[thirdparty/systemd.git] / src / tty-ask-password-agent.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdbool.h>
#include <errno.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <stddef.h>
#include <sys/poll.h>
#include <sys/inotify.h>
#include <unistd.h>
#include <getopt.h>
#include <sys/signalfd.h>
#include <fcntl.h>

#include "util.h"
#include "conf-parser.h"
#include "utmp-wtmp.h"
#include "socket-util.h"
#include "ask-password-api.h"
#include "strv.h"

static enum {
        ACTION_LIST,
        ACTION_QUERY,
        ACTION_WATCH,
        ACTION_WALL
} arg_action = ACTION_QUERY;

static bool arg_plymouth = false;
static bool arg_console = false;

static int ask_password_plymouth(
                const char *message,
                usec_t until,
                const char *flag_file,
                bool accept_cached,
                char ***_passphrases) {

        int fd = -1, notify = -1;
        union sockaddr_union sa;
        char *packet = NULL;
        ssize_t k;
        int r, n;
        struct pollfd pollfd[2];
        char buffer[LINE_MAX];
        size_t p = 0;
        enum {
                POLL_SOCKET,
                POLL_INOTIFY
        };

        assert(_passphrases);

        if (flag_file) {
                if ((notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK)) < 0) {
                        r = -errno;
                        goto finish;
                }

                if (inotify_add_watch(notify, flag_file, IN_ATTRIB /* for the link count */) < 0) {
                        r = -errno;
                        goto finish;
                }
        }

        if ((fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) < 0) {
                r = -errno;
                goto finish;
        }

        zero(sa);
        sa.sa.sa_family = AF_UNIX;
        strncpy(sa.un.sun_path+1, "/org/freedesktop/plymouthd", sizeof(sa.un.sun_path)-1);
        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
                log_error("Failed to connect to Plymouth: %m");
                r = -errno;
                goto finish;
        }

        if (accept_cached) {
                packet = strdup("c");
                n = 1;
        } else
                asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n);

        if (!packet) {
                r = -ENOMEM;
                goto finish;
        }

        if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
                r = k < 0 ? (int) k : -EIO;
                goto finish;
        }

        zero(pollfd);
        pollfd[POLL_SOCKET].fd = fd;
        pollfd[POLL_SOCKET].events = POLLIN;
        pollfd[POLL_INOTIFY].fd = notify;
        pollfd[POLL_INOTIFY].events = POLLIN;

        for (;;) {
                int sleep_for = -1, j;

                if (until > 0) {
                        usec_t y;

                        y = now(CLOCK_MONOTONIC);

                        if (y > until) {
                                r = -ETIME;
                                goto finish;
                        }

                        sleep_for = (int) ((until - y) / USEC_PER_MSEC);
                }

                if (flag_file)
                        if (access(flag_file, F_OK) < 0) {
                                r = -errno;
                                goto finish;
                        }

                if ((j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for)) < 0) {

                        if (errno == EINTR)
                                continue;

                        r = -errno;
                        goto finish;
                } else if (j == 0) {
                        r = -ETIME;
                        goto finish;
                }

                if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
                        flush_fd(notify);

                if (pollfd[POLL_SOCKET].revents == 0)
                        continue;

                if ((k = read(fd, buffer + p, sizeof(buffer) - p)) <= 0) {
                        r = k < 0 ? -errno : -EIO;
                        goto finish;
                }

                p += k;

                if (p < 1)
                        continue;

                if (buffer[0] == 5) {

                        if (accept_cached) {
                                /* Hmm, first try with cached
                                 * passwords failed, so let's retry
                                 * with a normal password request */
                                free(packet);
                                packet = NULL;

                                if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
                                        r = -ENOMEM;
                                        goto finish;
                                }

                                if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
                                        r = k < 0 ? (int) k : -EIO;
                                        goto finish;
                                }

                                accept_cached = false;
                                p = 0;
                                continue;
                        }

                        /* No password, because UI not shown */
                        r = -ENOENT;
                        goto finish;

                } else if (buffer[0] == 2 || buffer[0] == 9) {
                        uint32_t size;
                        char **l;

                        /* One ore more answers */
                        if (p < 5)
                                continue;

                        memcpy(&size, buffer+1, sizeof(size));
                        size = le32toh(size);
                        if (size+5 > sizeof(buffer)) {
                                r = -EIO;
                                goto finish;
                        }

                        if (p-5 < size)
                                continue;

                        if (!(l = strv_parse_nulstr(buffer + 5, size))) {
                                r = -ENOMEM;
                                goto finish;
                        }

                        *_passphrases = l;
                        break;

