[thirdparty/systemd.git] / src / tty-ask-password-agent.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdbool.h>
#include <errno.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <stddef.h>
#include <sys/poll.h>
#include <sys/inotify.h>
#include <unistd.h>
#include <getopt.h>
#include <sys/signalfd.h>

#include "util.h"
#include "conf-parser.h"
#include "utmp-wtmp.h"
#include "socket-util.h"
#include "ask-password-api.h"

static enum {
        ACTION_LIST,
        ACTION_QUERY,
        ACTION_WATCH,
        ACTION_WALL
} arg_action = ACTION_QUERY;

static bool arg_plymouth = false;

static int ask_password_plymouth(const char *message, usec_t until, const char *flag_file, char **_passphrase) {
        int fd = -1, notify = -1;
        union sockaddr_union sa;
        char *packet = NULL;
        ssize_t k;
        int r, n;
        struct pollfd pollfd[2];
        char buffer[LINE_MAX];
        size_t p = 0;
        enum {
                POLL_SOCKET,
                POLL_INOTIFY
        };

        if (flag_file) {
                if ((notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK)) < 0) {
                        r = -errno;
                        goto finish;
                }

                if (inotify_add_watch(notify, flag_file, IN_ATTRIB /* for the link count */) < 0) {
                        r = -errno;
                        goto finish;
                }
        }

        if ((fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) < 0) {
                r = -errno;
                goto finish;
        }

        zero(sa);
        sa.sa.sa_family = AF_UNIX;
        strncpy(sa.un.sun_path+1, "/ply-boot-protocol", sizeof(sa.un.sun_path)-1);

        if (connect(fd, &sa.sa, sizeof(sa.un)) < 0) {
                r = -errno;
                goto finish;
        }

        if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
                r = -ENOMEM;
                goto finish;
        }

        if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
                r = k < 0 ? (int) k : -EIO;
                goto finish;
        }

        zero(pollfd);
        pollfd[POLL_SOCKET].fd = fd;
        pollfd[POLL_SOCKET].events = POLLIN;
        pollfd[POLL_INOTIFY].fd = notify;
        pollfd[POLL_INOTIFY].events = POLLIN;

        for (;;) {
                int sleep_for = -1, j;

                if (until > 0) {
                        usec_t y;

                        y = now(CLOCK_MONOTONIC);

                        if (y > until) {
                                r = -ETIMEDOUT;
                                goto finish;
                        }

                        sleep_for = (int) ((until - y) / USEC_PER_MSEC);
                }

                if (flag_file)
                        if (access(flag_file, F_OK) < 0) {
                                r = -errno;
                                goto finish;
                        }

                if ((j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for)) < 0) {

                        if (errno == EINTR)
                                continue;

                        r = -errno;
                        goto finish;
                } else if (j == 0) {
                        r = -ETIMEDOUT;
                        goto finish;
                }

                if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
                        flush_fd(notify);

                if (pollfd[POLL_SOCKET].revents == 0)
                        continue;

                if ((k = read(fd, buffer + p, sizeof(buffer) - p)) <= 0) {
                        r = k < 0 ? -errno : -EIO;
                        goto finish;
                }

                p += k;

                if (p < 1)
                        continue;

                if (buffer[0] == 5) {
                        /* No password, because UI not shown */
                        r = -ENOENT;
                        goto finish;

                } else if (buffer[0] == 2) {
                        uint32_t size;
                        char *s;

                        /* One answer */
                        if (p < 5)
                                continue;

                        memcpy(&size, buffer+1, sizeof(size));
                        if (size+5 > sizeof(buffer)) {
                                r = -EIO;
                                goto finish;
                        }

                        if (p-5 < size)
                                continue;

                        if (!(s = strndup(buffer + 5, size))) {
                                r = -ENOMEM;
                                goto finish;
                        }

