aboutsummaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rw-r--r--bin/Makefile6
-rw-r--r--bin/worker.c19
-rw-r--r--bin/ykfde-cpio.c18
-rw-r--r--bin/ykfde.c41
4 files changed, 58 insertions, 26 deletions
diff --git a/bin/Makefile b/bin/Makefile
index 1af9e16..67d3066 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -11,13 +11,13 @@ LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie
all: worker ykfde ykfde-cpio
worker: worker.c ../config.h
- $(CC) $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) $(LDFLAGS) -o worker worker.c
+ $(CC) worker.c $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) $(LDFLAGS) -o worker
ykfde: ykfde.c ../config.h ../version.h
- $(CC) $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) -lcryptsetup $(LDFLAGS) -o ykfde ykfde.c
+ $(CC) ykfde.c $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) -lcryptsetup $(LDFLAGS) -o ykfde
ykfde-cpio: ykfde-cpio.c ../config.h ../version.h
- $(CC) $(CFLAGS) -larchive $(LDFLAGS) -o ykfde-cpio ykfde-cpio.c
+ $(CC) ykfde-cpio.c $(CFLAGS) -larchive $(LDFLAGS) -o ykfde-cpio
install: worker ykfde ykfde-cpio
$(INSTALL) -D -m0755 worker $(DESTDIR)/usr/lib/ykfde/worker
diff --git a/bin/worker.c b/bin/worker.c
index 6a81570..81dc68f 100644
--- a/bin/worker.c
+++ b/bin/worker.c
@@ -1,14 +1,19 @@
/*
- * (C) 2014-2019 by Christian Hesse <mail@eworm.de>
+ * (C) 2014-2024 by Christian Hesse <mail@eworm.de>
*
- * This software may be used and distributed according to the terms
- * of the GNU General Public License, incorporated herein by reference.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
*
- * compile with:
- * $ gcc -o ykfde ykfde.c -liniparser -lkeyutils -lykpers-1 -lyubikey
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
*
- * test with:
- * $ systemd-ask-password --no-tty "Please enter passphrase for disk foobar..."
*/
#include <dirent.h>
diff --git a/bin/ykfde-cpio.c b/bin/ykfde-cpio.c
index 9e37d8a..8154b47 100644
--- a/bin/ykfde-cpio.c
+++ b/bin/ykfde-cpio.c
@@ -1,11 +1,19 @@
/*
- * (C) 2014-2019 by Christian Hesse <mail@eworm.de>
+ * (C) 2014-2024 by Christian Hesse <mail@eworm.de>
*
- * This software may be used and distributed according to the terms
- * of the GNU General Public License, incorporated herein by reference.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
*
- * compile with:
- * $ gcc -o ykfde-cpio ykfde-cpio.c -larchive
*/
#include <dirent.h>
diff --git a/bin/ykfde.c b/bin/ykfde.c
index 9cbf01c..682e05c 100644
--- a/bin/ykfde.c
+++ b/bin/ykfde.c
@@ -1,13 +1,23 @@
/*
- * (C) 2014-2019 by Christian Hesse <mail@eworm.de>
+ * (C) 2014-2024 by Christian Hesse <mail@eworm.de>
*
- * This software may be used and distributed according to the terms
- * of the GNU General Public License, incorporated herein by reference.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
*
- * compile with:
- * $ gcc -o ykfde ykfde.c -lcryptsetup -liniparser -lkeyutils -lykpers-1 -lyubikey
*/
+#define _GNU_SOURCE
+
#include <fcntl.h>
#include <getopt.h>
#include <stdio.h>
@@ -294,7 +304,7 @@ int main(int argc, char **argv) {
We generate an array of unsigned int, the use modulo to limit to printable
ASCII characters (32 to 127). */
if ((len = getrandom(challenge_int, CHALLENGELEN * sizeof(unsigned int), GRND_RANDOM|GRND_NONBLOCK)) != CHALLENGELEN * sizeof(unsigned int))
- getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0);
+ len += getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0);
for (i = 0; i < CHALLENGELEN; i++)
challenge_new[i] = (challenge_int[i] % (127 - 32)) + 32;
@@ -312,6 +322,10 @@ int main(int argc, char **argv) {
fprintf(stderr, "Failed to write challenge to file.\n");
goto out50;
}
+ if (fsync(challengefiletmp) < 0) {
+ fprintf(stderr, "Failed to sync file to disk.\n");
+ goto out50;
+ }
challengefiletmp = close(challengefiletmp);
/* now that the new challenge has been written to file...
@@ -383,7 +397,12 @@ int main(int argc, char **argv) {
goto out60;
}
- if (unlink(challengefilename) < 0) {
+ if (renameat2(AT_FDCWD, challengefiletmpname, AT_FDCWD, challengefilename, RENAME_EXCHANGE) < 0) {
+ fprintf(stderr, "Failed to rename (exchange) challenge files.\n");
+ goto out60;
+ }
+
+ if (unlink(challengefiletmpname) < 0) {
fprintf(stderr, "Failed to delete old challenge file.\n");
goto out60;
}
@@ -397,11 +416,11 @@ int main(int argc, char **argv) {
fprintf(stderr, "Could not add passphrase for key slot %d.\n", luks_slot);
goto out60;
}
- }
- if (rename(challengefiletmpname, challengefilename) < 0) {
- fprintf(stderr, "Failed to rename new challenge file.\n");
- goto out60;
+ if (rename(challengefiletmpname, challengefilename) < 0) {
+ fprintf(stderr, "Failed to rename new challenge file.\n");
+ goto out60;
+ }
}
sd_notify(0, "READY=1\nSTATUS=All done.");