                } else {
                        /* Unknown packet */
                        r = -EIO;
                        goto finish;
                }
        }

        r = 0;

finish:
        if (notify >= 0)
                close_nointr_nofail(notify);

        if (fd >= 0)
                close_nointr_nofail(fd);

        free(packet);

        return r;
}

static int parse_password(const char *filename, char **wall) {
        char *socket_name = NULL, *message = NULL, *packet = NULL;
        uint64_t not_after = 0;
        unsigned pid = 0;
        int socket_fd = -1;
        bool accept_cached = false;

        const ConfigTableItem items[] = {
                { "Ask", "Socket",       config_parse_string,   0, &socket_name   },
                { "Ask", "NotAfter",     config_parse_uint64,   0, &not_after     },
                { "Ask", "Message",      config_parse_string,   0, &message       },
                { "Ask", "PID",          config_parse_unsigned, 0, &pid           },
                { "Ask", "AcceptCached", config_parse_bool,     0, &accept_cached },
                { NULL, NULL, NULL, 0, NULL }
        };

        FILE *f;
        int r;

        assert(filename);

        f = fopen(filename, "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                log_error("open(%s): %m", filename);
                return -errno;
        }

        r = config_parse(filename, f, NULL, config_item_table_lookup, (void*) items, true, NULL);
        if (r < 0) {
                log_error("Failed to parse password file %s: %s", filename, strerror(-r));
                goto finish;
        }

        if (!socket_name) {
                log_error("Invalid password file %s", filename);
                r = -EBADMSG;
                goto finish;
        }

        if (not_after > 0) {
                if (now(CLOCK_MONOTONIC) > not_after) {
                        r = 0;
                        goto finish;
                }
        }

        if (pid > 0 &&
            kill(pid, 0) < 0 &&
            errno == ESRCH) {
                r = 0;
                goto finish;
        }

        if (arg_action == ACTION_LIST)
                printf("'%s' (PID %u)\n", message, pid);
        else if (arg_action == ACTION_WALL) {
                char *_wall;

                if (asprintf(&_wall,
                             "%s%sPassword entry required for \'%s\' (PID %u).\r\n"
                             "Please enter password with the systemd-tty-ask-password-agent tool!",
                             *wall ? *wall : "",
                             *wall ? "\r\n\r\n" : "",
                             message,
                             pid) < 0) {
                        log_error("Out of memory");
                        r = -ENOMEM;
                        goto finish;
                }

                free(*wall);
                *wall = _wall;
        } else {
                union {
                        struct sockaddr sa;
                        struct sockaddr_un un;
                } sa;
                size_t packet_length = 0;

                assert(arg_action == ACTION_QUERY ||
                       arg_action == ACTION_WATCH);

                if (access(socket_name, W_OK) < 0) {

                        if (arg_action == ACTION_QUERY)
                                log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);

                        r = 0;
                        goto finish;
                }

                if (arg_plymouth) {
                        char **passwords = NULL;

                        if ((r = ask_password_plymouth(message, not_after, filename, accept_cached, &passwords)) >= 0) {
                                char **p;

                                packet_length = 1;
                                STRV_FOREACH(p, passwords)
                                        packet_length += strlen(*p) + 1;

                                if (!(packet = new(char, packet_length)))
                                        r = -ENOMEM;
                                else {
                                        char *d;

                                        packet[0] = '+';
                                        d = packet+1;

                                        STRV_FOREACH(p, passwords)
                                                d = stpcpy(d, *p) + 1;
                                }
                        }

                } else {
                        int tty_fd = -1;
                        char *password;

                        if (arg_console)
                                if ((tty_fd = acquire_terminal("/dev/console", false, false, false)) < 0) {
                                        r = tty_fd;
                                        goto finish;
                                }

                        r = ask_password_tty(message, not_after, filename, &password);

                        if (arg_console) {
                                close_nointr_nofail(tty_fd);
                                release_terminal();
                        }

                        if (r >= 0) {
                                packet_length = 1+strlen(password)+1;
                                if (!(packet = new(char, packet_length)))
                                        r = -ENOMEM;
                                else {
                                        packet[0] = '+';
                                        strcpy(packet+1, password);
                                }

                                free(password);
                        }
                }

                if (r == -ETIME || r == -ENOENT) {
                        /* If the query went away, that's OK */
                        r = 0;
                        goto finish;
                }

                if (r < 0) {
                        log_error("Failed to query password: %s", strerror(-r));
                        goto finish;
                }

                if ((socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
                        log_error("socket(): %m");
                        r = -errno;
                        goto finish;
                }

                zero(sa);
                sa.un.sun_family = AF_UNIX;
                strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));

                if (sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
                        log_error("Failed to send: %m");
                        r = -errno;
                        goto finish;
                }
        }

finish:
        fclose(f);

        if (socket_fd >= 0)
                close_nointr_nofail(socket_fd);

        free(packet);
        free(socket_name);
        free(message);

        return r;
}

static int wall_tty_block(void) {
        char *p;
        int fd, r;
        dev_t devnr;

        r = get_ctty_devnr(0, &devnr);
        if (r < 0)
                return -r;

        if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
                return -ENOMEM;

        mkdir_parents(p, 0700);
        mkfifo(p, 0600);

        fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
        free(p);

        if (fd < 0)
                return -errno;

        return fd;
}

static bool wall_tty_match(const char *path) {
        int fd, k;
        char *p;
        struct stat st;

        if (path_is_absolute(path))
                k = lstat(path, &st);
        else {
                if (asprintf(&p, "/dev/%s", path) < 0)
                        return true;

                k = lstat(p, &st);
                free(p);
        }

        if (k < 0)
                return true;

        if (!S_ISCHR(st.st_mode))
                return true;

