m + take ownership of and chmod /dev/vcs and /dev/vcsa

Signed-off-by: Mattias Andrée <maandree@operamail.com>
author: Mattias Andrée <maandree@operamail.com> 2013-11-18 17:46:37 +0100
committer: Mattias Andrée <maandree@operamail.com> 2013-11-18 17:46:37 +0100
commit: ebf990469b79e97bf7046e9a96f20dcf7bec5d78 (patch)
tree: 1ec52a54cf10f852b3167cd77d5982f215b048f9 /src
parent: m (diff)
download: libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.gz
libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.bz2
libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.xz
4 files changed, 99 insertions, 21 deletions
diff --git a/src/cerberus.c b/src/cerberus.c
index d84ea50..ca4cf48 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -33,6 +33,8 @@ int main(int argc, char** argv)
   char* passphrase = NULL;
   char preserve_env = 0;
   char skip_auth = 0;
+  struct passwd* entry;
+  
   
   /* Disable echoing */
   disable_echo();
@@ -100,7 +102,6 @@ int main(int argc, char** argv)
   if (username == 0)
     {
       printf("%s: no username specified\n", *argv);
-      reenable_echo();
       sleep(ERROR_SLEEP);
       return 2;
     }
@@ -130,6 +131,15 @@ int main(int argc, char** argv)
   
   
   /* Get user information */
+  if ((entry = getpwnam(username)) == NULL)
+    {
+      if (errno)
+	perror("getpwnam");
+      else
+	printf("User does not exist\n");
+      sleep(ERROR_SLEEP);
+      return 1;
+    }
   
   
   /* Get the passphrase, if -f has not been used */
@@ -155,6 +165,13 @@ int main(int argc, char** argv)
   /* Reset terminal settings */
   reenable_echo();
   
+  
+  /* TODO login */
+  
+  
+  /* Reset terminal ownership */
+  chown_tty(0, 0, 0);
+  
   return 0;
 }
 
diff --git a/src/cerberus.h b/src/cerberus.h
index c2ea2af..1dbd029 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -20,6 +20,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <pwd.h>
+#include <errno.h>
 
 #include "passphrase.h"
 #include "quit.h"
diff --git a/src/security.c b/src/security.c
index 04ec33d..1dc8c8c 100644
--- a/src/security.c
+++ b/src/security.c
@@ -19,36 +19,26 @@
 #include "security.h"
 
 
-#ifndef TTY_PERM
-#define TTY_PERM  0600
-#endif
-
-#ifndef FAILURE_SLEEP
-#define FAILURE_SLEEP  5
-#endif
-
-
-#define fail(FUNC)  ({ perror(#FUNC); sleep(FAILURE_SLEEP); _exit(1); })
-
+static inline void fail(char* str)
+{
+  perror(str);
+  sleep(FAILURE_SLEEP);
+  _exit(1);
+}
 
 
 /**
  * Secure the TTY from spying
  */
-void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
+void secure_tty(void)
 {
   struct termios tty;
   struct termios saved_tty;
   char* tty_device;
   int fd, i;
   
-  /* Take owner ship of this TTY */
-  if (fchown(STDIN_FILENO, 0, 0))
-    fail(fchown);
-  
-  /* Restrict others from using this TTY */
-  if (fchmod(STDIN_FILENO, TTY_PERM))
-    fail(fchmod);
+  /* Set ownership of this TTY to root:root */
+  chown_tty(0, 0, 1);
   
   /* Get TTY name for last part of this functions */
   tty_device = ttyname(STDIN_FILENO);
@@ -68,7 +58,7 @@ void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
   /* Restore terminal and TTY modes */
   fd = open(tty_device, O_RDWR | O_NONBLOCK);
   if (fd == -1)
-    fail(open);
+    fail("open");
   fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK);
   for (i = 0; i < fd; i++)
     close(i);
@@ -80,3 +70,55 @@ void secure_tty(void) /* TODO /dev/vcs[a][0-9]+ */
   tcgetattr(STDIN_FILENO, &saved_tty);
 }
 
+
+/**
+ * Set ownership and mode of the TTY
+ * 
+ * @param  owner      The owner
+ * @param  group      The group
+ * @param  with_fail  Abort on failure
+ */
+void chown_tty(int owner, int group, int with_fail) 
+{
+  struct vt_stat vtstat;
+  
+  /* Set ownership of this TTY */
+  if (fchown(STDIN_FILENO, owner, group) && with_fail)
+    fail("fchown");
+  
+  /* Restrict others from using this TTY */
+  if (fchmod(STDIN_FILENO, TTY_PERM) && with_fail)
+    fail("fchmod");
+  
+  /* Also do the above for /dev/vcs[a][0-9]+ */
+  if (ioctl(STDIN_FILENO, VT_GETSTATE, &vtstat) == 0)
+    {
+      int n = vtstat.v_active;
+      char vcs[16];
+      char vcsa[16];
+      
+      vcs += 16;
+      vcsa += 16;
+      
+      if (n)
+	{
+	  *--vcs = *--vcsa = 0;
+	  while (n)
+	    {
+	      *--vcs = *--vcsa = (n % 10) + '0';
+	      n /= 10;
+	    }
+	  
+	  vcs -= 8;
+	  vcsa -= 9;
+	  strcpy(vcs,  "/dev/vcs");
+	  strcpy(vcsa, "/dev/vcsa");
+	  
+	  if (fchown(vcs,  owner, group) && with_fail)  fail("chown");
+	  if (fchown(vcsa, owner, group) && with_fail)  fail("chown");
+	  if (fchmod(vcs,  TTY_PERM) && with_fail)  fail("chmod");
+	  if (fchmod(vcsa, TTY_PERM) && with_fail)  fail("chmod");
+	}
+    }
+}
+
diff --git a/src/security.h b/src/security.h
index 3e12af4..bbc0c4e 100644
--- a/src/security.h
+++ b/src/security.h
@@ -24,8 +24,26 @@
 #include <signal.h>
 
 
+#ifndef TTY_PERM
+#define TTY_PERM  0600
+#endif
+
+#ifndef FAILURE_SLEEP
+#define FAILURE_SLEEP  5
+#endif
+
+
 /**
  * Secure the TTY from spying
  */
 void secure_tty(void);
 
+/**
+ * Set ownership and mode of the TTY
+ * 
+ * @param  owner      The owner
+ * @param  group      The group
+ * @param  with_fail  Abort on failure
+ */
+void chown_tty(int owner, int group, int with_fail);
+
author	Mattias Andrée <maandree@operamail.com>	2013-11-18 17:46:37 +0100
committer	Mattias Andrée <maandree@operamail.com>	2013-11-18 17:46:37 +0100
commit	ebf990469b79e97bf7046e9a96f20dcf7bec5d78 (patch)
tree	1ec52a54cf10f852b3167cd77d5982f215b048f9 /src
parent	m (diff)
download	libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.gz libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.bz2 libpassphrase-ebf990469b79e97bf7046e9a96f20dcf7bec5d78.tar.xz