ask-password-api.c revision e287086b8aa2558356af225a12d9bfea8e7d61ca
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <fcntl.h>
#include <poll.h>
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
#include <sys/signalfd.h>
#include <termios.h>
#include <unistd.h>
#include "formats-util.h"
#include "missing.h"
#include "mkdir.h"
#include "random-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "util.h"
#include "ask-password-api.h"
if (serial == -1)
return -errno;
return 0;
}
_cleanup_free_ char *p = NULL;
long m = 100, n;
char **l;
for (;;) {
p = new(char, m);
if (!p)
return -ENOMEM;
if (n < 0)
return -errno;
if (n < m)
break;
free(p);
m *= 2;
}
l = strv_parse_nulstr(p, n);
if (!l)
return -ENOMEM;
*ret = l;
return 0;
}
_cleanup_strv_free_ char **l = NULL;
_cleanup_free_ char *p = NULL;
size_t n;
int r;
if (!(flags & ASK_PASSWORD_PUSH_CACHE))
return 0;
if (r >= 0) {
r = retrieve_key(serial, &l);
if (r < 0)
return r;
} else if (r != -ENOKEY)
return r;
r = strv_extend_strv(&l, passwords, true);
if (r <= 0)
return r;
r = strv_make_nulstr(l, &p, &n);
if (r < 0)
return r;
/* Truncate trailing NUL */
assert(n > 0);
assert(p[n-1] == 0);
if (serial == -1)
return -errno;
if (keyctl(KEYCTL_SET_TIMEOUT,
(unsigned long) serial,
return 1;
}
int r;
if (r < 0)
return log_debug_errno(r, "Failed to add password to keyring: %m");
return 0;
}
int r;
if (!(flags & ASK_PASSWORD_ACCEPT_CACHED))
return -EUNATCH;
if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */
return -ENOKEY;
if (r < 0)
return r;
}
if (ttyfd < 0)
return;
while (p > 0) {
p--;
}
}
int ask_password_tty(
const char *message,
const char *keyname,
const char *flag_file,
char **ret) {
char passphrase[LINE_MAX], *x;
size_t p = 0;
int r;
bool reset_tty = false;
bool dirty = false;
enum {
};
if (flags & ASK_PASSWORD_NO_TTY)
return -EUNATCH;
if (!message)
message = "Password:";
if (flag_file) {
if (notify < 0) {
r = -errno;
goto finish;
}
r = -errno;
goto finish;
}
}
if (ttyfd >= 0) {
r = -errno;
goto finish;
}
r = -errno;
goto finish;
}
reset_tty = true;
}
for (;;) {
char c;
int sleep_for = -1, k;
ssize_t n;
if (until > 0) {
usec_t y;
y = now(CLOCK_MONOTONIC);
if (y > until) {
r = -ETIME;
goto finish;
}
}
if (flag_file)
r = -errno;
goto finish;
}
if (k < 0) {
continue;
r = -errno;
goto finish;
} else if (k == 0) {
r = -ETIME;
goto finish;
}
continue;
if (n < 0) {
continue;
r = -errno;
goto finish;
} else if (n == 0)
break;
if (c == '\n')
break;
else if (c == 21) { /* C-u */
if (!(flags & ASK_PASSWORD_SILENT))
backspace_chars(ttyfd, p);
p = 0;
} else if (c == '\b' || c == 127) {
if (p > 0) {
if (!(flags & ASK_PASSWORD_SILENT))
p--;
/* There are two ways to enter silent
* mode. Either by pressing backspace
* as first key (and only as first
* key), or ... */
if (ttyfd >= 0)
} else if (ttyfd >= 0)
backspace_chars(ttyfd, p);
/* ... or by pressing TAB at any time. */
if (ttyfd >= 0)
} else {
if (p >= sizeof(passphrase)-1) {
continue;
}
passphrase[p++] = c;
dirty = true;
}
}
x = strndup(passphrase, p);
if (!x) {
r = -ENOMEM;
goto finish;
}
if (keyname)
*ret = x;
r = 0;
}
return r;
}
static int create_socket(char **name) {
union sockaddr_union sa = {
};
static const int one = 1;
char *c;
int r;
if (fd < 0)
return -errno;
snprintf(sa.un.sun_path, sizeof(sa.un.sun_path)-1, "/run/systemd/ask-password/sck.%" PRIx64, random_u64());
RUN_WITH_UMASK(0177) {
return -errno;
}
return -errno;
if (!c)
return -ENOMEM;
*name = c;
r = fd;
fd = -1;
return r;
}
int ask_password_agent(
const char *message,
const char *icon,
const char *id,
const char *keyname,
char ***ret) {
enum {
};
char temp[] = "/run/systemd/ask-password/tmp.XXXXXX";
_cleanup_strv_free_ char **l = NULL;
int r;
if (flags & ASK_PASSWORD_NO_AGENT)
return -EUNATCH;
if (fd < 0) {
r = -errno;
goto finish;
}
if (!f) {
r = -errno;
goto finish;
}
fd = -1;
if (signal_fd < 0) {
r = -errno;
goto finish;
}
if (socket_fd < 0) {
r = socket_fd;
goto finish;
}
fprintf(f,
"[Ask]\n"
"Socket=%s\n"
"AcceptCached=%i\n"
"Echo=%i\n"
getpid(),
until);
if (message)
if (icon)
if (id)
r = fflush_and_check(f);
if (r < 0)
goto finish;
r = -errno;
goto finish;
}
for (;;) {
union {
} control;
ssize_t n;
int k;
usec_t t;
t = now(CLOCK_MONOTONIC);
r = -ETIME;
goto finish;
}
if (k < 0) {
continue;
r = -errno;
goto finish;
}
if (k <= 0) {
r = -ETIME;
goto finish;
}
r = -EINTR;
goto finish;
}
r = -EIO;
goto finish;
}
if (n < 0) {
continue;
r = -errno;
goto finish;
}
if (n <= 0) {
log_debug("Message too short");
continue;
}
log_debug("Received message without credentials. Ignoring.");
continue;
}
log_debug("Got request from unprivileged user. Ignoring.");
continue;
}
if (passphrase[0] == '+') {
/* An empty message refers to the empty password */
if (n == 1)
else
if (!l) {
r = -ENOMEM;
goto finish;
}
if (strv_length(l) <= 0) {
l = strv_free(l);
log_debug("Invalid packet");
continue;
}
break;
}
if (passphrase[0] == '-') {
r = -ECANCELED;
goto finish;
}
log_debug("Invalid packet");
}
if (keyname)
*ret = l;
l = NULL;
r = 0;
if (socket_name)
(void) unlink(socket_name);
if (final[0])
return r;
}
int ask_password_auto(
const char *message,
const char *icon,
const char *id,
const char *keyname,
char ***ret) {
int r;
if (r != -ENOKEY)
return r;
}
if (r < 0)
return r;
r = strv_consume(&l, s);
if (r < 0)
return -ENOMEM;
*ret = l;
return 0;
}
if (!(flags & ASK_PASSWORD_NO_AGENT))
return -EUNATCH;
}