        /* We use named pipes to ensure that wall messages suggesting
         * password entry are not printed over password prompts
         * already shown. We use the fact here that opening a pipe in
         * non-blocking mode for write-only will succeed only if
         * there's some writer behind it. Using pipes has the
         * advantage that the block will automatically go away if the
         * process dies. */

        if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0)
                return true;

        fd = open(p, O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
        free(p);

        if (fd < 0)
                return true;

        /* What, we managed to open the pipe? Then this tty is filtered. */
        close_nointr_nofail(fd);
        return false;
}

static int show_passwords(void) {
        DIR *d;
        struct dirent *de;
        int r = 0;

        if (!(d = opendir("/run/systemd/ask-password"))) {
                if (errno == ENOENT)
                        return 0;

                log_error("opendir(): %m");
                return -errno;
        }

        while ((de = readdir(d))) {
                char *p;
                int q;
                char *wall;

                /* We only support /dev on tmpfs, hence we can rely on
                 * d_type to be reliable */

                if (de->d_type != DT_REG)
                        continue;

                if (ignore_file(de->d_name))
                        continue;

                if (!startswith(de->d_name, "ask."))
                        continue;

                if (!(p = strappend("/run/systemd/ask-password/", de->d_name))) {
                        log_error("Out of memory");
                        r = -ENOMEM;
                        goto finish;
                }

                wall = NULL;
                if ((q = parse_password(p, &wall)) < 0)
                        r = q;

                free(p);

                if (wall) {
                        utmp_wall(wall, wall_tty_match);
                        free(wall);
                }
        }

finish:
        if (d)
                closedir(d);

        return r;
}

static int watch_passwords(void) {
        enum {
                FD_INOTIFY,
                FD_SIGNAL,
                _FD_MAX
        };

        int notify = -1, signal_fd = -1, tty_block_fd = -1;
        struct pollfd pollfd[_FD_MAX];
        sigset_t mask;
        int r;

        tty_block_fd = wall_tty_block();

        mkdir_p("/run/systemd/ask-password", 0755);

        if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
                r = -errno;
                goto finish;
        }

        if (inotify_add_watch(notify, "/run/systemd/ask-password", IN_CLOSE_WRITE|IN_MOVED_TO) < 0) {
                r = -errno;
                goto finish;
        }

        assert_se(sigemptyset(&mask) == 0);
        sigset_add_many(&mask, SIGINT, SIGTERM, -1);
        assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);

        if ((signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC)) < 0) {
                log_error("signalfd(): %m");
                r = -errno;
                goto finish;
        }

        zero(pollfd);
        pollfd[FD_INOTIFY].fd = notify;
        pollfd[FD_INOTIFY].events = POLLIN;
        pollfd[FD_SIGNAL].fd = signal_fd;
        pollfd[FD_SIGNAL].events = POLLIN;

        for (;;) {
                if ((r = show_passwords()) < 0)
                        log_error("Failed to show password: %s", strerror(-r));

                if (poll(pollfd, _FD_MAX, -1) < 0) {

                        if (errno == EINTR)
                                continue;

                        r = -errno;
                        goto finish;
                }

                if (pollfd[FD_INOTIFY].revents != 0)
                        flush_fd(notify);

                if (pollfd[FD_SIGNAL].revents != 0)
                        break;
        }

        r = 0;

finish:
        if (notify >= 0)
                close_nointr_nofail(notify);

        if (signal_fd >= 0)
                close_nointr_nofail(signal_fd);

        if (tty_block_fd >= 0)
                close_nointr_nofail(tty_block_fd);

        return r;
}

static int help(void) {

        printf("%s [OPTIONS...]\n\n"
               "Process system password requests.\n\n"
               "  -h --help     Show this help\n"
               "     --list     Show pending password requests\n"
               "     --query    Process pending password requests\n"
               "     --watch    Continuously process password requests\n"
               "     --wall     Continuously forward password requests to wall\n"
               "     --plymouth Ask question with Plymouth instead of on TTY\n"
               "     --console  Ask question on /dev/console instead of current TTY\n",
               program_invocation_short_name);

        return 0;
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_LIST = 0x100,
                ARG_QUERY,
                ARG_WATCH,
                ARG_WALL,
                ARG_PLYMOUTH,
                ARG_CONSOLE
        };

        static const struct option options[] = {
                { "help",     no_argument, NULL, 'h'          },
                { "list",     no_argument, NULL, ARG_LIST     },
                { "query",    no_argument, NULL, ARG_QUERY    },
                { "watch",    no_argument, NULL, ARG_WATCH    },
                { "wall",     no_argument, NULL, ARG_WALL     },
                { "plymouth", no_argument, NULL, ARG_PLYMOUTH },
                { "console",  no_argument, NULL, ARG_CONSOLE  },
                { NULL,    0,           NULL, 0               }
        };

        int c;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {

                switch (c) {

                case 'h':
                        help();
                        return 0;

