tty-ask-password-agent.c revision a09561746f15b84da9471b5c4be74e53d19e4f3f
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <poll.h>
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
#include <sys/signalfd.h>
#include <unistd.h>
#include "ask-password-api.h"
#include "conf-parser.h"
#include "def.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "io-util.h"
#include "mkdir.h"
#include "path-util.h"
#include "process-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "util.h"
#include "utmp-wtmp.h"
static enum {
} arg_action = ACTION_QUERY;
static bool arg_plymouth = false;
static bool arg_console = false;
static int ask_password_plymouth(
const char *message,
const char *flag_file,
char ***ret) {
ssize_t k;
int r, n;
size_t p = 0;
enum {
};
if (flag_file) {
if (notify < 0)
return -errno;
if (r < 0)
return -errno;
}
if (fd < 0)
return -errno;
if (r < 0)
return -errno;
if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
n = 1;
if (!packet)
return -ENOMEM;
if (r < 0)
return r;
for (;;) {
int sleep_for = -1, j;
if (until > 0) {
usec_t y;
y = now(CLOCK_MONOTONIC);
if (y > until) {
r = -ETIME;
goto finish;
}
}
r = -errno;
goto finish;
}
if (j < 0) {
continue;
r = -errno;
goto finish;
} else if (j == 0) {
r = -ETIME;
goto finish;
}
continue;
if (k < 0) {
continue;
r = -errno;
goto finish;
} else if (k == 0) {
r = -EIO;
goto finish;
}
p += k;
if (p < 1)
continue;
if (buffer[0] == 5) {
if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
/* Hmm, first try with cached
* passwords failed, so let's retry
* with a normal password request */
r = -ENOMEM;
goto finish;
}
if (r < 0)
goto finish;
p = 0;
continue;
}
/* No password, because UI not shown */
r = -ENOENT;
goto finish;
char **l;
/* One or more answers */
if (p < 5)
continue;
r = -EIO;
goto finish;
}
if (p-5 < size)
continue;
if (!l) {
r = -ENOMEM;
goto finish;
}
*ret = l;
break;
} else {
/* Unknown packet */
r = -EIO;
goto finish;
}
}
r = 0;
return r;
}
bool accept_cached = false, echo = false;
size_t packet_length = 0;
unsigned pid = 0;
const ConfigTableItem items[] = {
{}
};
int r;
NULL,
true, false, true, NULL);
if (r < 0)
return r;
if (!socket_name) {
return -EBADMSG;
}
return 0;
return 0;
if (arg_action == ACTION_LIST)
else if (arg_action == ACTION_WALL) {
char *_wall;
"%s%sPassword entry required for \'%s\' (PID %u).\r\n"
"Please enter password with the systemd-tty-ask-password-agent tool!",
pid) < 0)
return log_oom();
} else {
union sockaddr_union sa = {};
arg_action == ACTION_WATCH);
if (arg_action == ACTION_QUERY)
return 0;
}
if (arg_plymouth) {
r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
if (r >= 0) {
char **p;
packet_length = 1;
if (!packet)
r = -ENOMEM;
else {
char *d = packet + 1;
d = stpcpy(d, *p) + 1;
packet[0] = '+';
}
}
} else {
int tty_fd = -1;
if (arg_console) {
if (tty_fd < 0)
r = reset_terminal_fd(tty_fd, true);
if (r < 0)
log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
}
if (arg_console) {
}
if (r >= 0) {
if (!packet)
r = -ENOMEM;
else {
packet[0] = '+';
}
}
}
/* If the query went away, that's OK */
r = 0;
goto finish;
}
if (r < 0) {
log_error_errno(r, "Failed to query password: %m");
goto finish;
}
if (socket_fd < 0) {
goto finish;
}
r = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name));
if (r < 0)
}
return 0;
return r;
}
static int wall_tty_block(void) {
_cleanup_free_ char *p = NULL;
int fd, r;
r = get_ctty_devnr(0, &devnr);
if (r == -ENXIO) /* We have no controlling tty */
return -ENOTTY;
if (r < 0)
return log_error_errno(r, "Failed to get controlling TTY: %m");
return log_oom();
mkdir_parents_label(p, 0700);
mkfifo(p, 0600);
if (fd < 0)
return fd;
}
_cleanup_free_ char *p = NULL;
if (!path_is_absolute(path))
return true;
}
return true;
}
/* We use named pipes to ensure that wall messages suggesting
* password entry are not printed over password prompts
* already shown. We use the fact here that opening a pipe in
* non-blocking mode for write-only will succeed only if
* there's some writer behind it. Using pipes has the
* advantage that the block will automatically go away if the
* process dies. */
if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0) {
log_oom();
return true;
}
if (fd < 0) {
return 1;
}
/* What, we managed to open the pipe? Then this tty is filtered. */
return 0;
}
static int show_passwords(void) {
int r = 0;
d = opendir("/run/systemd/ask-password");
if (!d) {
return 0;
}
int q;
/* We only support /dev on tmpfs, hence we can rely on
* d_type to be reliable */
continue;
continue;
continue;
if (!p)
return log_oom();
q = parse_password(p, &wall);
if (q < 0 && r == 0)
r = q;
if (wall)
}
return r;
}
static int watch_passwords(void) {
enum {
};
int r;
if (notify < 0)
if (signal_fd < 0)
for (;;) {
r = show_passwords();
if (r < 0)
log_error_errno(r, "Failed to show password: %m");
continue;
return -errno;
}
break;
}
return 0;
}
static void help(void) {
printf("%s [OPTIONS...]\n\n"
"Process system password requests.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --list Show pending password requests\n"
" --query Process pending password requests\n"
" --watch Continuously process password requests\n"
" --wall Continuously forward password requests to wall\n"
" --plymouth Ask question with Plymouth instead of on TTY\n"
}
enum {
ARG_LIST = 0x100,
};
{}
};
int c;
switch (c) {
case 'h':
help();
return 0;
case ARG_VERSION:
return version();
case ARG_LIST:
break;
case ARG_QUERY:
break;
case ARG_WATCH:
break;
case ARG_WALL:
break;
case ARG_PLYMOUTH:
arg_plymouth = true;
break;
case ARG_CONSOLE:
arg_console = true;
break;
case '?':
return -EINVAL;
default:
assert_not_reached("Unhandled option");
}
return -EINVAL;
}
return 1;
}
int r;
log_open();
umask(0022);
if (r <= 0)
goto finish;
if (arg_console) {
(void) setsid();
(void) release_terminal();
}
r = watch_passwords();
else
r = show_passwords();
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}