1
1
/* -*- coding: utf-8 -*- */
3
* Passprompt - Read a password from a FIFO and output it
5
* Copyright © 2008 Teddy Hogeborn
6
* Copyright © 2008 Björn Påhlsson
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
13
* This program is distributed in the hope that it will be useful, but
3
* Askpass-FIFO - Read a password from a FIFO and output it
5
* Copyright © 2008-2018 Teddy Hogeborn
6
* Copyright © 2008-2018 Björn Påhlsson
8
* This file is part of Mandos.
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
15
* Mandos is distributed in the hope that it will be useful, but
14
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
18
* General Public License for more details.
18
20
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
22
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
23
* <https://www.fukt.bsnet.se/~teddy/>.
23
* Contact the authors at <mandos@recompile.se>.
26
26
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
27
#include <sys/types.h> /* ssize_t */
27
#include <sys/types.h> /* uid_t, gid_t, ssize_t */
28
28
#include <sys/stat.h> /* mkfifo(), S_IRUSR, S_IWUSR */
29
29
#include <iso646.h> /* and */
30
#include <errno.h> /* errno, EEXIST */
31
#include <stdio.h> /* perror() */
32
#include <stdlib.h> /* EXIT_FAILURE, NULL, size_t, free(),
30
#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,
31
ENAMETOOLONG, ENOSPC, EROFS,
32
ENOENT, EEXIST, EFAULT, EMFILE,
33
ENFILE, ENOMEM, EBADF, EINVAL, EIO,
35
#include <error.h> /* error() */
36
#include <stdio.h> /* fprintf(), vfprintf(),
38
#include <stdlib.h> /* EXIT_FAILURE, NULL, size_t, free(),
33
39
realloc(), EXIT_SUCCESS */
34
40
#include <fcntl.h> /* open(), O_RDONLY */
35
41
#include <unistd.h> /* read(), close(), write(),
43
#include <sysexits.h> /* EX_OSERR, EX_OSFILE,
44
EX_UNAVAILABLE, EX_IOERR */
45
#include <string.h> /* strerror() */
46
#include <stdarg.h> /* va_list, va_start(), ... */
51
/* Function to use when printing errors */
52
__attribute__((format (gnu_printf, 3, 4)))
53
void error_plus(int status, int errnum, const char *formatstring,
59
va_start(ap, formatstring);
60
ret = vasprintf(&text, formatstring, ap);
62
fprintf(stderr, "Mandos plugin %s: ",
63
program_invocation_short_name);
64
vfprintf(stderr, formatstring, ap);
65
fprintf(stderr, ": ");
66
fprintf(stderr, "%s\n", strerror(errnum));
67
error(status, errno, "vasprintf while printing error");
69
__builtin_unreachable();
73
fprintf(stderr, "Mandos plugin ");
74
error(status, errnum, "%s", text);
76
__builtin_unreachable();
39
81
int main(__attribute__((unused))int argc,
40
82
__attribute__((unused))char **argv){
45
90
const char passfifo[] = "/lib/cryptsetup/passfifo";
46
ret = TEMP_FAILURE_RETRY(mkfifo(passfifo, S_IRUSR | S_IWUSR));
47
if(ret == -1 and errno != EEXIST){
91
ret = mkfifo(passfifo, S_IRUSR | S_IWUSR);
98
error_plus(EX_OSFILE, errno, "mkfifo");
99
__builtin_unreachable();
104
error_plus(EX_OSERR, errno, "mkfifo");
105
__builtin_unreachable();
107
/* no "/lib/cryptsetup"? */
108
error_plus(EX_UNAVAILABLE, errno, "mkfifo");
109
__builtin_unreachable();
111
break; /* not an error */
53
int fifo_fd = TEMP_FAILURE_RETRY(open(passfifo, O_RDONLY));
116
int fifo_fd = open(passfifo, O_RDONLY);
54
117
if(fifo_fd == -1){
119
error_plus(0, errno, "open");
124
return EX_UNAVAILABLE;
137
/* Lower group privileges */
138
if(setgid(gid) == -1){
139
error_plus(0, errno, "setgid");
142
/* Lower user privileges */
143
if(setuid(uid) == -1){
144
error_plus(0, errno, "setuid");
59
147
/* Read from FIFO */
63
151
size_t buf_allocated = 0;
64
152
const size_t blocksize = 1024;
66
154
if(buf_len + blocksize > buf_allocated){
67
155
char *tmp = realloc(buf, buf_allocated + blocksize);
157
error_plus(0, errno, "realloc");
74
162
buf_allocated += blocksize;
76
sret = TEMP_FAILURE_RETRY(read(fifo_fd, buf + buf_len,
77
buf_allocated - buf_len));
164
sret = read(fifo_fd, buf + buf_len, buf_allocated - buf_len);
169
error_plus(0, errno, "read");
179
return EX_UNAVAILABLE;
83
182
buf_len += (size_t)sret;
88
TEMP_FAILURE_RETRY(close(fifo_fd));
90
189
/* Print password to stdout */
91
190
size_t written = 0;
92
191
while(written < buf_len){
93
sret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buf + written,
192
sret = write(STDOUT_FILENO, buf + written, buf_len - written);
197
error_plus(0, errno, "write");
100
210
written += (size_t)sret;
214
ret = close(STDOUT_FILENO);
217
error_plus(0, errno, "close");
104
226
return EXIT_SUCCESS;