                case ARG_LIST:
                        arg_action = ACTION_LIST;
                        break;

                case ARG_QUERY:
                        arg_action = ACTION_QUERY;
                        break;

                case ARG_WATCH:
                        arg_action = ACTION_WATCH;
                        break;

                case ARG_WALL:
                        arg_action = ACTION_WALL;
                        break;

                case ARG_PLYMOUTH:
                        arg_plymouth = true;
                        break;

                case ARG_CONSOLE:
                        arg_console = true;
                        break;

                case '?':
                        return -EINVAL;

                default:
                        log_error("Unknown option code %c", c);
                        return -EINVAL;
                }
        }

        if (optind != argc) {
                help();
                return -EINVAL;
        }

        return 1;
}

int main(int argc, char *argv[]) {
        int r;

        log_parse_environment();
        log_open();

        umask(0022);

        if ((r = parse_argv(argc, argv)) <= 0)
                goto finish;

        if (arg_console) {
                setsid();
                release_terminal();
        }

        if (arg_action == ACTION_WATCH ||
            arg_action == ACTION_WALL)
                r = watch_passwords();
        else
                r = show_passwords();

        if (r < 0)
                log_error("Error: %s", strerror(-r));

finish:
        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
ec863ba6 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <stdbool.h>
	23	#include <errno.h>
	24	#include <string.h>
	25	#include <sys/socket.h>
	26	#include <sys/un.h>
	27	#include <stddef.h>
	28	#include <sys/poll.h>
	29	#include <sys/inotify.h>
	30	#include <unistd.h>
	31	#include <getopt.h>
b9ba604e	32	#include <sys/signalfd.h>
7af53310	33	#include <fcntl.h>
ec863ba6 LP	34
	35	#include "util.h"
	36	#include "conf-parser.h"
	37	#include "utmp-wtmp.h"
e5ebf783	38	#include "socket-util.h"
7f4e0805	39	#include "ask-password-api.h"
21bc923a	40	#include "strv.h"
ec863ba6 LP	41
	42	static enum {
	43	ACTION_LIST,
	44	ACTION_QUERY,
	45	ACTION_WATCH,
	46	ACTION_WALL
	47	} arg_action = ACTION_QUERY;
	48
e5ebf783	49	static bool arg_plymouth = false;
0cf84693	50	static bool arg_console = false;
e5ebf783	51
21bc923a LP	52	static int ask_password_plymouth(
	53	const char *message,
	54	usec_t until,
	55	const char *flag_file,
	56	bool accept_cached,
	57	char ***_passphrases) {
	58
e5ebf783 LP	59	int fd = -1, notify = -1;
	60	union sockaddr_union sa;
	61	char *packet = NULL;
	62	ssize_t k;
	63	int r, n;
	64	struct pollfd pollfd[2];
	65	char buffer[LINE_MAX];
	66	size_t p = 0;
	67	enum {
	68	POLL_SOCKET,
	69	POLL_INOTIFY
	70	};
	71
21bc923a LP	72	assert(_passphrases);
21bc923a LP	73
e5ebf783 LP	74	if (flag_file) {
	75	if ((notify = inotify_init1(IN_CLOEXEC\|IN_NONBLOCK)) < 0) {
	76	r = -errno;
	77	goto finish;
	78	}
	79
	80	if (inotify_add_watch(notify, flag_file, IN_ATTRIB /* for the link count */) < 0) {
	81	r = -errno;
	82	goto finish;
	83	}
	84	}
	85
	86	if ((fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0)) < 0) {
	87	r = -errno;
	88	goto finish;
	89	}
	90
	91	zero(sa);
	92	sa.sa.sa_family = AF_UNIX;
96707269 LP	93	strncpy(sa.un.sun_path+1, "/org/freedesktop/plymouthd", sizeof(sa.un.sun_path)-1);
96707269 LP	94	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
c0f9c7da	95	log_error("Failed to connect to Plymouth: %m");
e5ebf783 LP	96	r = -errno;
	97	goto finish;
	98	}
	99
21bc923a LP	100	if (accept_cached) {
	101	packet = strdup("c");
	102	n = 1;
	103	} else
	104	asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n);
	105
	106	if (!packet) {
e5ebf783 LP	107	r = -ENOMEM;
	108	goto finish;
	109	}
	110
