echo");

540

error_plus(0, errno, "tcsetattr+echo");

336

541

}

337

542

338

543

if(quit_now){

340

545

old_action.sa_handler = SIG_DFL;

341

546

ret = sigaction(signal_received, &old_action, NULL);

342

547

if(ret == -1){

343

perror("sigaction");

548

error_plus(0, errno, "sigaction");

344

549

}

345

550

raise(signal_received);

346

551

}

Older »