tty-ask-password-agent.c revision bc2708414babc5c99bb8000e63c84e87606cc15d
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <stdbool.h>
#include <errno.h>
#include <string.h>
#include <stddef.h>
#include <unistd.h>
#include <getopt.h>
#include <sys/signalfd.h>
#include <fcntl.h>
#include "util.h"
#include "mkdir.h"
#include "path-util.h"
#include "conf-parser.h"
#include "utmp-wtmp.h"
#include "socket-util.h"
#include "ask-password-api.h"
#include "strv.h"
#include "build.h"
static enum {
} arg_action = ACTION_QUERY;
static bool arg_plymouth = false;
static bool arg_console = false;
static int ask_password_plymouth(
const char *message,
const char *flag_file,
bool accept_cached,
char ***_passphrases) {
union sockaddr_union sa;
ssize_t k;
int r, n;
size_t p = 0;
enum {
};
if (flag_file) {
r = -errno;
goto finish;
}
r = -errno;
goto finish;
}
}
r = -errno;
goto finish;
}
if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
log_error("Failed to connect to Plymouth: %m");
r = -errno;
goto finish;
}
if (accept_cached) {
n = 1;
} else
if (!packet) {
r = -ENOMEM;
goto finish;
}
r = k < 0 ? (int) k : -EIO;
goto finish;
}
for (;;) {
int sleep_for = -1, j;
if (until > 0) {
usec_t y;
y = now(CLOCK_MONOTONIC);
if (y > until) {
r = -ETIME;
goto finish;
}
}
if (flag_file)
r = -errno;
goto finish;
}
continue;
r = -errno;
goto finish;
} else if (j == 0) {
r = -ETIME;
goto finish;
}
continue;
goto finish;
}
p += k;
if (p < 1)
continue;
if (buffer[0] == 5) {
if (accept_cached) {
/* Hmm, first try with cached
* passwords failed, so let's retry
* with a normal password request */
r = -ENOMEM;
goto finish;
}
r = k < 0 ? (int) k : -EIO;
goto finish;
}
accept_cached = false;
p = 0;
continue;
}
/* No password, because UI not shown */
r = -ENOENT;
goto finish;
char **l;
/* One ore more answers */
if (p < 5)
continue;
r = -EIO;
goto finish;
}
if (p-5 < size)
continue;
r = -ENOMEM;
goto finish;
}
*_passphrases = l;
break;
} else {
/* Unknown packet */
r = -EIO;
goto finish;
}
}
r = 0;
if (notify >= 0)
if (fd >= 0)
return r;
}
unsigned pid = 0;
int socket_fd = -1;
bool accept_cached = false;
const ConfigTableItem items[] = {
};
FILE *f;
int r;
if (!f) {
return 0;
return -errno;
}
if (r < 0) {
goto finish;
}
if (!socket_name) {
r = -EBADMSG;
goto finish;
}
if (not_after > 0) {
r = 0;
goto finish;
}
}
if (pid > 0 &&
r = 0;
goto finish;
}
if (arg_action == ACTION_LIST)
else if (arg_action == ACTION_WALL) {
char *_wall;
"%s%sPassword entry required for \'%s\' (PID %u).\r\n"
"Please enter password with the systemd-tty-ask-password-agent tool!",
pid) < 0) {
r = log_oom();
goto finish;
}
} else {
union {
struct sockaddr_un un;
} sa;
size_t packet_length = 0;
arg_action == ACTION_WATCH);
if (arg_action == ACTION_QUERY)
r = 0;
goto finish;
}
if (arg_plymouth) {
char **p;
packet_length = 1;
r = -ENOMEM;
else {
char *d;
packet[0] = '+';
d = packet+1;
d = stpcpy(d, *p) + 1;
}
}
} else {
int tty_fd = -1;
char *password;
if (arg_console)
r = tty_fd;
goto finish;
}
if (arg_console) {
}
if (r >= 0) {
r = -ENOMEM;
else {
packet[0] = '+';
}
}
}
/* If the query went away, that's OK */
r = 0;
goto finish;
}
if (r < 0) {
goto finish;
}
log_error("socket(): %m");
r = -errno;
goto finish;
}
if (sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
log_error("Failed to send: %m");
r = -errno;
goto finish;
}
}
fclose(f);
if (socket_fd >= 0)
return r;
}
static int wall_tty_block(void) {
char *p;
int fd, r;
r = get_ctty_devnr(0, &devnr);
if (r < 0)
return -r;
return -ENOMEM;
mkdir_parents_label(p, 0700);
mkfifo(p, 0600);
free(p);
if (fd < 0)
return -errno;
return fd;
}
static bool wall_tty_match(const char *path) {
int fd, k;
char *p;
if (path_is_absolute(path))
else {
return true;
free(p);
}
if (k < 0)
return true;
return true;
/* We use named pipes to ensure that wall messages suggesting
* password entry are not printed over password prompts
* already shown. We use the fact here that opening a pipe in
* non-blocking mode for write-only will succeed only if
* there's some writer behind it. Using pipes has the
* advantage that the block will automatically go away if the
* process dies. */
if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0)
return true;
free(p);
if (fd < 0)
return true;
/* What, we managed to open the pipe? Then this tty is filtered. */
return false;
}
static int show_passwords(void) {
DIR *d;
int r = 0;
if (!(d = opendir("/run/systemd/ask-password"))) {
return 0;
log_error("opendir(): %m");
return -errno;
}
char *p;
int q;
char *wall;
/* We only support /dev on tmpfs, hence we can rely on
* d_type to be reliable */
continue;
continue;
continue;
r = log_oom();
goto finish;
}
if ((q = parse_password(p, &wall)) < 0)
r = q;
free(p);
if (wall) {
}
}
if (d)
closedir(d);
return r;
}
static int watch_passwords(void) {
enum {
};
int r;
r = -errno;
goto finish;
}
r = -errno;
goto finish;
}
log_error("signalfd(): %m");
r = -errno;
goto finish;
}
for (;;) {
if ((r = show_passwords()) < 0)
continue;
r = -errno;
goto finish;
}
break;
}
r = 0;
if (notify >= 0)
if (signal_fd >= 0)
if (tty_block_fd >= 0)
return r;
}
static int help(void) {
printf("%s [OPTIONS...]\n\n"
"Process system password requests.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --list Show pending password requests\n"
" --query Process pending password requests\n"
" --watch Continuously process password requests\n"
" --wall Continuously forward password requests to wall\n"
" --plymouth Ask question with Plymouth instead of on TTY\n"
return 0;
}
enum {
ARG_LIST = 0x100,
};
};
int c;
switch (c) {
case 'h':
help();
return 0;
case ARG_VERSION:
return 0;
case ARG_LIST:
break;
case ARG_QUERY:
break;
case ARG_WATCH:
break;
case ARG_WALL:
break;
case ARG_PLYMOUTH:
arg_plymouth = true;
break;
case ARG_CONSOLE:
arg_console = true;
break;
case '?':
return -EINVAL;
default:
log_error("Unknown option code %c", c);
return -EINVAL;
}
}
help();
return -EINVAL;
}
return 1;
}
int r;
log_open();
umask(0022);
goto finish;
if (arg_console) {
setsid();
}
if (arg_action == ACTION_WATCH ||
r = watch_passwords();
else
r = show_passwords();
if (r < 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}