	111	if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
	112	r = k < 0 ? (int) k : -EIO;
	113	goto finish;
	114	}
	115
	116	zero(pollfd);
	117	pollfd[POLL_SOCKET].fd = fd;
	118	pollfd[POLL_SOCKET].events = POLLIN;
	119	pollfd[POLL_INOTIFY].fd = notify;
	120	pollfd[POLL_INOTIFY].events = POLLIN;
	121
	122	for (;;) {
	123	int sleep_for = -1, j;
	124
	125	if (until > 0) {
	126	usec_t y;
	127
	128	y = now(CLOCK_MONOTONIC);
	129
	130	if (y > until) {
ccc80078	131	r = -ETIME;
e5ebf783 LP	132	goto finish;
	133	}
	134
	135	sleep_for = (int) ((until - y) / USEC_PER_MSEC);
	136	}
	137
	138	if (flag_file)
	139	if (access(flag_file, F_OK) < 0) {
	140	r = -errno;
	141	goto finish;
	142	}
	143
	144	if ((j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for)) < 0) {
	145
	146	if (errno == EINTR)
	147	continue;
	148
	149	r = -errno;
	150	goto finish;
	151	} else if (j == 0) {
ccc80078	152	r = -ETIME;
e5ebf783 LP	153	goto finish;
	154	}
	155
	156	if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
	157	flush_fd(notify);
	158
	159	if (pollfd[POLL_SOCKET].revents == 0)
	160	continue;
	161
	162	if ((k = read(fd, buffer + p, sizeof(buffer) - p)) <= 0) {
	163	r = k < 0 ? -errno : -EIO;
	164	goto finish;
	165	}
	166
	167	p += k;
	168
	169	if (p < 1)
	170	continue;
	171
	172	if (buffer[0] == 5) {
21bc923a LP	173
	174	if (accept_cached) {
	175	/* Hmm, first try with cached
	176	* passwords failed, so let's retry
	177	* with a normal password request */
	178	free(packet);
	179	packet = NULL;
	180
	181	if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
	182	r = -ENOMEM;
	183	goto finish;
	184	}
	185
	186	if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
	187	r = k < 0 ? (int) k : -EIO;
	188	goto finish;
	189	}
	190
	191	accept_cached = false;
	192	p = 0;
	193	continue;
	194	}
	195
e5ebf783 LP	196	/* No password, because UI not shown */
	197	r = -ENOENT;
	198	goto finish;
	199
21bc923a	200	} else if (buffer[0] == 2 \|\| buffer[0] == 9) {
e5ebf783	201	uint32_t size;
21bc923a	202	char **l;
e5ebf783	203
21bc923a	204	/* One ore more answers */
e5ebf783 LP	205	if (p < 5)
	206	continue;
	207
	208	memcpy(&size, buffer+1, sizeof(size));
bb53abeb	209	size = le32toh(size);
e5ebf783 LP	210	if (size+5 > sizeof(buffer)) {
	211	r = -EIO;
	212	goto finish;
	213	}
	214
	215	if (p-5 < size)
	216	continue;
	217
21bc923a	218	if (!(l = strv_parse_nulstr(buffer + 5, size))) {
e5ebf783 LP	219	r = -ENOMEM;
	220	goto finish;
	221	}
	222
21bc923a	223	*_passphrases = l;
e5ebf783	224	break;
21bc923a	225
e5ebf783 LP	226	} else {
	227	/* Unknown packet */
	228	r = -EIO;
	229	goto finish;
	230	}
	231	}
	232
	233	r = 0;
	234
	235	finish:
	236	if (notify >= 0)
	237	close_nointr_nofail(notify);
	238
	239	if (fd >= 0)
	240	close_nointr_nofail(fd);
	241
	242	free(packet);
	243
	244	return r;
	245	}
	246
0ddf1d3a	247	static int parse_password(const char filename, char *wall) {
ec863ba6 LP	248	char socket_name = NULL, message = NULL, *packet = NULL;
	249	uint64_t not_after = 0;
	250	unsigned pid = 0;
	251	int socket_fd = -1;
21bc923a	252	bool accept_cached = false;
ec863ba6	253
f975e971 LP	254	const ConfigTableItem items[] = {
	255	{ "Ask", "Socket", config_parse_string, 0, &socket_name },
	256	{ "Ask", "NotAfter", config_parse_uint64, 0, &not_after },
	257	{ "Ask", "Message", config_parse_string, 0, &message },
	258	{ "Ask", "PID", config_parse_unsigned, 0, &pid },
	259	{ "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached },
	260	{ NULL, NULL, NULL, 0, NULL }
ec863ba6 LP	261	};
	262
	263	FILE *f;
	264	int r;
ec863ba6 LP	265
	266	assert(filename);
	267
f975e971 LP	268	f = fopen(filename, "re");
f975e971 LP	269	if (!f) {
ec863ba6 LP	270	if (errno == ENOENT)
	271	return 0;
	272
	273	log_error("open(%s): %m", filename);
	274	return -errno;
	275	}
	276
f975e971 LP	277	r = config_parse(filename, f, NULL, config_item_table_lookup, (void*) items, true, NULL);