                        *_passphrase = s;
                        break;
                } else {
                        /* Unknown packet */
                        r = -EIO;
                        goto finish;
                }
        }

        r = 0;

finish:
        if (notify >= 0)
                close_nointr_nofail(notify);

        if (fd >= 0)
                close_nointr_nofail(fd);

        free(packet);

        return r;
}

static int parse_password(const char *filename, char **wall) {
        char *socket_name = NULL, *message = NULL, *packet = NULL;
        uint64_t not_after = 0;
        unsigned pid = 0;
        int socket_fd = -1;

        const ConfigItem items[] = {
                { "Socket",   config_parse_string,   &socket_name, "Ask" },
                { "NotAfter", config_parse_uint64,   &not_after,   "Ask" },
                { "Message",  config_parse_string,   &message,     "Ask" },
                { "PID",      config_parse_unsigned, &pid,         "Ask" },
        };

        FILE *f;
        int r;
        usec_t n;

        assert(filename);

        if (!(f = fopen(filename, "re"))) {

                if (errno == ENOENT)
                        return 0;

                log_error("open(%s): %m", filename);
                return -errno;
        }

        if ((r = config_parse(filename, f, NULL, items, false, NULL)) < 0) {
                log_error("Failed to parse password file %s: %s", filename, strerror(-r));
                goto finish;
        }

        if (!socket_name || not_after <= 0) {
                log_error("Invalid password file %s", filename);
                r = -EBADMSG;
                goto finish;
        }

        n = now(CLOCK_MONOTONIC);
        if (n > not_after) {
                r = 0;
                goto finish;
        }

        if (arg_action == ACTION_LIST)
                printf("'%s' (PID %u)\n", message, pid);
        else if (arg_action == ACTION_WALL) {
                char *_wall;

                if (asprintf(&_wall,
                             "%s%sPassword entry required for \'%s\' (PID %u).\r\n"
                             "Please enter password with the systemd-tty-password-agent tool!",
                             *wall ? *wall : "",
                             *wall ? "\r\n\r\n" : "",
                             message,
                             pid) < 0) {
                        log_error("Out of memory");
                        r = -ENOMEM;
                        goto finish;
                }

                free(*wall);
                *wall = _wall;
        } else {
                union {
                        struct sockaddr sa;
                        struct sockaddr_un un;
                } sa;
                char *password;

                assert(arg_action == ACTION_QUERY ||
                       arg_action == ACTION_WATCH);

                if (access(socket_name, W_OK) < 0) {

                        if (arg_action == ACTION_QUERY)
                                log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);

                        r = 0;
                        goto finish;
                }

                if (arg_plymouth)
                        r = ask_password_plymouth(message, not_after, filename, &password);
                else
                        r = ask_password_tty(message, not_after, filename, &password);

                if (r < 0) {
                        log_error("Failed to query password: %s", strerror(-r));
                        goto finish;
                }

                asprintf(&packet, "+%s", password);
                free(password);

                if (!packet) {
                        log_error("Out of memory");
                        r = -ENOMEM;
                        goto finish;
                }

                if ((socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
                        log_error("socket(): %m");
                        r = -errno;
                        goto finish;
                }

                zero(sa);
                sa.un.sun_family = AF_UNIX;
                strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));

                if (sendto(socket_fd, packet, strlen(packet), MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
                        log_error("Failed to send: %m");
                        r = -errno;
                        goto finish;
                }
        }

finish:
        fclose(f);

        if (socket_fd >= 0)
                close_nointr_nofail(socket_fd);

        free(packet);
        free(socket_name);
        free(message);

        return r;
}

static int show_passwords(void) {
        DIR *d;
        struct dirent *de;
        int r = 0;

        if (!(d = opendir("/dev/.systemd/ask-password"))) {
                if (errno == ENOENT)
                        return 0;

                log_error("opendir(): %m");
                return -errno;
        }

        while ((de = readdir(d))) {
                char *p;
                int q;
                char *wall;

                if (de->d_type != DT_REG)
                        continue;

                if (ignore_file(de->d_name))
                        continue;

                if (!startswith(de->d_name, "ask."))
                        continue;

                if (!(p = strappend("/dev/.systemd/ask-password/", de->d_name))) {
                        log_error("Out of memory");
                        r = -ENOMEM;
                        goto finish;
                }

                wall = NULL;
                if ((q = parse_password(p, &wall)) < 0)
                        r = q;

