aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-11-18 17:46:37 +0100
committerMattias Andrée <maandree@operamail.com>2013-11-18 17:46:37 +0100
commitebf990469b79e97bf7046e9a96f20dcf7bec5d78 (patch)
tree1ec52a54cf10f852b3167cd77d5982f215b048f9
parentm (diff)
downloadlibpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.gz
libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.bz2
libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.xz
m + take ownership of and chmod /dev/vcs and /dev/vcsa
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r--src/cerberus.c19
-rw-r--r--src/cerberus.h1
-rw-r--r--src/security.c82
-rw-r--r--src/security.h18
4 files changed, 99 insertions, 21 deletions
diff --git a/src/cerberus.c b/src/cerberus.c
index d84ea50..ca4cf48 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -33,6 +33,8 @@ int main(int argc, char** argv)
char* passphrase = NULL;
char preserve_env = 0;
char skip_auth = 0;
+ struct passwd* entry;
+
/* Disable echoing */
disable_echo();
@@ -100,7 +102,6 @@ int main(int argc, char** argv)
if (username == 0)
{
printf("%s: no username specified\n", *argv);
- reenable_echo();
sleep(ERROR_SLEEP);
return 2;
}
@@ -130,6 +131,15 @@ int main(int argc, char** argv)
/* Get user information */
+ if ((entry = getpwnam(username)) == NULL)
+ {
+ if (errno)
+ perror("getpwnam");
+ else
+ printf("User does not exist\n");
+ sleep(ERROR_SLEEP);
+ return 1;
+ }
/* Get the passphrase, if -f has not been used */
@@ -155,6 +165,13 @@ int main(int argc, char** argv)
/* Reset terminal settings */
reenable_echo();
+
+ /* TODO login */
+
+
+ /* Reset terminal ownership */
+ chown_tty(0, 0, 0);
+
return 0;
}
diff --git a/src/cerberus.h b/src/cerberus.h
index c2ea2af..1dbd029 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -20,6 +20,7 @@
#include <unistd.h>
#include <signal.h>
#include <pwd.h>
+#include <errno.h>
#include "passphrase.h"
#include "quit.h"
diff --git a/src/security.c b/src/security.c
index 04ec33d..1dc8c8c 100644
--- a/src/security.c
+++ b/src/security.c
@@ -19,36 +19,26 @@
#include "security.h"
-#ifndef TTY_PERM
-#define TTY_PERM 0600
-#endif
-
-#ifndef FAILURE_SLEEP
-#define FAILURE_SLEEP 5
-#endif
-
-
-#define fail(FUNC) ({ perror(#FUNC); sleep(FAILURE_SLEEP); _exit(1); })
-
+static inline void fail(char* str)
+{
+ perror(str);
+ sleep(FAILURE_SLEEP);
+ _exit(1);
+}
/**
* Secure the TTY from spying
*/
-void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
+void secure_tty(void)
{
struct termios tty;
struct termios saved_tty;
char* tty_device;
int fd, i;
- /* Take owner ship of this TTY */
- if (fchown(STDIN_FILENO, 0, 0))
- fail(fchown);
-
- /* Restrict others from using this TTY */
- if (fchmod(STDIN_FILENO, TTY_PERM))
- fail(fchmod);
+ /* Set ownership of this TTY to root:root */
+ chown_tty(0, 0, 1);
/* Get TTY name for last part of this functions */
tty_device = ttyname(STDIN_FILENO);
@@ -68,7 +58,7 @@ void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
/* Restore terminal and TTY modes */
fd = open(tty_device, O_RDWR | O_NONBLOCK);
if (fd == -1)
- fail(open);
+ fail("open");
fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK);
for (i = 0; i < fd; i++)
close(i);
@@ -80,3 +70,55 @@ void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
tcgetattr(STDIN_FILENO, &saved_tty);
}
+
+/**
+ * Set ownership and mode of the TTY
+ *
+ * @param owner The owner
+ * @param group The group
+ * @param with_fail Abort on failure
+ */
+void chown_tty(int owner, int group, int with_fail)
+{
+ struct vt_stat vtstat;
+
+ /* Set ownership of this TTY */
+ if (fchown(STDIN_FILENO, owner, group) && with_fail)
+ fail("fchown");
+
+ /* Restrict others from using this TTY */
+ if (fchmod(STDIN_FILENO, TTY_PERM) && with_fail)
+ fail("fchmod");
+
+ /* Also do the above for /dev/vcs[a][0-9]+ */
+ if (ioctl(STDIN_FILENO, VT_GETSTATE, &vtstat) == 0)
+ {
+ int n = vtstat.v_active;
+ char vcs[16];
+ char vcsa[16];
+
+ vcs += 16;
+ vcsa += 16;
+
+ if (n)
+ {
+ *--vcs = *--vcsa = 0;
+ while (n)
+ {
+ *--vcs = *--vcsa = (n % 10) + '0';
+ n /= 10;
+ }
+
+ vcs -= 8;
+ vcsa -= 9;
+ strcpy(vcs, "/dev/vcs");
+ strcpy(vcsa, "/dev/vcsa");
+
+ if (fchown(vcs, owner, group) && with_fail) fail("chown");
+ if (fchown(vcsa, owner, group) && with_fail) fail("chown");
+ if (fchmod(vcs, TTY_PERM) && with_fail) fail("chmod");
+ if (fchmod(vcsa, TTY_PERM) && with_fail) fail("chmod");
+ }
+ }
+}
+
diff --git a/src/security.h b/src/security.h
index 3e12af4..bbc0c4e 100644
--- a/src/security.h
+++ b/src/security.h
@@ -24,8 +24,26 @@
#include <signal.h>
+#ifndef TTY_PERM
+#define TTY_PERM 0600
+#endif
+
+#ifndef FAILURE_SLEEP
+#define FAILURE_SLEEP 5
+#endif
+
+
/**
* Secure the TTY from spying
*/
void secure_tty(void);
+/**
+ * Set ownership and mode of the TTY
+ *
+ * @param owner The owner
+ * @param group The group
+ * @param with_fail Abort on failure
+ */
+void chown_tty(int owner, int group, int with_fail);
+