f975e971 LP	278	if (r < 0) {
ec863ba6 LP	279	log_error("Failed to parse password file %s: %s", filename, strerror(-r));
	280	goto finish;
	281	}
	282
7dcda352	283	if (!socket_name) {
ec863ba6 LP	284	log_error("Invalid password file %s", filename);
	285	r = -EBADMSG;
	286	goto finish;
	287	}
	288
7dcda352 LP	289	if (not_after > 0) {
	290	if (now(CLOCK_MONOTONIC) > not_after) {
	291	r = 0;
	292	goto finish;
	293	}
ec863ba6 LP	294	}
ec863ba6 LP	295
ded80335 LP	296	if (pid > 0 &&
	297	kill(pid, 0) < 0 &&
	298	errno == ESRCH) {
	299	r = 0;
	300	goto finish;
	301	}
	302
ec863ba6 LP	303	if (arg_action == ACTION_LIST)
	304	printf("'%s' (PID %u)\n", message, pid);
	305	else if (arg_action == ACTION_WALL) {
0ddf1d3a	306	char *_wall;
ec863ba6	307
0ddf1d3a LP	308	if (asprintf(&_wall,
0ddf1d3a LP	309	"%s%sPassword entry required for \'%s\' (PID %u).\r\n"
9d3e691e	310	"Please enter password with the systemd-tty-ask-password-agent tool!",
0ddf1d3a LP	311	wall ? wall : "",
0ddf1d3a LP	312	*wall ? "\r\n\r\n" : "",
ec863ba6 LP	313	message,
	314	pid) < 0) {
	315	log_error("Out of memory");
	316	r = -ENOMEM;
	317	goto finish;
	318	}
	319
0ddf1d3a LP	320	free(*wall);
0ddf1d3a LP	321	*wall = _wall;
ec863ba6 LP	322	} else {
	323	union {
	324	struct sockaddr sa;
	325	struct sockaddr_un un;
	326	} sa;
3414abee	327	size_t packet_length = 0;
ec863ba6 LP	328
	329	assert(arg_action == ACTION_QUERY \|\|
	330	arg_action == ACTION_WATCH);
	331
	332	if (access(socket_name, W_OK) < 0) {
	333
	334	if (arg_action == ACTION_QUERY)
	335	log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);
	336
	337	r = 0;
	338	goto finish;
	339	}
	340
21bc923a	341	if (arg_plymouth) {
3414abee	342	char **passwords = NULL;
21bc923a LP	343
	344	if ((r = ask_password_plymouth(message, not_after, filename, accept_cached, &passwords)) >= 0) {
	345	char **p;
	346
	347	packet_length = 1;
	348	STRV_FOREACH(p, passwords)
	349	packet_length += strlen(*p) + 1;
	350
	351	if (!(packet = new(char, packet_length)))
	352	r = -ENOMEM;
	353	else {
	354	char *d;
	355
	356	packet[0] = '+';
	357	d = packet+1;
	358
	359	STRV_FOREACH(p, passwords)
	360	d = stpcpy(d, *p) + 1;
	361	}
	362	}
	363
	364	} else {
0cf84693	365	int tty_fd = -1;
21bc923a	366	char *password;
0cf84693 LP	367
	368	if (arg_console)
	369	if ((tty_fd = acquire_terminal("/dev/console", false, false, false)) < 0) {
	370	r = tty_fd;
	371	goto finish;
	372	}
	373
e5ebf783 LP	374	r = ask_password_tty(message, not_after, filename, &password);
e5ebf783 LP	375
0cf84693 LP	376	if (arg_console) {
	377	close_nointr_nofail(tty_fd);
	378	release_terminal();
	379	}
21bc923a	380
9726f9ff LP	381	if (r >= 0) {
	382	packet_length = 1+strlen(password)+1;
	383	if (!(packet = new(char, packet_length)))
	384	r = -ENOMEM;
	385	else {
	386	packet[0] = '+';
	387	strcpy(packet+1, password);
	388	}
21bc923a	389
5ba7b871 LP	390	free(password);
5ba7b871 LP	391	}
0cf84693 LP	392	}
0cf84693 LP	393
446f0046 LP	394	if (r == -ETIME \|\| r == -ENOENT) {
	395	/* If the query went away, that's OK */
	396	r = 0;
	397	goto finish;
	398	}
	399
e5ebf783 LP	400	if (r < 0) {
e5ebf783 LP	401	log_error("Failed to query password: %s", strerror(-r));
ec863ba6 LP	402	goto finish;
	403	}
	404
ec863ba6 LP	405	if ((socket_fd = socket(AF_UNIX, SOCK_DGRAM\|SOCK_CLOEXEC, 0)) < 0) {
	406	log_error("socket(): %m");
	407	r = -errno;
	408	goto finish;
	409	}
	410
	411	zero(sa);
	412	sa.un.sun_family = AF_UNIX;
	413	strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));
	414
21bc923a	415	if (sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
ec863ba6 LP	416	log_error("Failed to send: %m");
	417	r = -errno;
	418	goto finish;
	419	}
	420	}
	421
	422	finish:
	423	fclose(f);
	424
	425	if (socket_fd >= 0)
	426	close_nointr_nofail(socket_fd);
	427
	428	free(packet);
	429	free(socket_name);
	430	free(message);
	431
	432	return r;
	433	}
	434
0cf84693	435	static int wall_tty_block(void) {