                free(p);

                if (wall) {
                        utmp_wall(wall);
                        free(wall);
                }
        }

finish:
        if (d)
                closedir(d);

        return r;
}

static int watch_passwords(void) {
        enum {
                FD_INOTIFY,
                FD_SIGNAL,
                _FD_MAX
        };

        int notify = -1, signal_fd = -1;
        struct pollfd pollfd[_FD_MAX];
        sigset_t mask;
        int r;

        mkdir_p("/dev/.systemd/ask-password", 0755);

        if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
                r = -errno;
                goto finish;
        }

        if (inotify_add_watch(notify, "/dev/.systemd/ask-password", IN_CLOSE_WRITE|IN_MOVED_TO) < 0) {
                r = -errno;
                goto finish;
        }

        assert_se(sigemptyset(&mask) == 0);
        sigset_add_many(&mask, SIGINT, SIGTERM, -1);
        assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);

        if ((signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC)) < 0) {
                log_error("signalfd(): %m");
                r = -errno;
                goto finish;
        }

        zero(pollfd);
        pollfd[FD_INOTIFY].fd = notify;
        pollfd[FD_INOTIFY].events = POLLIN;
        pollfd[FD_SIGNAL].fd = signal_fd;
        pollfd[FD_SIGNAL].events = POLLIN;

        for (;;) {
                if ((r = show_passwords()) < 0)
                        break;

                if (poll(pollfd, _FD_MAX, -1) < 0) {

                        if (errno == EINTR)
                                continue;

                        r = -errno;
                        goto finish;
                }

                if (pollfd[FD_INOTIFY].revents != 0)
                        flush_fd(notify);

                if (pollfd[FD_SIGNAL].revents != 0)
                        break;
        }

        r = 0;

finish:
        if (notify >= 0)
                close_nointr_nofail(notify);

        if (signal_fd >= 0)
                close_nointr_nofail(signal_fd);

        return r;
}

static int help(void) {

        printf("%s [OPTIONS...]\n\n"
               "Process system password requests.\n\n"
               "  -h --help     Show this help\n"
               "     --list     Show pending password requests\n"
               "     --query    Process pending password requests\n"
               "     --watch    Continously process password requests\n"
               "     --wall     Continously forward password requests to wall\n"
               "     --plymouth Ask question with Plymouth instead of on TTY\n",
               program_invocation_short_name);

        return 0;
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_LIST = 0x100,
                ARG_QUERY,
                ARG_WATCH,
                ARG_WALL,
                ARG_PLYMOUTH
        };

        static const struct option options[] = {
                { "help",     no_argument, NULL, 'h'          },
                { "list",     no_argument, NULL, ARG_LIST     },
                { "query",    no_argument, NULL, ARG_QUERY    },
                { "watch",    no_argument, NULL, ARG_WATCH    },
                { "wall",     no_argument, NULL, ARG_WALL     },
                { "plymouth", no_argument, NULL, ARG_PLYMOUTH },
                { NULL,    0,           NULL, 0               }
        };

        int c;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {

                switch (c) {

                case 'h':
                        help();
                        return 0;

                case ARG_LIST:
                        arg_action = ACTION_LIST;
                        break;

                case ARG_QUERY:
                        arg_action = ACTION_QUERY;
                        break;

                case ARG_WATCH:
                        arg_action = ACTION_WATCH;
                        break;

                case ARG_WALL:
                        arg_action = ACTION_WALL;
                        break;

                case ARG_PLYMOUTH:
                        arg_plymouth = true;
                        break;

                case '?':
                        return -EINVAL;

                default:
                        log_error("Unknown option code %c", c);
                        return -EINVAL;
                }
        }

        if (optind != argc) {
                help();
                return -EINVAL;
        }

        return 1;
}

int main(int argc, char *argv[]) {
        int r;

        log_parse_environment();
        log_open();

        if ((r = parse_argv(argc, argv)) <= 0)
                goto finish;

        if (arg_action == ACTION_WATCH ||
            arg_action == ACTION_WALL)
                r = watch_passwords();
        else
                r = show_passwords();

