/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.c

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.c

* Plymouth - Read a password from Plymouth and output it

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

sig_atomic_t interrupted_by_signal = 0;

/* Used by Ubuntu 11.04 (Natty Narwahl) */

const char plymouth_old_old_pid[] = "/dev/.initramfs/plymouth.pid";

const char plymouth_old_pid[] = "/dev/.initramfs/plymouth.pid";

/* Used by Ubuntu 11.10 (Oneiric Ocelot) */

const char plymouth_old_pid[] = "/run/initramfs/plymouth.pid";

/* Used by Debian 9 (stretch) */

const char plymouth_pid[] = "/run/plymouth/pid";

const char plymouth_pid[] = "/run/initramfs/plymouth.pid";

const char plymouth_path[] = "/bin/plymouth";

const char plymouthd_path[] = "/sbin/plymouthd";

177

174

}

178

175

}

179

176

180

char **new_argv = malloc(sizeof(const char *));

181

if(new_argv == NULL){

182

error_plus(0, errno, "malloc");

183

_exit(EX_OSERR);

184

}

177

char **new_argv = NULL;

185

178

char **tmp;

186

179

int i = 0;

187

for (; argv[i] != NULL; i++){

188

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));

180

for (; argv[i]!=NULL; i++){

181

tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 1));

189

182

if(tmp == NULL){

190

183

error_plus(0, errno, "realloc");

191

184

free(new_argv);

284

277

}

285

278

/* Try the old pid file location */

286

279

if(proc_id == 0){

287

pidfile = fopen(plymouth_old_pid, "r");

288

if(pidfile != NULL){

289

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

290

if(ret != 1){

291

proc_id = 0;

292

}

293

fclose(pidfile);

294

}

295

}

296

/* Try the old old pid file location */

297

if(proc_id == 0){

298

pidfile = fopen(plymouth_old_old_pid, "r");

280

pidfile = fopen(plymouth_pid, "r");

299

281

if(pidfile != NULL){

300

282

ret = fscanf(pidfile, "%" SCNuMAX, &proc_id);

301

283

if(ret != 1){

312

294

error_plus(0, errno, "scandir");

313

295

}

314

296

if(ret > 0){

315

for(int i = ret-1; i >= 0; i--){

316

if(proc_id == 0){

317

ret = sscanf(direntries[i]->d_name, "%" SCNuMAX, &proc_id);

318

if(ret < 0){

319

error_plus(0, errno, "sscanf");

320

}

321

}

322

free(direntries[i]);

297

ret = sscanf(direntries[0]->d_name, "%" SCNuMAX, &proc_id);

298

if(ret < 0){

299

error_plus(0, errno, "sscanf");

323

300

}

324

301

}

325

302

/* scandir might preallocate for this variable (man page unclear).

335

312

return 0;

336

313

}

337

314

338

char **getargv(pid_t pid){

315

const char * const * getargv(pid_t pid){

339

316

int cl_fd;

340

317

char *cmdline_filename;

341

318

ssize_t sret;

402

379

return NULL;

403

380

}

404

381

argz_extract(cmdline, cmdline_len, argv); /* Create argv */

405

return argv;

382

return (const char * const *)argv;

406

383

}

407

384

408

385

int main(__attribute__((unused))int argc,

483

460

}

484

461

kill_and_wait(plymouth_command_pid);

485

462

486

char **plymouthd_argv = NULL;

463

const char * const *plymouthd_argv;

487

464

pid_t pid = get_pid();

488

465

if(pid == 0){

489

466

error_plus(0, 0, "plymouthd pid not found");

467

plymouthd_argv = plymouthd_default_argv;

490

468

} else {

491

469

plymouthd_argv = getargv(pid);

492

470

}

495

473

{ plymouth_path, "quit", NULL },

496

474

false, false);

497

475

if(not bret){

498

if(plymouthd_argv != NULL){

499

free(*plymouthd_argv);

500

free(plymouthd_argv);

501

}

502

476

exit(EXIT_FAILURE);

503

477

}

504

bret = exec_and_wait(NULL, plymouthd_path,

505

(plymouthd_argv != NULL)

506

? (const char * const *)plymouthd_argv

507

: plymouthd_default_argv,

478

bret = exec_and_wait(NULL, plymouthd_path, plymouthd_argv,

508

479

false, true);

509

if(plymouthd_argv != NULL){

510

free(*plymouthd_argv);

511

free(plymouthd_argv);

512

}

513

480

if(not bret){

514

481

exit(EXIT_FAILURE);

515

482

}

Older »