7af53310	436	char *p;
fc116c6a LP	437	int fd, r;
fc116c6a LP	438	dev_t devnr;
7af53310	439
4d6d6518 LP	440	r = get_ctty_devnr(0, &devnr);
4d6d6518 LP	441	if (r < 0)
fc116c6a	442	return -r;
7af53310	443
2b583ce6	444	if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
7af53310 LP	445	return -ENOMEM;
	446
	447	mkdir_parents(p, 0700);
	448	mkfifo(p, 0600);
	449
	450	fd = open(p, O_RDONLY\|O_CLOEXEC\|O_NONBLOCK\|O_NOCTTY);
	451	free(p);
	452
	453	if (fd < 0)
	454	return -errno;
	455
	456	return fd;
	457	}
	458
0cf84693	459	static bool wall_tty_match(const char *path) {
fc116c6a	460	int fd, k;
7af53310	461	char *p;
fc116c6a LP	462	struct stat st;
	463
	464	if (path_is_absolute(path))
	465	k = lstat(path, &st);
	466	else {
	467	if (asprintf(&p, "/dev/%s", path) < 0)
	468	return true;
	469
	470	k = lstat(p, &st);
	471	free(p);
	472	}
	473
	474	if (k < 0)
	475	return true;
	476
	477	if (!S_ISCHR(st.st_mode))
	478	return true;
7af53310 LP	479
	480	/* We use named pipes to ensure that wall messages suggesting
	481	* password entry are not printed over password prompts
	482	* already shown. We use the fact here that opening a pipe in
	483	* non-blocking mode for write-only will succeed only if
	484	* there's some writer behind it. Using pipes has the
	485	* advantage that the block will automatically go away if the
	486	* process dies. */
	487
2b583ce6	488	if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0)
7af53310 LP	489	return true;
	490
	491	fd = open(p, O_WRONLY\|O_CLOEXEC\|O_NONBLOCK\|O_NOCTTY);
	492	free(p);
	493
	494	if (fd < 0)
	495	return true;
	496
	497	/* What, we managed to open the pipe? Then this tty is filtered. */
	498	close_nointr_nofail(fd);
	499	return false;
	500	}
	501
ec863ba6 LP	502	static int show_passwords(void) {
	503	DIR *d;
	504	struct dirent *de;
	505	int r = 0;
	506
2b583ce6	507	if (!(d = opendir("/run/systemd/ask-password"))) {
ec863ba6 LP	508	if (errno == ENOENT)
	509	return 0;
	510
	511	log_error("opendir(): %m");
	512	return -errno;
	513	}
	514
	515	while ((de = readdir(d))) {
	516	char *p;
	517	int q;
0ddf1d3a	518	char *wall;
ec863ba6	519
1a6f4df6 LP	520	/* We only support /dev on tmpfs, hence we can rely on
	521	* d_type to be reliable */
	522
ec863ba6 LP	523	if (de->d_type != DT_REG)
	524	continue;
	525
	526	if (ignore_file(de->d_name))
	527	continue;
	528
	529	if (!startswith(de->d_name, "ask."))
	530	continue;
	531
2b583ce6	532	if (!(p = strappend("/run/systemd/ask-password/", de->d_name))) {
ec863ba6 LP	533	log_error("Out of memory");
	534	r = -ENOMEM;
	535	goto finish;
	536	}
	537
0ddf1d3a LP	538	wall = NULL;
0ddf1d3a LP	539	if ((q = parse_password(p, &wall)) < 0)
ec863ba6 LP	540	r = q;
	541
	542	free(p);
0ddf1d3a LP	543
0ddf1d3a LP	544	if (wall) {
0cf84693	545	utmp_wall(wall, wall_tty_match);
0ddf1d3a LP	546	free(wall);
0ddf1d3a LP	547	}
ec863ba6 LP	548	}
	549
	550	finish:
	551	if (d)
	552	closedir(d);
	553
	554	return r;
	555	}
	556
	557	static int watch_passwords(void) {
b9ba604e LP	558	enum {
	559	FD_INOTIFY,
	560	FD_SIGNAL,
	561	_FD_MAX
	562	};
	563
7af53310	564	int notify = -1, signal_fd = -1, tty_block_fd = -1;
b9ba604e LP	565	struct pollfd pollfd[_FD_MAX];
b9ba604e LP	566	sigset_t mask;
ec863ba6 LP	567	int r;
ec863ba6 LP	568
0cf84693	569	tty_block_fd = wall_tty_block();
7af53310	570
2b583ce6	571	mkdir_p("/run/systemd/ask-password", 0755);
ec863ba6 LP	572
	573	if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
	574	r = -errno;
	575	goto finish;
	576	}
	577
2b583ce6	578	if (inotify_add_watch(notify, "/run/systemd/ask-password", IN_CLOSE_WRITE\|IN_MOVED_TO) < 0) {
ec863ba6 LP	579	r = -errno;
	580	goto finish;
	581	}
	582
b9ba604e LP	583	assert_se(sigemptyset(&mask) == 0);
	584	sigset_add_many(&mask, SIGINT, SIGTERM, -1);
	585	assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
	586
	587	if ((signal_fd = signalfd(-1, &mask, SFD_NONBLOCK\|SFD_CLOEXEC)) < 0) {