finish:
        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
ec863ba6 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <stdbool.h>
	23	#include <errno.h>
	24	#include <string.h>
	25	#include <sys/socket.h>
	26	#include <sys/un.h>
	27	#include <stddef.h>
	28	#include <sys/poll.h>
	29	#include <sys/inotify.h>
	30	#include <unistd.h>
	31	#include <getopt.h>
b9ba604e	32	#include <sys/signalfd.h>
ec863ba6 LP	33
	34	#include "util.h"
	35	#include "conf-parser.h"
	36	#include "utmp-wtmp.h"
e5ebf783	37	#include "socket-util.h"
7f4e0805	38	#include "ask-password-api.h"
ec863ba6 LP	39
	40	static enum {
	41	ACTION_LIST,
	42	ACTION_QUERY,
	43	ACTION_WATCH,
	44	ACTION_WALL
	45	} arg_action = ACTION_QUERY;
	46
e5ebf783 LP	47	static bool arg_plymouth = false;
	48
	49	static int ask_password_plymouth(const char message, usec_t until, const char flag_file, char **_passphrase) {
	50	int fd = -1, notify = -1;
	51	union sockaddr_union sa;
	52	char *packet = NULL;
	53	ssize_t k;
	54	int r, n;
	55	struct pollfd pollfd[2];
	56	char buffer[LINE_MAX];
	57	size_t p = 0;
	58	enum {
	59	POLL_SOCKET,
	60	POLL_INOTIFY
	61	};
	62
	63	if (flag_file) {
	64	if ((notify = inotify_init1(IN_CLOEXEC\|IN_NONBLOCK)) < 0) {
	65	r = -errno;
	66	goto finish;
	67	}
	68
	69	if (inotify_add_watch(notify, flag_file, IN_ATTRIB /* for the link count */) < 0) {
	70	r = -errno;
	71	goto finish;
	72	}
	73	}
	74
	75	if ((fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0)) < 0) {
	76	r = -errno;
	77	goto finish;
	78	}
	79
	80	zero(sa);
	81	sa.sa.sa_family = AF_UNIX;
	82	strncpy(sa.un.sun_path+1, "/ply-boot-protocol", sizeof(sa.un.sun_path)-1);
	83
	84	if (connect(fd, &sa.sa, sizeof(sa.un)) < 0) {
	85	r = -errno;
	86	goto finish;
	87	}
	88
	89	if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
	90	r = -ENOMEM;
	91	goto finish;
	92	}
	93
	94	if ((k = loop_write(fd, packet, n+1, true)) != n+1) {
	95	r = k < 0 ? (int) k : -EIO;
	96	goto finish;
	97	}
	98
	99	zero(pollfd);
	100	pollfd[POLL_SOCKET].fd = fd;
	101	pollfd[POLL_SOCKET].events = POLLIN;
	102	pollfd[POLL_INOTIFY].fd = notify;
	103	pollfd[POLL_INOTIFY].events = POLLIN;
	104
	105	for (;;) {
	106	int sleep_for = -1, j;
	107
	108	if (until > 0) {
	109	usec_t y;
	110
111	y = now(CLOCK_MONOTONIC);
112
113	if (y > until) {
114	r = -ETIMEDOUT;
115	goto finish;
116	}
117
118	sleep_for = (int) ((until - y) / USEC_PER_MSEC);
119	}
120
121	if (flag_file)
122	if (access(flag_file, F_OK) < 0) {
123	r = -errno;
124	goto finish;
125	}
126
127	if ((j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for)) < 0) {
128
129	if (errno == EINTR)
130	continue;
131
132	r = -errno;
133	goto finish;
134	} else if (j == 0) {
135	r = -ETIMEDOUT;
136	goto finish;
137	}
138
139	if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
140	flush_fd(notify);
141
142	if (pollfd[POLL_SOCKET].revents == 0)
143	continue;
144
145	if ((k = read(fd, buffer + p, sizeof(buffer) - p)) <= 0) {
146	r = k < 0 ? -errno : -EIO;
147	goto finish;
148	}
149
150	p += k;
151
152	if (p < 1)
153	continue;
154
