diff options
Diffstat (limited to 'bin')
-rw-r--r-- | bin/Makefile | 6 | ||||
-rw-r--r-- | bin/worker.c | 19 | ||||
-rw-r--r-- | bin/ykfde-cpio.c | 18 | ||||
-rw-r--r-- | bin/ykfde.c | 41 |
4 files changed, 58 insertions, 26 deletions
diff --git a/bin/Makefile b/bin/Makefile index 1af9e16..67d3066 100644 --- a/bin/Makefile +++ b/bin/Makefile @@ -11,13 +11,13 @@ LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie all: worker ykfde ykfde-cpio worker: worker.c ../config.h - $(CC) $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) $(LDFLAGS) -o worker worker.c + $(CC) worker.c $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) $(LDFLAGS) -o worker ykfde: ykfde.c ../config.h ../version.h - $(CC) $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) -lcryptsetup $(LDFLAGS) -o ykfde ykfde.c + $(CC) ykfde.c $(CFLAGS) $(CFLAGS_YUBIKEY) $(CFLAGS_SYSTEMD) -lcryptsetup $(LDFLAGS) -o ykfde ykfde-cpio: ykfde-cpio.c ../config.h ../version.h - $(CC) $(CFLAGS) -larchive $(LDFLAGS) -o ykfde-cpio ykfde-cpio.c + $(CC) ykfde-cpio.c $(CFLAGS) -larchive $(LDFLAGS) -o ykfde-cpio install: worker ykfde ykfde-cpio $(INSTALL) -D -m0755 worker $(DESTDIR)/usr/lib/ykfde/worker diff --git a/bin/worker.c b/bin/worker.c index 6a81570..81dc68f 100644 --- a/bin/worker.c +++ b/bin/worker.c @@ -1,14 +1,19 @@ /* - * (C) 2014-2019 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * - * This software may be used and distributed according to the terms - * of the GNU General Public License, incorporated herein by reference. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. * - * compile with: - * $ gcc -o ykfde ykfde.c -liniparser -lkeyutils -lykpers-1 -lyubikey + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. * - * test with: - * $ systemd-ask-password --no-tty "Please enter passphrase for disk foobar..." */ #include <dirent.h> diff --git a/bin/ykfde-cpio.c b/bin/ykfde-cpio.c index 9e37d8a..8154b47 100644 --- a/bin/ykfde-cpio.c +++ b/bin/ykfde-cpio.c @@ -1,11 +1,19 @@ /* - * (C) 2014-2019 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * - * This software may be used and distributed according to the terms - * of the GNU General Public License, incorporated herein by reference. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. * - * compile with: - * $ gcc -o ykfde-cpio ykfde-cpio.c -larchive */ #include <dirent.h> diff --git a/bin/ykfde.c b/bin/ykfde.c index 9cbf01c..682e05c 100644 --- a/bin/ykfde.c +++ b/bin/ykfde.c @@ -1,13 +1,23 @@ /* - * (C) 2014-2019 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * - * This software may be used and distributed according to the terms - * of the GNU General Public License, incorporated herein by reference. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. * - * compile with: - * $ gcc -o ykfde ykfde.c -lcryptsetup -liniparser -lkeyutils -lykpers-1 -lyubikey */ +#define _GNU_SOURCE + #include <fcntl.h> #include <getopt.h> #include <stdio.h> @@ -294,7 +304,7 @@ int main(int argc, char **argv) { We generate an array of unsigned int, the use modulo to limit to printable ASCII characters (32 to 127). */ if ((len = getrandom(challenge_int, CHALLENGELEN * sizeof(unsigned int), GRND_RANDOM|GRND_NONBLOCK)) != CHALLENGELEN * sizeof(unsigned int)) - getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0); + len += getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0); for (i = 0; i < CHALLENGELEN; i++) challenge_new[i] = (challenge_int[i] % (127 - 32)) + 32; @@ -312,6 +322,10 @@ int main(int argc, char **argv) { fprintf(stderr, "Failed to write challenge to file.\n"); goto out50; } + if (fsync(challengefiletmp) < 0) { + fprintf(stderr, "Failed to sync file to disk.\n"); + goto out50; + } challengefiletmp = close(challengefiletmp); /* now that the new challenge has been written to file... @@ -383,7 +397,12 @@ int main(int argc, char **argv) { goto out60; } - if (unlink(challengefilename) < 0) { + if (renameat2(AT_FDCWD, challengefiletmpname, AT_FDCWD, challengefilename, RENAME_EXCHANGE) < 0) { + fprintf(stderr, "Failed to rename (exchange) challenge files.\n"); + goto out60; + } + + if (unlink(challengefiletmpname) < 0) { fprintf(stderr, "Failed to delete old challenge file.\n"); goto out60; } @@ -397,11 +416,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Could not add passphrase for key slot %d.\n", luks_slot); goto out60; } - } - if (rename(challengefiletmpname, challengefilename) < 0) { - fprintf(stderr, "Failed to rename new challenge file.\n"); - goto out60; + if (rename(challengefiletmpname, challengefilename) < 0) { + fprintf(stderr, "Failed to rename new challenge file.\n"); + goto out60; + } } sd_notify(0, "READY=1\nSTATUS=All done."); |