	588	log_error("signalfd(): %m");
	589	r = -errno;
	590	goto finish;
	591	}
	592
ec863ba6	593	zero(pollfd);
b9ba604e LP	594	pollfd[FD_INOTIFY].fd = notify;
	595	pollfd[FD_INOTIFY].events = POLLIN;
	596	pollfd[FD_SIGNAL].fd = signal_fd;
	597	pollfd[FD_SIGNAL].events = POLLIN;
ec863ba6 LP	598
	599	for (;;) {
	600	if ((r = show_passwords()) < 0)
0cf84693	601	log_error("Failed to show password: %s", strerror(-r));
ec863ba6	602
b9ba604e	603	if (poll(pollfd, _FD_MAX, -1) < 0) {
ec863ba6 LP	604
	605	if (errno == EINTR)
	606	continue;
	607
	608	r = -errno;
	609	goto finish;
	610	}
	611
b9ba604e	612	if (pollfd[FD_INOTIFY].revents != 0)
ec863ba6	613	flush_fd(notify);
b9ba604e LP	614
	615	if (pollfd[FD_SIGNAL].revents != 0)
	616	break;
ec863ba6 LP	617	}
	618
	619	r = 0;
	620
	621	finish:
	622	if (notify >= 0)
	623	close_nointr_nofail(notify);
	624
b9ba604e LP	625	if (signal_fd >= 0)
	626	close_nointr_nofail(signal_fd);
	627
7af53310 LP	628	if (tty_block_fd >= 0)
	629	close_nointr_nofail(tty_block_fd);
	630
ec863ba6 LP	631	return r;
	632	}
	633
	634	static int help(void) {
	635
	636	printf("%s [OPTIONS...]\n\n"
	637	"Process system password requests.\n\n"
e5ebf783 LP	638	" -h --help Show this help\n"
	639	" --list Show pending password requests\n"
	640	" --query Process pending password requests\n"
35b8ca3a HH	641	" --watch Continuously process password requests\n"
35b8ca3a HH	642	" --wall Continuously forward password requests to wall\n"
0cf84693 LP	643	" --plymouth Ask question with Plymouth instead of on TTY\n"
0cf84693 LP	644	" --console Ask question on /dev/console instead of current TTY\n",
ec863ba6 LP	645	program_invocation_short_name);
	646
	647	return 0;
	648	}
	649
	650	static int parse_argv(int argc, char *argv[]) {
	651
	652	enum {
	653	ARG_LIST = 0x100,
	654	ARG_QUERY,
	655	ARG_WATCH,
	656	ARG_WALL,
0cf84693 LP	657	ARG_PLYMOUTH,
0cf84693 LP	658	ARG_CONSOLE
ec863ba6 LP	659	};
	660
	661	static const struct option options[] = {
e5ebf783 LP	662	{ "help", no_argument, NULL, 'h' },
	663	{ "list", no_argument, NULL, ARG_LIST },
	664	{ "query", no_argument, NULL, ARG_QUERY },
	665	{ "watch", no_argument, NULL, ARG_WATCH },
	666	{ "wall", no_argument, NULL, ARG_WALL },
	667	{ "plymouth", no_argument, NULL, ARG_PLYMOUTH },
0cf84693	668	{ "console", no_argument, NULL, ARG_CONSOLE },
e5ebf783	669	{ NULL, 0, NULL, 0 }
ec863ba6 LP	670	};
	671
	672	int c;
	673
	674	assert(argc >= 0);
	675	assert(argv);
	676
	677	while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
	678
	679	switch (c) {
	680
	681	case 'h':
	682	help();
	683	return 0;
	684
	685	case ARG_LIST:
	686	arg_action = ACTION_LIST;
	687	break;
	688
	689	case ARG_QUERY:
	690	arg_action = ACTION_QUERY;
	691	break;
	692
	693	case ARG_WATCH:
	694	arg_action = ACTION_WATCH;
	695	break;
	696
	697	case ARG_WALL:
	698	arg_action = ACTION_WALL;
	699	break;
	700
e5ebf783 LP	701	case ARG_PLYMOUTH:
	702	arg_plymouth = true;
	703	break;
	704
0cf84693 LP	705	case ARG_CONSOLE:
	706	arg_console = true;
	707	break;
	708
ec863ba6 LP	709	case '?':
	710	return -EINVAL;
	711
	712	default:
	713	log_error("Unknown option code %c", c);
	714	return -EINVAL;
	715	}
	716	}
	717
	718	if (optind != argc) {
	719	help();
	720	return -EINVAL;
	721	}
	722
	723	return 1;
	724	}
	725
	726	int main(int argc, char *argv[]) {
	727	int r;
	728
	729	log_parse_environment();
	730	log_open();
	731
4c12626c LP	732	umask(0022);
4c12626c LP	733
ec863ba6 LP	734	if ((r = parse_argv(argc, argv)) <= 0)
	735	goto finish;
	736
0cf84693 LP	737	if (arg_console) {
	738	setsid();
	739	release_terminal();
	740	}
	741
ec863ba6 LP	742	if (arg_action == ACTION_WATCH \|\|
	743	arg_action == ACTION_WALL)
	744	r = watch_passwords();
	745	else
	746	r = show_passwords();
	747
96707269 LP	748	if (r < 0)
	749	log_error("Error: %s", strerror(-r));
	750
ec863ba6 LP	751	finish:
	752	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	753	}