155	if (buffer[0] == 5) {
156	/* No password, because UI not shown */
157	r = -ENOENT;
158	goto finish;
159
160	} else if (buffer[0] == 2) {
161	uint32_t size;
162	char *s;
163
164	/* One answer */
165	if (p < 5)
166	continue;
167
168	memcpy(&size, buffer+1, sizeof(size));
169	if (size+5 > sizeof(buffer)) {
170	r = -EIO;
171	goto finish;
172	}
173
174	if (p-5 < size)
175	continue;
176
177	if (!(s = strndup(buffer + 5, size))) {
178	r = -ENOMEM;
179	goto finish;
180	}
181
182	*_passphrase = s;
183	break;
184	} else {
185	/* Unknown packet */
186	r = -EIO;
187	goto finish;
188	}
189	}
190
191	r = 0;
192
193	finish:
194	if (notify >= 0)
195	close_nointr_nofail(notify);
196
197	if (fd >= 0)
198	close_nointr_nofail(fd);
199
200	free(packet);
201
202	return r;
203	}
204
0ddf1d3a	205	static int parse_password(const char filename, char *wall) {
ec863ba6 LP	206	char socket_name = NULL, message = NULL, *packet = NULL;
	207	uint64_t not_after = 0;
	208	unsigned pid = 0;
	209	int socket_fd = -1;
	210
	211	const ConfigItem items[] = {
	212	{ "Socket", config_parse_string, &socket_name, "Ask" },
	213	{ "NotAfter", config_parse_uint64, &not_after, "Ask" },
	214	{ "Message", config_parse_string, &message, "Ask" },
	215	{ "PID", config_parse_unsigned, &pid, "Ask" },
	216	};
	217
	218	FILE *f;
	219	int r;
	220	usec_t n;
	221
	222	assert(filename);
	223
	224	if (!(f = fopen(filename, "re"))) {
	225
	226	if (errno == ENOENT)
	227	return 0;
	228
	229	log_error("open(%s): %m", filename);
	230	return -errno;
	231	}
	232
	233	if ((r = config_parse(filename, f, NULL, items, false, NULL)) < 0) {
	234	log_error("Failed to parse password file %s: %s", filename, strerror(-r));
	235	goto finish;
	236	}
	237
	238	if (!socket_name \|\| not_after <= 0) {
	239	log_error("Invalid password file %s", filename);
	240	r = -EBADMSG;
	241	goto finish;
	242	}
	243
	244	n = now(CLOCK_MONOTONIC);
	245	if (n > not_after) {
	246	r = 0;
	247	goto finish;
	248	}
	249
	250	if (arg_action == ACTION_LIST)
	251	printf("'%s' (PID %u)\n", message, pid);
	252	else if (arg_action == ACTION_WALL) {
0ddf1d3a	253	char *_wall;
ec863ba6	254
0ddf1d3a LP	255	if (asprintf(&_wall,
0ddf1d3a LP	256	"%s%sPassword entry required for \'%s\' (PID %u).\r\n"
ec863ba6	257	"Please enter password with the systemd-tty-password-agent tool!",
0ddf1d3a LP	258	wall ? wall : "",
0ddf1d3a LP	259	*wall ? "\r\n\r\n" : "",
ec863ba6 LP	260	message,
	261	pid) < 0) {
	262	log_error("Out of memory");
	263	r = -ENOMEM;
	264	goto finish;
	265	}
	266
0ddf1d3a LP	267	free(*wall);
0ddf1d3a LP	268	*wall = _wall;
ec863ba6 LP	269	} else {
	270	union {
	271	struct sockaddr sa;
	272	struct sockaddr_un un;
	273	} sa;
	274	char *password;
	275
	276	assert(arg_action == ACTION_QUERY \|\|
	277	arg_action == ACTION_WATCH);
	278
	279	if (access(socket_name, W_OK) < 0) {
	280
	281	if (arg_action == ACTION_QUERY)
	282	log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);
	283
	284	r = 0;
	285	goto finish;
	286	}
	287
e5ebf783 LP	288	if (arg_plymouth)
	289	r = ask_password_plymouth(message, not_after, filename, &password);
	290	else
	291	r = ask_password_tty(message, not_after, filename, &password);
	292
	293	if (r < 0) {
	294	log_error("Failed to query password: %s", strerror(-r));
ec863ba6 LP	295	goto finish;
	296	}
	297
	298	asprintf(&packet, "+%s", password);
	299	free(password);
	300
	301	if (!packet) {
	302	log_error("Out of memory");
	303	r = -ENOMEM;
	304	goto finish;
	305	}
	306
	307	if ((socket_fd = socket(AF_UNIX, SOCK_DGRAM\|SOCK_CLOEXEC, 0)) < 0) {
	308	log_error("socket(): %m");
	309	r = -errno;
	310	goto finish;
	311	}
	312
	313	zero(sa);
	314	sa.un.sun_family = AF_UNIX;
	315	strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));
	316
	317	if (sendto(socket_fd, packet, strlen(packet), MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
	318	log_error("Failed to send: %m");
	319	r = -errno;
	320	goto finish;
	321	}
	322	}
	323
	324	finish:
	325	fclose(f);
	326
	327	if (socket_fd >= 0)
	328	close_nointr_nofail(socket_fd);
	329
	330	free(packet);
	331	free(socket_name);
	332	free(message);
	333
	334	return r;
	335	}
	336
	337	static int show_passwords(void) {
	338	DIR *d;
	339	struct dirent *de;
	340	int r = 0;
	341
	342	if (!(d = opendir("/dev/.systemd/ask-password"))) {
	343	if (errno == ENOENT)
	344	return 0;
	345
	346	log_error("opendir(): %m");
	347	return -errno;
	348	}
	349
	350	while ((de = readdir(d))) {
	351	char *p;
	352	int q;
0ddf1d3a	353	char *wall;
ec863ba6 LP	354
	355	if (de->d_type != DT_REG)
	356	continue;
	357
	358	if (ignore_file(de->d_name))
	359	continue;
	360
	361	if (!startswith(de->d_name, "ask."))
	362	continue;
	363
	364	if (!(p = strappend("/dev/.systemd/ask-password/", de->d_name))) {
	365	log_error("Out of memory");
	366	r = -ENOMEM;
	367	goto finish;
	368	}
	369
0ddf1d3a LP	370	wall = NULL;
0ddf1d3a LP	371	if ((q = parse_password(p, &wall)) < 0)
ec863ba6 LP	372	r = q;
	373
	374	free(p);
0ddf1d3a LP	375
	376	if (wall) {
	377	utmp_wall(wall);
	378	free(wall);
	379	}
ec863ba6 LP	380	}
	381
	382	finish:
	383	if (d)
	384	closedir(d);
	385
	386	return r;
	387	}
	388
	389	static int watch_passwords(void) {
b9ba604e LP	390	enum {
	391	FD_INOTIFY,
	392	FD_SIGNAL,
	393	_FD_MAX
	394	};
	395
	396	int notify = -1, signal_fd = -1;
	397	struct pollfd pollfd[_FD_MAX];
	398	sigset_t mask;
ec863ba6 LP	399	int r;
	400
	401	mkdir_p("/dev/.systemd/ask-password", 0755);
	402
	403	if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
	404	r = -errno;
	405	goto finish;
	406	}
	407
	408	if (inotify_add_watch(notify, "/dev/.systemd/ask-password", IN_CLOSE_WRITE\|IN_MOVED_TO) < 0) {
	409	r = -errno;
	410	goto finish;
	411	}
	412
b9ba604e LP	413	assert_se(sigemptyset(&mask) == 0);
	414	sigset_add_many(&mask, SIGINT, SIGTERM, -1);
	415	assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
	416
	417	if ((signal_fd = signalfd(-1, &mask, SFD_NONBLOCK\|SFD_CLOEXEC)) < 0) {
	418	log_error("signalfd(): %m");
	419	r = -errno;
	420	goto finish;
	421	}
	422
ec863ba6	423	zero(pollfd);
b9ba604e LP	424	pollfd[FD_INOTIFY].fd = notify;
	425	pollfd[FD_INOTIFY].events = POLLIN;
	426	pollfd[FD_SIGNAL].fd = signal_fd;
	427	pollfd[FD_SIGNAL].events = POLLIN;
ec863ba6 LP	428
	429	for (;;) {
	430	if ((r = show_passwords()) < 0)
	431	break;
	432
b9ba604e	433	if (poll(pollfd, _FD_MAX, -1) < 0) {
ec863ba6 LP	434
	435	if (errno == EINTR)
	436	continue;
	437
	438	r = -errno;
	439	goto finish;
	440	}
	441
b9ba604e	442	if (pollfd[FD_INOTIFY].revents != 0)
ec863ba6	443	flush_fd(notify);
b9ba604e LP	444
	445	if (pollfd[FD_SIGNAL].revents != 0)
	446	break;
ec863ba6 LP	447	}
	448
	449	r = 0;
	450
	451	finish:
	452	if (notify >= 0)
	453	close_nointr_nofail(notify);
	454
b9ba604e LP	455	if (signal_fd >= 0)
	456	close_nointr_nofail(signal_fd);
	457
ec863ba6 LP	458	return r;
	459	}
	460
	461	static int help(void) {
	462
	463	printf("%s [OPTIONS...]\n\n"
	464	"Process system password requests.\n\n"
e5ebf783 LP	465	" -h --help Show this help\n"
	466	" --list Show pending password requests\n"
	467	" --query Process pending password requests\n"
	468	" --watch Continously process password requests\n"
	469	" --wall Continously forward password requests to wall\n"
	470	" --plymouth Ask question with Plymouth instead of on TTY\n",
ec863ba6 LP	471	program_invocation_short_name);
	472
	473	return 0;
	474	}
	475
	476	static int parse_argv(int argc, char *argv[]) {
	477
	478	enum {
	479	ARG_LIST = 0x100,
	480	ARG_QUERY,
	481	ARG_WATCH,
	482	ARG_WALL,
e5ebf783	483	ARG_PLYMOUTH
ec863ba6 LP	484	};
	485
	486	static const struct option options[] = {
e5ebf783 LP	487	{ "help", no_argument, NULL, 'h' },
	488	{ "list", no_argument, NULL, ARG_LIST },
	489	{ "query", no_argument, NULL, ARG_QUERY },
	490	{ "watch", no_argument, NULL, ARG_WATCH },
	491	{ "wall", no_argument, NULL, ARG_WALL },
	492	{ "plymouth", no_argument, NULL, ARG_PLYMOUTH },
	493	{ NULL, 0, NULL, 0 }
ec863ba6 LP	494	};
	495
	496	int c;
	497
	498	assert(argc >= 0);
	499	assert(argv);
	500
	501	while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
	502
	503	switch (c) {
	504
	505	case 'h':
	506	help();
	507	return 0;
	508
	509	case ARG_LIST:
	510	arg_action = ACTION_LIST;
	511	break;
	512
	513	case ARG_QUERY:
	514	arg_action = ACTION_QUERY;
	515	break;
	516
	517	case ARG_WATCH:
	518	arg_action = ACTION_WATCH;
	519	break;
	520
	521	case ARG_WALL:
	522	arg_action = ACTION_WALL;
	523	break;
	524
e5ebf783 LP	525	case ARG_PLYMOUTH:
	526	arg_plymouth = true;
	527	break;
	528
ec863ba6 LP	529	case '?':
	530	return -EINVAL;
	531
	532	default:
	533	log_error("Unknown option code %c", c);
	534	return -EINVAL;
	535	}
	536	}
	537
	538	if (optind != argc) {
	539	help();
	540	return -EINVAL;
	541	}
	542
	543	return 1;
	544	}
	545
	546	int main(int argc, char *argv[]) {
	547	int r;
	548
	549	log_parse_environment();
	550	log_open();
	551
	552	if ((r = parse_argv(argc, argv)) <= 0)
	553	goto finish;
	554
	555	if (arg_action == ACTION_WATCH \|\|
	556	arg_action == ACTION_WALL)
	557	r = watch_passwords();
	558	else
	559	r = show_passwords();
	560
	561	finish:
	562	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	563	}